Skip to navigation

Security Advisory Low: 389-ds-base security and bug fix update

Advisory: RHSA-2013:0742-2
Type: Security Advisory
Severity: Low
Issued on: 2013-04-15
Last updated on: 2013-04-15
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.4)
Red Hat Enterprise Linux Server EUS (v. 6.4.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-1897

Details

Updated 389-ds-base packages that fix one security issue and several bugs
are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.

It was found that the 389 Directory Server did not properly restrict access
to entries when the "nsslapd-allow-anonymous-access" configuration setting
was set to "rootdse". An anonymous user could connect to the LDAP database
and, if the search scope is set to BASE, obtain access to information
outside of the rootDSE. (CVE-2013-1897)

This issue was discovered by Martin Kosek of Red Hat.

This update also fixes the following bugs:

* Previously, the schema-reload plug-in was not thread-safe. Consequently,
executing the schema-reload.pl script under heavy load could have caused
the ns-slapd process to terminate unexpectedly with a segmentation fault.
Currently, the schema-reload plug-in is re-designed so that it is
thread-safe, and the schema-reload.pl script can be executed along with
other LDAP operations. (BZ#929107)

* An out of scope problem for a local variable, in some cases, caused the
modrdn operation to terminate unexpectedly with a segmentation fault. This
update declares the local variable at the proper place of the function so
it does not go out of scope, and the modrdn operation no longer crashes.
(BZ#929111)

* A task manually constructed an exact value to be removed from the
configuration if the "replica-force-cleaning" option was used.
Consequently, the task configuration was not cleaned up, and every time the
server was restarted, the task behaved in the described manner. This update
searches the configuration for the exact value to delete, instead of
manually building the value, and the task does not restart when the server
is restarted. (BZ#929114)

* Previously, a NULL pointer dereference could have occurred when
attempting to get effective rights on an entry that did not exist, leading
to an unexpected termination due to a segmentation fault. This update
checks for NULL entry pointers and returns the appropriate error. Now,
attempts to get effective rights on an entry that does not exist no longer
causes crashes, and the server returns the appropriate error message.
(BZ#929115)

* A problem in the lock timing in the DNA plug-in caused a deadlock if the
DNA operation was executed with other plug-ins. This update moves the
release timing of the problematic lock, and the DNA plug-in does not cause
the deadlock. (BZ#929196)

All 389-ds-base users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
this update, the 389 server service will be restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
389-ds-base-1.2.11.15-14.el6_4.src.rpm
File outdated by:  RHSA-2014:0292
    MD5: 53beb15e9aeeda9a5d4e40ed086ca9a4
SHA-256: f534cf2f10cadc9dba143baf57b14241e05d52bdcda4880546d24c56d45bdaca
 
IA-32:
389-ds-base-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 322a0e5551b319389647a35438e36c62
SHA-256: 17f99dc8f8aca413231b4c7829d65ebfb7fb45a32aa5b42add8ecd04a8419fd5
389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 61ae380ebf9ba6952475c27aa5b5f685
SHA-256: f5d5f02e1406a17bb9a21f369f9550439631e54a30bacf28ffeb2b570747997a
389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 63b9e4f9c58d8a81f2ade5d7657ab091
SHA-256: 229bb6cd9b709f8683989a0e88f15644c4d5bf77a1d4d2cecc21a1244e3d71c8
389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 6816f6bdbac0409351a47ac9267feb1b
SHA-256: 0a91db0cdd0aeffdad8c36bdcc682da007d777f66633c91e45d31d980385d774
 
