Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-0503)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.123707

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2013-0503)

Resumen: The remote host is missing an update for the '389-ds-base' package(s) announced via the ELSA-2013-0503 advisory.

Descripción: Summary:
The remote host is missing an update for the '389-ds-base' package(s) announced via the ELSA-2013-0503 advisory.

Vulnerability Insight:
[1.2.11.15-11]
- Resolves: Bug 896256 - updating package touches configuration files

[1.2.11.15-10]
- Resolves: Bug 889083 - For modifiersName/internalModifiersName feature, internalModifiersname is not working for DNA plugin

[1.2.11.15-9]
- Resolves: Bug 891930 - DNA plugin no longer reports additional info when range is depleted

[1.2.11.15-8]
- Resolves: Bug 887855 - RootDN Access Control plugin is missing after upgrade from RHEL63 to RHEL64

[1.2.11.15-7]
- Resolves: Bug 830355 - [RFE] improve cleanruv functionality
- Resolves: Bug 876650 - Coverity revealed defects
- Ticket #20 - [RFE] Allow automember to work on entries that have already been added (Bug 768084)
- Resolves: Bug 834074 - [RFE] Disable replication agreements
- Resolves: Bug 878111 - ns-slapd segfaults if it cannot rename the logs

[1.2.11.15-6]
- Resolves: Bug 880305 - spec file missing dependencies for x86_64 6ComputeNode
- use perl-Socket6 on RHEL6

[1.2.11.15-5]
- Resolves: Bug 880305 - spec file missing dependencies for x86_64 6ComputeNode

[1.2.11.15-4]
- Resolves: Bug 868841 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error
- Resolves: Bug 868853 - Winsync: DS error logs report wrong version of Windows AD when winsync is configured.
- Resolves: Bug 875862 - crash in DNA if no dnamagicregen is specified
- Resolves: Bug 876694 - RedHat Directory Server crashes (segfaults) when moving ldap entry
- Resolves: Bug 876727 - Search with a complex filter including range search is slow
- Ticket #495 - internalModifiersname not updated by DNA plugin (Bug 834053)

[1.2.11.15-3]
- Resolves: Bug 870158 - slapd entered to infinite loop during new index addition
- Resolves: Bug 870162 - Cannot abandon simple paged result search
- c970af0 Coverity defects
- 1ac087a Fixing compiler warnings in the posix-winsync plugin
- 2f960e4 Coverity defects
- Ticket #491 - multimaster_extop_cleanruv returns wrong error codes

[1.2.11.15-2]
- Resolves: Bug 834063 [RFE] enable attribute that tracks when a password was last set on an entry in the LDAP store, Ticket #478 passwordTrackUpdateTime stops working with subtree password policies
- Resolves: Bug 847868 [RFE] support posix schema for user and group sync, Ticket #481 expand nested posix groups
- Resolves: Bug 860772 Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl
- Resolves: Bug 863576 Dirsrv deadlock locking up IPA
- Resolves: Bug 864594 anonymous limits are being applied to directory manager

[1.2.11.15-1]
- Resolves: Bug 856657 dirsrv init script returns 0 even when few or all instances fail to start
- Resolves: Bug 858580 389 prevents from adding a posixaccount with userpassword after schema reload

[1.2.11.14-1]
- Resolves: Bug 852202 Ipa master system initiated more than a dozen simultaneous replication sessions, shut itself down and wiped out its db
- Resolves: Bug 855438 CLEANALLRUV ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'389-ds-base' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4450
50713
http://secunia.com/advisories/50713
55690
http://www.securityfocus.com/bid/55690
RHSA-2013:0503
http://rhn.redhat.com/errata/RHSA-2013-0503.html
[oss-security] 20120926 CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)
http://www.openwall.com/lists/oss-security/2012/09/26/3
[oss-security] 20120926 Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)
http://www.openwall.com/lists/oss-security/2012/09/26/5
http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
https://bugzilla.redhat.com/show_bug.cgi?id=860772
https://fedorahosted.org/389/ticket/340

