Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2829
Moderate: 389-ds-base security and bug fix update
30 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: 389-ds-base
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-3883
Reference: ESB-2019.1570
Original Bulletin:
https://access.redhat.com/errata/RHSA-2019:1896
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: 389-ds-base security and bug fix update
Advisory ID: RHSA-2019:1896-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1896
Issue date: 2019-07-29
CVE Names: CVE-2019-3883
=====================================================================
1. Summary:
An update for 389-ds-base is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
3. Description:
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The
base packages include the Lightweight Directory Access Protocol (LDAP)
server and command-line utilities for server administration.
Security Fix(es):
* 389-ds-base: DoS via hanging secured connections (CVE-2019-3883)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Previously, if you were using the PAM plugin and attempted to bind as a
dn that doesn't exist, the server would crash. This has now been fixed.
(BZ#1718184)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the 389 server service will be restarted
automatically.
5. Bugs fixed (https://bugzilla.redhat.com/):
1693612 - CVE-2019-3883 389-ds-base: DoS via hanging secured connections
1718184 - segfault when using pam passthru and addn plugins together [rhel-7.6.z]
6. Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
389-ds-base-1.3.8.4-25.1.el7_6.src.rpm
x86_64:
389-ds-base-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-devel-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-libs-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-snmp-1.3.8.4-25.1.el7_6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source:
389-ds-base-1.3.8.4-25.1.el7_6.src.rpm
x86_64:
389-ds-base-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-devel-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-libs-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-snmp-1.3.8.4-25.1.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
389-ds-base-1.3.8.4-25.1.el7_6.src.rpm
ppc64le:
389-ds-base-1.3.8.4-25.1.el7_6.ppc64le.rpm
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.ppc64le.rpm
389-ds-base-libs-1.3.8.4-25.1.el7_6.ppc64le.rpm
x86_64:
389-ds-base-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-libs-1.3.8.4-25.1.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source:
389-ds-base-1.3.8.4-25.1.el7_6.src.rpm
aarch64:
389-ds-base-1.3.8.4-25.1.el7_6.aarch64.rpm
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.aarch64.rpm
389-ds-base-libs-1.3.8.4-25.1.el7_6.aarch64.rpm
ppc64le:
389-ds-base-1.3.8.4-25.1.el7_6.ppc64le.rpm
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.ppc64le.rpm
389-ds-base-libs-1.3.8.4-25.1.el7_6.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
Source:
389-ds-base-1.3.8.4-25.1.el7_6.src.rpm
ppc64:
389-ds-base-1.3.8.4-25.1.el7_6.ppc64.rpm
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.ppc64.rpm
389-ds-base-devel-1.3.8.4-25.1.el7_6.ppc64.rpm
389-ds-base-libs-1.3.8.4-25.1.el7_6.ppc64.rpm