x86_64:
389-ds-base-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 401a60d1dfd2ed6584a9ad1e52bfb058
SHA-256: 505830d2a94b1911f0a52384a1f32f417a930bb2461cc450922d12f884bc3f81
389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 61ae380ebf9ba6952475c27aa5b5f685
SHA-256: f5d5f02e1406a17bb9a21f369f9550439631e54a30bacf28ffeb2b570747997a
389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: e6f1efb4497b41b7be08441bb56b37f6
SHA-256: 8f5fdaf063a1cca259bd8275a419f88be50b7acd2b5f2c1fe0c79a7fd17ae89a
389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 63b9e4f9c58d8a81f2ade5d7657ab091
SHA-256: 229bb6cd9b709f8683989a0e88f15644c4d5bf77a1d4d2cecc21a1244e3d71c8
389-ds-base-devel-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 32af644772113920cfcb38891c9b26be
SHA-256: 3f1bc9ae9fa69913d23c1d77b3d84a09260316df14d3b71c3e1d467750c22537
389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 6816f6bdbac0409351a47ac9267feb1b
SHA-256: 0a91db0cdd0aeffdad8c36bdcc682da007d777f66633c91e45d31d980385d774
389-ds-base-libs-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: ada91f039b744822039a6bd590371372
SHA-256: 9be4d3cface49611e4c152067e1737d61b67a4d5d0d6d176ea04f13b4e2dee5b
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
389-ds-base-1.2.11.15-14.el6_4.src.rpm
File outdated by:  RHSA-2014:0292
    MD5: 53beb15e9aeeda9a5d4e40ed086ca9a4
SHA-256: f534cf2f10cadc9dba143baf57b14241e05d52bdcda4880546d24c56d45bdaca
 
x86_64:
389-ds-base-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 401a60d1dfd2ed6584a9ad1e52bfb058
SHA-256: 505830d2a94b1911f0a52384a1f32f417a930bb2461cc450922d12f884bc3f81
389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 61ae380ebf9ba6952475c27aa5b5f685
SHA-256: f5d5f02e1406a17bb9a21f369f9550439631e54a30bacf28ffeb2b570747997a
389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: e6f1efb4497b41b7be08441bb56b37f6
SHA-256: 8f5fdaf063a1cca259bd8275a419f88be50b7acd2b5f2c1fe0c79a7fd17ae89a
389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 63b9e4f9c58d8a81f2ade5d7657ab091
SHA-256: 229bb6cd9b709f8683989a0e88f15644c4d5bf77a1d4d2cecc21a1244e3d71c8
389-ds-base-devel-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 32af644772113920cfcb38891c9b26be
SHA-256: 3f1bc9ae9fa69913d23c1d77b3d84a09260316df14d3b71c3e1d467750c22537
389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 6816f6bdbac0409351a47ac9267feb1b
SHA-256: 0a91db0cdd0aeffdad8c36bdcc682da007d777f66633c91e45d31d980385d774
389-ds-base-libs-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: ada91f039b744822039a6bd590371372
SHA-256: 9be4d3cface49611e4c152067e1737d61b67a4d5d0d6d176ea04f13b4e2dee5b
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
389-ds-base-1.2.11.15-14.el6_4.src.rpm
File outdated by:  RHSA-2014:0292
    MD5: 53beb15e9aeeda9a5d4e40ed086ca9a4
SHA-256: f534cf2f10cadc9dba143baf57b14241e05d52bdcda4880546d24c56d45bdaca
 
IA-32:
389-ds-base-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 322a0e5551b319389647a35438e36c62
SHA-256: 17f99dc8f8aca413231b4c7829d65ebfb7fb45a32aa5b42add8ecd04a8419fd5
389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 61ae380ebf9ba6952475c27aa5b5f685
SHA-256: f5d5f02e1406a17bb9a21f369f9550439631e54a30bacf28ffeb2b570747997a
389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 63b9e4f9c58d8a81f2ade5d7657ab091
SHA-256: 229bb6cd9b709f8683989a0e88f15644c4d5bf77a1d4d2cecc21a1244e3d71c8
389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 6816f6bdbac0409351a47ac9267feb1b
SHA-256: 0a91db0cdd0aeffdad8c36bdcc682da007d777f66633c91e45d31d980385d774
 