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.123707
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2013-0503)
Resumen:	The remote host is missing an update for the '389-ds-base' package(s) announced via the ELSA-2013-0503 advisory.
Descripción:	Summary: The remote host is missing an update for the '389-ds-base' package(s) announced via the ELSA-2013-0503 advisory. Vulnerability Insight: [1.2.11.15-11] - Resolves: Bug 896256 - updating package touches configuration files [1.2.11.15-10] - Resolves: Bug 889083 - For modifiersName/internalModifiersName feature, internalModifiersname is not working for DNA plugin [1.2.11.15-9] - Resolves: Bug 891930 - DNA plugin no longer reports additional info when range is depleted [1.2.11.15-8] - Resolves: Bug 887855 - RootDN Access Control plugin is missing after upgrade from RHEL63 to RHEL64 [1.2.11.15-7] - Resolves: Bug 830355 - [RFE] improve cleanruv functionality - Resolves: Bug 876650 - Coverity revealed defects - Ticket #20 - [RFE] Allow automember to work on entries that have already been added (Bug 768084) - Resolves: Bug 834074 - [RFE] Disable replication agreements - Resolves: Bug 878111 - ns-slapd segfaults if it cannot rename the logs [1.2.11.15-6] - Resolves: Bug 880305 - spec file missing dependencies for x86_64 6ComputeNode - use perl-Socket6 on RHEL6 [1.2.11.15-5] - Resolves: Bug 880305 - spec file missing dependencies for x86_64 6ComputeNode [1.2.11.15-4] - Resolves: Bug 868841 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error - Resolves: Bug 868853 - Winsync: DS error logs report wrong version of Windows AD when winsync is configured. - Resolves: Bug 875862 - crash in DNA if no dnamagicregen is specified - Resolves: Bug 876694 - RedHat Directory Server crashes (segfaults) when moving ldap entry - Resolves: Bug 876727 - Search with a complex filter including range search is slow - Ticket #495 - internalModifiersname not updated by DNA plugin (Bug 834053) [1.2.11.15-3] - Resolves: Bug 870158 - slapd entered to infinite loop during new index addition - Resolves: Bug 870162 - Cannot abandon simple paged result search - c970af0 Coverity defects - 1ac087a Fixing compiler warnings in the posix-winsync plugin - 2f960e4 Coverity defects - Ticket #491 - multimaster_extop_cleanruv returns wrong error codes [1.2.11.15-2] - Resolves: Bug 834063 [RFE] enable attribute that tracks when a password was last set on an entry in the LDAP store, Ticket #478 passwordTrackUpdateTime stops working with subtree password policies - Resolves: Bug 847868 [RFE] support posix schema for user and group sync, Ticket #481 expand nested posix groups - Resolves: Bug 860772 Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl - Resolves: Bug 863576 Dirsrv deadlock locking up IPA - Resolves: Bug 864594 anonymous limits are being applied to directory manager [1.2.11.15-1] - Resolves: Bug 856657 dirsrv init script returns 0 even when few or all instances fail to start - Resolves: Bug 858580 389 prevents from adding a posixaccount with userpassword after schema reload [1.2.11.14-1] - Resolves: Bug 852202 Ipa master system initiated more than a dozen simultaneous replication sessions, shut itself down and wiped out its db - Resolves: Bug 855438 CLEANALLRUV ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: '389-ds-base' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4450 50713 http://secunia.com/advisories/50713 55690 http://www.securityfocus.com/bid/55690 RHSA-2013:0503 http://rhn.redhat.com/errata/RHSA-2013-0503.html [oss-security] 20120926 CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) http://www.openwall.com/lists/oss-security/2012/09/26/3 [oss-security] 20120926 Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) http://www.openwall.com/lists/oss-security/2012/09/26/5 http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09 https://bugzilla.redhat.com/show_bug.cgi?id=860772 https://fedorahosted.org/389/ticket/340
Copyright	Copyright (C) 2015 Greenbone AG