CentOS Local Security Checks : CentOS Update for 389-ds-base CESA-2018:1380 centos7

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.882899

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for 389-ds-base CESA-2018:1380 centos7

Zusammenfassung: Check the version of 389-ds-base

Beschreibung: Summary:
Check the version of 389-ds-base

Vulnerability Insight:
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The
base packages include the Lightweight Directory Access Protocol (LDAP)
server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: ns-slapd crash via large filter value in ldapsearch
(CVE-2018-1089)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Greg Kubok for reporting this issue.

Bug Fix(es):

* Indexing tasks in Directory Server contain the nsTaskStatus attribute to
monitor whether the task is completed and the database is ready to receive
updates. Before this update, the server set the value that indexing had
completed before the database was ready to receive updates. Applications
which monitor nsTaskStatus could start sending updates as soon as indexing
completed, but before the database was ready. As a consequence, the server
rejected updates with an UNWILLING_TO_PERFORM error. The problem has been
fixed. As a result, the nsTaskStatus attribute now shows that indexing is
completed after the database is ready to receive updates. (BZ#1553605)

* Previously, Directory Server did not remember when the first operation,
bind, or a connection was started. As a consequence, the server applied in
certain situations anonymous resource limits to an authenticated client.
With this update, Directory Server properly marks authenticated client
connections. As a result, it applies the correct resource limits, and
authenticated clients no longer get randomly restricted by anonymous
resource limits. (BZ#1554720)

* When debug replication logging is enabled, Directory Server incorrectly
logged an error that updating the replica update vector (RUV) failed when
in fact the update succeeded. The problem has been fixed, and the server no
longer logs an error if updating the RUV succeeds. (BZ#1559464)

* This update adds the -W option to the ds-replcheck utility. With this
option, ds-replcheck asks for the password, similar to OpenLDAP utilities.
As a result, the password is not stored in the shell's history file when
the -W option is used. (BZ#1559760)

* If an administrator moves a group in Directory Server from one subtree to
another, the memberOf plug-in deletes the memberOf attribute with the old
value and adds a new memberOf attribute with the new group's distinguished
name (DN) in affected user entries. Previously, if the old subtree was not
within the scope of the memberOf plug-in, deleting the old memberOf
attribute failed because the values ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
389-ds-base on CentOS 7

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-1089
BugTraq ID: 104137
http://www.securityfocus.com/bid/104137
https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html
RedHat Security Advisories: RHSA-2018:1364
https://access.redhat.com/errata/RHSA-2018:1364
RedHat Security Advisories: RHSA-2018:1380
https://access.redhat.com/errata/RHSA-2018:1380

Copyright Copyright (C) 2018 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.882899
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for 389-ds-base CESA-2018:1380 centos7
Zusammenfassung:	Check the version of 389-ds-base
Beschreibung:	Summary: Check the version of 389-ds-base Vulnerability Insight: 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: ns-slapd crash via large filter value in ldapsearch (CVE-2018-1089) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Greg Kubok for reporting this issue. Bug Fix(es): * Indexing tasks in Directory Server contain the nsTaskStatus attribute to monitor whether the task is completed and the database is ready to receive updates. Before this update, the server set the value that indexing had completed before the database was ready to receive updates. Applications which monitor nsTaskStatus could start sending updates as soon as indexing completed, but before the database was ready. As a consequence, the server rejected updates with an UNWILLING_TO_PERFORM error. The problem has been fixed. As a result, the nsTaskStatus attribute now shows that indexing is completed after the database is ready to receive updates. (BZ#1553605) * Previously, Directory Server did not remember when the first operation, bind, or a connection was started. As a consequence, the server applied in certain situations anonymous resource limits to an authenticated client. With this update, Directory Server properly marks authenticated client connections. As a result, it applies the correct resource limits, and authenticated clients no longer get randomly restricted by anonymous resource limits. (BZ#1554720) * When debug replication logging is enabled, Directory Server incorrectly logged an error that updating the replica update vector (RUV) failed when in fact the update succeeded. The problem has been fixed, and the server no longer logs an error if updating the RUV succeeds. (BZ#1559464) * This update adds the -W option to the ds-replcheck utility. With this option, ds-replcheck asks for the password, similar to OpenLDAP utilities. As a result, the password is not stored in the shell's history file when the -W option is used. (BZ#1559760) * If an administrator moves a group in Directory Server from one subtree to another, the memberOf plug-in deletes the memberOf attribute with the old value and adds a new memberOf attribute with the new group's distinguished name (DN) in affected user entries. Previously, if the old subtree was not within the scope of the memberOf plug-in, deleting the old memberOf attribute failed because the values ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: 389-ds-base on CentOS 7 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1089 BugTraq ID: 104137 http://www.securityfocus.com/bid/104137 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html RedHat Security Advisories: RHSA-2018:1364 https://access.redhat.com/errata/RHSA-2018:1364 RedHat Security Advisories: RHSA-2018:1380 https://access.redhat.com/errata/RHSA-2018:1380
Copyright	Copyright (C) 2018 Greenbone AG