x86_64:
389-ds-base-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 401a60d1dfd2ed6584a9ad1e52bfb058
SHA-256: 505830d2a94b1911f0a52384a1f32f417a930bb2461cc450922d12f884bc3f81
389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 61ae380ebf9ba6952475c27aa5b5f685
SHA-256: f5d5f02e1406a17bb9a21f369f9550439631e54a30bacf28ffeb2b570747997a
389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: e6f1efb4497b41b7be08441bb56b37f6
SHA-256: 8f5fdaf063a1cca259bd8275a419f88be50b7acd2b5f2c1fe0c79a7fd17ae89a
389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 63b9e4f9c58d8a81f2ade5d7657ab091
SHA-256: 229bb6cd9b709f8683989a0e88f15644c4d5bf77a1d4d2cecc21a1244e3d71c8
389-ds-base-devel-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 32af644772113920cfcb38891c9b26be
SHA-256: 3f1bc9ae9fa69913d23c1d77b3d84a09260316df14d3b71c3e1d467750c22537
389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 6816f6bdbac0409351a47ac9267feb1b
SHA-256: 0a91db0cdd0aeffdad8c36bdcc682da007d777f66633c91e45d31d980385d774
389-ds-base-libs-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: ada91f039b744822039a6bd590371372
SHA-256: 9be4d3cface49611e4c152067e1737d61b67a4d5d0d6d176ea04f13b4e2dee5b
 
Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
389-ds-base-1.2.11.15-14.el6_4.src.rpm
File outdated by:  RHSA-2014:0292
    MD5: 53beb15e9aeeda9a5d4e40ed086ca9a4
SHA-256: f534cf2f10cadc9dba143baf57b14241e05d52bdcda4880546d24c56d45bdaca
 
x86_64:
389-ds-base-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1182
    MD5: 401a60d1dfd2ed6584a9ad1e52bfb058
SHA-256: 505830d2a94b1911f0a52384a1f32f417a930bb2461cc450922d12f884bc3f81
389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2013:1182
    MD5: 61ae380ebf9ba6952475c27aa5b5f685
SHA-256: f5d5f02e1406a17bb9a21f369f9550439631e54a30bacf28ffeb2b570747997a
389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1182
    MD5: e6f1efb4497b41b7be08441bb56b37f6
SHA-256: 8f5fdaf063a1cca259bd8275a419f88be50b7acd2b5f2c1fe0c79a7fd17ae89a
389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2013:1182
    MD5: 63b9e4f9c58d8a81f2ade5d7657ab091
SHA-256: 229bb6cd9b709f8683989a0e88f15644c4d5bf77a1d4d2cecc21a1244e3d71c8
389-ds-base-devel-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1182
    MD5: 32af644772113920cfcb38891c9b26be
SHA-256: 3f1bc9ae9fa69913d23c1d77b3d84a09260316df14d3b71c3e1d467750c22537
389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2013:1182
    MD5: 6816f6bdbac0409351a47ac9267feb1b
SHA-256: 0a91db0cdd0aeffdad8c36bdcc682da007d777f66633c91e45d31d980385d774
389-ds-base-libs-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1182
    MD5: ada91f039b744822039a6bd590371372
SHA-256: 9be4d3cface49611e4c152067e1737d61b67a4d5d0d6d176ea04f13b4e2dee5b
 
Red Hat Enterprise Linux Server EUS (v. 6.4.z)

SRPMS:
389-ds-base-1.2.11.15-14.el6_4.src.rpm
File outdated by:  RHSA-2014:0292
    MD5: 53beb15e9aeeda9a5d4e40ed086ca9a4
SHA-256: f534cf2f10cadc9dba143baf57b14241e05d52bdcda4880546d24c56d45bdaca
 
IA-32:
389-ds-base-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2013:1182
    MD5: 322a0e5551b319389647a35438e36c62
SHA-256: 17f99dc8f8aca413231b4c7829d65ebfb7fb45a32aa5b42add8ecd04a8419fd5
389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2013:1182
    MD5: 61ae380ebf9ba6952475c27aa5b5f685
SHA-256: f5d5f02e1406a17bb9a21f369f9550439631e54a30bacf28ffeb2b570747997a
389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2013:1182
    MD5: 63b9e4f9c58d8a81f2ade5d7657ab091
SHA-256: 229bb6cd9b709f8683989a0e88f15644c4d5bf77a1d4d2cecc21a1244e3d71c8
389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2013:1182
    MD5: 6816f6bdbac0409351a47ac9267feb1b
SHA-256: 0a91db0cdd0aeffdad8c36bdcc682da007d777f66633c91e45d31d980385d774
 
