Security Advisory Low: Red Hat Directory Server security and bug fix update

Advisory: RHSA-2013:0549-1
Type: Security Advisory
Severity: Low
Issued on: 2013-02-21
Last updated on: 2013-02-21
Affected Products: Red Hat Directory Server v8 EL5
CVEs ( CVE-2012-0833


Updated Red Hat Directory Server and related packages that fix one security
issue and multiple bugs are now available for Red Hat Directory Server 8.2.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The redhat-ds-base packages provide Red Hat Directory Server, which is an
LDAPv3 compliant server. The base packages include the Lightweight
Directory Access Protocol (LDAP) server and command-line utilities for
server administration.

A flaw was found in the way the 389 Directory Server daemon (ns-slapd)
handled access control instructions (ACIs) using certificate groups. If an
LDAP user that had a certificate group defined attempted to bind to the
directory server, it would cause ns-slapd to enter an infinite loop and
consume an excessive amount of CPU time. (CVE-2012-0833)

Red Hat would like to thank Graham Leggett for reporting this issue.

This update also fixes the following bugs:

* Search with a complex filter that included a range search filter was
slow. (BZ#853004)

* If the server was restarted, or there was some type of connection
failure, it was possible that users were no longer able to log into the
console. Manual action is required to apply this fix: You must add an aci
to each "cn=Server Group" entry in "o=netscaperoot", that allows
anonymous/all users read/search rights. (BZ#856089)

* With replication enabled, trying to replace an existing value, where the
new value only differs in case (for example, changing "cn: foo" to "cn:
FOO"), resulted in the operation failing with an error 20. (BZ#891866)

All users of Red Hat Directory Server 8.2 should upgrade to these updated
packages, which resolve these issues.


Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

Updated packages

Red Hat Directory Server v8 EL5

adminutil-1.1.8-3.el5dsrv.src.rpm     MD5: 7761b2479530775dfca112d147570129
SHA-256: de988986bcb3824f1af14bab5aff9070cde8d730c41fa75d8290aa2fd79104a7
File outdated by:  RHBA-2014:1185
    MD5: 62900329dceae2bec8fa7048b64dba4a
SHA-256: fe14107f8731b19a29593a49ad9c8d2f0e3e85b85b7392ff921f05a8f3e00504
adminutil-1.1.8-3.el5dsrv.i386.rpm     MD5: 7b246171676a11e7d6b019d5d9a0b1c9
SHA-256: 867ab75c5b5d96ff3c5e174a1d924ab5b95fc909e0cac76e121bb5a6b0da4d9b
adminutil-devel-1.1.8-3.el5dsrv.i386.rpm     MD5: 94ef4828c3ca6d0c918a46757f1629cd
SHA-256: 6ea1d0c05ff7016e21441f85090a387aabfb63884d0592ae70997dba1ef3a7c1
File outdated by:  RHBA-2014:1185
    MD5: c61bd19e83d60e6b87f65c48e0c7e466
SHA-256: 2e1021e3829d4efbf639b71653aa2287a382f2a083fd45af569b84dc06989c89
File outdated by:  RHBA-2014:1185
    MD5: bc90564cd512937fa3c427f15eb81ddc
SHA-256: cfeb18d2cc08daad6276001a35e040b9dfee1b1838ed5d152cc4e44ef33b2360
adminutil-1.1.8-3.el5dsrv.x86_64.rpm     MD5: 094022b3e870896debd3dbff8ab05b61
SHA-256: df37162304446cf704973cd4df999a90bf08e9e9717cb94ea92b1437888be48d
adminutil-devel-1.1.8-3.el5dsrv.x86_64.rpm     MD5: 5665b3ab465c3fd6b5a10b3f6fde90ac
SHA-256: 4d26be740360fe63bf410efc564ba7fec6780fed0a3b26d3e6741c0924db5074
File outdated by:  RHBA-2014:1185
    MD5: d542ad13332b8f7294499364a9d1d686
SHA-256: bc120398ae057c8898ebe3fd1649e233612cb1eb0c7d772ee51356d246e0ac28
File outdated by:  RHBA-2014:1185
    MD5: 32f1111d52a686d531c51aac7ffe28d4
SHA-256: 349e5442a86c538314193542bc90d3e4f825f0e588df46664b72593bb57cf06e
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

787014 - CVE-2012-0833 389: denial of service when using certificate groups


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at