389-ds-base-snmp-1.3.8.4-25.1.el7_6.ppc64.rpm
ppc64le:
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.ppc64le.rpm
389-ds-base-devel-1.3.8.4-25.1.el7_6.ppc64le.rpm
389-ds-base-snmp-1.3.8.4-25.1.el7_6.ppc64le.rpm
s390x:
389-ds-base-1.3.8.4-25.1.el7_6.s390x.rpm
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.s390x.rpm
389-ds-base-devel-1.3.8.4-25.1.el7_6.s390x.rpm
389-ds-base-libs-1.3.8.4-25.1.el7_6.s390x.rpm
389-ds-base-snmp-1.3.8.4-25.1.el7_6.s390x.rpm
x86_64:
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-devel-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-snmp-1.3.8.4-25.1.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
Source:
389-ds-base-1.3.8.4-25.1.el7_6.src.rpm
aarch64:
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.aarch64.rpm
389-ds-base-devel-1.3.8.4-25.1.el7_6.aarch64.rpm
389-ds-base-snmp-1.3.8.4-25.1.el7_6.aarch64.rpm
ppc64le:
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.ppc64le.rpm
389-ds-base-devel-1.3.8.4-25.1.el7_6.ppc64le.rpm
389-ds-base-snmp-1.3.8.4-25.1.el7_6.ppc64le.rpm
s390x:
389-ds-base-1.3.8.4-25.1.el7_6.s390x.rpm
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.s390x.rpm
389-ds-base-devel-1.3.8.4-25.1.el7_6.s390x.rpm
389-ds-base-libs-1.3.8.4-25.1.el7_6.s390x.rpm
389-ds-base-snmp-1.3.8.4-25.1.el7_6.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
389-ds-base-1.3.8.4-25.1.el7_6.src.rpm
x86_64:
389-ds-base-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-libs-1.3.8.4-25.1.el7_6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-devel-1.3.8.4-25.1.el7_6.x86_64.rpm
389-ds-base-snmp-1.3.8.4-25.1.el7_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-3883
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXT8OQtzjgjWX9erEAQgBnA/+PTv5jR3NhcZCoahHOw3C//Oqvc2Djd5i
+5HKz0HvbIN9d4i1o3i2UP7lOSHkKRJYl/E7nU/iH/2ac06A2O9tbEduK3uKgljA
YXUC4wLfcaOhkUW0JE1H0P2Fk7oiR0OJIAJlR/jR995WDMEcAaQNQNcBJngS1sTz
6k7ZWMUNsww5wMJZgwa+DaV4RhZx5toflZP8tuvcyWoMGdrAW9fMOmCrLiDn1QrU
yR+EWmSzIowfe3XvwSaIDvj1M0tI3pt/+f89myHWRrQ6nRtxUv0de0l5C00yHa14
sZNobNc46dHrBvNr2JWBTn4RQ4hrjb+4wwlY2GQ4FssSummw509vwHAdF1fHYHUh
z4bTkdUqgLanCn5y6AJp9yiYLOHVP8EV6zhRWh5TloX1sh/2/CTi5safn7E1JjKQ
E29TrhVQFjsFskhp0YYxeLID0IoCqKqmm8TQaB4cX3T4mZadM/pM1x+ILX9xaRTT
N2flliNTxh/Q9t72z4aRPryFYCtQe8ay5UbHtxxs3tEnM3AJm8DiFdjgXGk5A5pe
tMMCXwRGTZeG7v3RPUb0ynnA+HiNWoPlYRoyilVaYUraTNvQp2MkhvidQ+ews6Us
E9CpAF/fwWsUSmwbPXy1OEjg6xxafLaTyJpm8yuJsrzUvjd7731wFbyBPS6eK8il
0V4lUhAni9k=
=+YZN
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXT/XB2aOgq3Tt24GAQhXZg/+LNqsBsKVTPGodeYNy2H5Wboqzldvg6di
bopvaseNZz1DV8fKFxVhM6kGDFJ3dZ72XJFNcb1p/dinEbDJBPBJgWBZZjhX8JQl
25YJZNUTVykfNJqNvdDuvQWOgdOXSxbJcz+yq4urRGyOq2Dz1hEwkCJmFAW4Mqrd
+zcgYdMTxpyeRw20dUFm1QuUsFMZQuu7YcfuYyAkBoAhRTuAEi68gD5gHsIjk9zQ
4WUwLAdzxnBaikd21SLYrT7SU+FKLHsze8/NJNtmuaLWArcfQ1IGV22a4fhBV6so
wGKnbLdFp/72oCVMY5VcjyZNUS15N5+3oZIQUIXzJo/yV1IDz6SHD7qWR/d8W3BG
LmKje8Y8ekQFebMGZLJmIucnpHnPX4dmXUsy1+VQNRdJptDqq0ifs//Lj1OTQxU7
1s+83FUcw/fmizeygZ+MxasV6W7FU5xYwqJu8HJ8L1cxpnbUlcS228xHgrfHxd5T
EZnqJEIiUVU5pfkSY/OxF9JaiLrhsSisnbfl5eoQIomdkR1PZg3ccmRpOzGJN3z6
xoVJbeFzgzGWyP6AS899+O9/rHbYAlB9AaP6HLJoPEIPUm5ZencV//fxzAOc/R9l
V+L9VU5zD4fqrV5TzmOfsBz9q34O7kpuhQ+/vcgv1oFOZQEcLox/UFJC7iyRoeLY
/rCwz+i9pf4=
=6Hd6
-----END PGP SIGNATURE-----