x86_64:
389-ds-base-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1182
    MD5: 401a60d1dfd2ed6584a9ad1e52bfb058
SHA-256: 505830d2a94b1911f0a52384a1f32f417a930bb2461cc450922d12f884bc3f81
389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2013:1182
    MD5: 61ae380ebf9ba6952475c27aa5b5f685
SHA-256: f5d5f02e1406a17bb9a21f369f9550439631e54a30bacf28ffeb2b570747997a
389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1182
    MD5: e6f1efb4497b41b7be08441bb56b37f6
SHA-256: 8f5fdaf063a1cca259bd8275a419f88be50b7acd2b5f2c1fe0c79a7fd17ae89a
389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2013:1182
    MD5: 63b9e4f9c58d8a81f2ade5d7657ab091
SHA-256: 229bb6cd9b709f8683989a0e88f15644c4d5bf77a1d4d2cecc21a1244e3d71c8
389-ds-base-devel-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1182
    MD5: 32af644772113920cfcb38891c9b26be
SHA-256: 3f1bc9ae9fa69913d23c1d77b3d84a09260316df14d3b71c3e1d467750c22537
389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2013:1182
    MD5: 6816f6bdbac0409351a47ac9267feb1b
SHA-256: 0a91db0cdd0aeffdad8c36bdcc682da007d777f66633c91e45d31d980385d774
389-ds-base-libs-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2013:1182
    MD5: ada91f039b744822039a6bd590371372
SHA-256: 9be4d3cface49611e4c152067e1737d61b67a4d5d0d6d176ea04f13b4e2dee5b
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
389-ds-base-1.2.11.15-14.el6_4.src.rpm
File outdated by:  RHSA-2014:0292
    MD5: 53beb15e9aeeda9a5d4e40ed086ca9a4
SHA-256: f534cf2f10cadc9dba143baf57b14241e05d52bdcda4880546d24c56d45bdaca
 
IA-32:
389-ds-base-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 322a0e5551b319389647a35438e36c62
SHA-256: 17f99dc8f8aca413231b4c7829d65ebfb7fb45a32aa5b42add8ecd04a8419fd5
389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 61ae380ebf9ba6952475c27aa5b5f685
SHA-256: f5d5f02e1406a17bb9a21f369f9550439631e54a30bacf28ffeb2b570747997a
389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 63b9e4f9c58d8a81f2ade5d7657ab091
SHA-256: 229bb6cd9b709f8683989a0e88f15644c4d5bf77a1d4d2cecc21a1244e3d71c8
389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 6816f6bdbac0409351a47ac9267feb1b
SHA-256: 0a91db0cdd0aeffdad8c36bdcc682da007d777f66633c91e45d31d980385d774
 
x86_64:
389-ds-base-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 401a60d1dfd2ed6584a9ad1e52bfb058
SHA-256: 505830d2a94b1911f0a52384a1f32f417a930bb2461cc450922d12f884bc3f81
389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 61ae380ebf9ba6952475c27aa5b5f685
SHA-256: f5d5f02e1406a17bb9a21f369f9550439631e54a30bacf28ffeb2b570747997a
389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: e6f1efb4497b41b7be08441bb56b37f6
SHA-256: 8f5fdaf063a1cca259bd8275a419f88be50b7acd2b5f2c1fe0c79a7fd17ae89a
389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 63b9e4f9c58d8a81f2ade5d7657ab091
SHA-256: 229bb6cd9b709f8683989a0e88f15644c4d5bf77a1d4d2cecc21a1244e3d71c8
389-ds-base-devel-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: 32af644772113920cfcb38891c9b26be
SHA-256: 3f1bc9ae9fa69913d23c1d77b3d84a09260316df14d3b71c3e1d467750c22537
389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
File outdated by:  RHSA-2014:0292
    MD5: 6816f6bdbac0409351a47ac9267feb1b
SHA-256: 0a91db0cdd0aeffdad8c36bdcc682da007d777f66633c91e45d31d980385d774
389-ds-base-libs-1.2.11.15-14.el6_4.x86_64.rpm
File outdated by:  RHSA-2014:0292
    MD5: ada91f039b744822039a6bd590371372
SHA-256: 9be4d3cface49611e4c152067e1737d61b67a4d5d0d6d176ea04f13b4e2dee5b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

928105 - CVE-2013-1897 389-ds: unintended information exposure when rootdse is enabled
929111 - Crash in MODRDN
929114 - cleanAllRUV task fails to cleanup config upon completion
929115 - crash in aci evaluation


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/