Security Advisory Important: 389-ds-base security and bug fix update

Advisory: RHSA-2017:0893-1
Type: Security Advisory
Severity: Important
Issued on: 2017-04-11
Last updated on: 2017-04-11
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2017-2668

Details

An update for 389-ds-base is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base
packages include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.

Security Fix(es):

* An invalid pointer dereference flaw was found in the way 389-ds-base handled
LDAP bind requests. A remote unauthenticated attacker could use this flaw to
make ns-slapd crash via a specially crafted LDAP bind request, resulting in
denial of service. (CVE-2017-2668)

Red Hat would like to thank Joachim Jabs (F24) for reporting this issue.

Bug Fix(es):

* Previously, the "deref" plug-in failed to dereference attributes that use
distinguished name (DN) syntax, such as "uniqueMember". With this patch, the
"deref" plug-in can dereference such attributes and additionally "Name and
Optional UID" syntax. As a result, the "deref" plug-in now supports any syntax.
(BZ#1435365)


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the 389 server service will be restarted
automatically.

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
389-ds-base-1.2.11.15-91.el6_9.src.rpm     MD5: 9b4c7ce480019f54ea7b237a80f37c65
SHA-256: 3167af0d4eb76f03f03f034b66d0a41fe0a5b9c71ecbac500f5bb761e9bf2652
 
IA-32:
389-ds-base-1.2.11.15-91.el6_9.i686.rpm     MD5: a9adb52bd3be6808ad79c33cb815fb01
SHA-256: 248fb28c2e6f59fd375fb01958da022424fb4c88efdf6f07eb2018c75f48645a
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm     MD5: dfda8fc7e4a892ab64d8d9e27db5057d
SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm     MD5: 6d2699e051786f87995c21ec592d7a62
SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm     MD5: cf0f5069a55eef3816e5601869fee383
SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54
 
x86_64:
389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 075cecbc1c9d3b0eb944442f2907702b
SHA-256: 7647d7978be9793f1685020ef7d73217c884737486734083ff521ac400adb31f
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm     MD5: dfda8fc7e4a892ab64d8d9e27db5057d
SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc
389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm     MD5: b86b0a662ef26a3fb57bb17939fe213a
SHA-256: 5105cc8df848c6fa91b0c550f1d7510cd1f2185784d62229c485c593f3b83142
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm     MD5: 6d2699e051786f87995c21ec592d7a62
SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c
389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 72cf63a845dda287edf2dc289442f90a
SHA-256: 3b0eebf22eb1951a188296c16709bcc21d2d5a0039427f2dbdc1ff5e02056bd0
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm     MD5: cf0f5069a55eef3816e5601869fee383
SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54
389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 76e00d0f9f9a5ab4de6a970ddfbe2b93
SHA-256: 8e3f1c45196495b95ec5c3dc9416ce02a6fb1221e35ef71c382ff3eda7abca73
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
389-ds-base-1.2.11.15-91.el6_9.src.rpm     MD5: 9b4c7ce480019f54ea7b237a80f37c65
SHA-256: 3167af0d4eb76f03f03f034b66d0a41fe0a5b9c71ecbac500f5bb761e9bf2652
 
x86_64:
389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 075cecbc1c9d3b0eb944442f2907702b
SHA-256: 7647d7978be9793f1685020ef7d73217c884737486734083ff521ac400adb31f
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm     MD5: dfda8fc7e4a892ab64d8d9e27db5057d
SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc
389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm     MD5: b86b0a662ef26a3fb57bb17939fe213a
SHA-256: 5105cc8df848c6fa91b0c550f1d7510cd1f2185784d62229c485c593f3b83142
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm     MD5: 6d2699e051786f87995c21ec592d7a62
SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c
389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 72cf63a845dda287edf2dc289442f90a
SHA-256: 3b0eebf22eb1951a188296c16709bcc21d2d5a0039427f2dbdc1ff5e02056bd0
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm     MD5: cf0f5069a55eef3816e5601869fee383
SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54
389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 76e00d0f9f9a5ab4de6a970ddfbe2b93
SHA-256: 8e3f1c45196495b95ec5c3dc9416ce02a6fb1221e35ef71c382ff3eda7abca73
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
389-ds-base-1.2.11.15-91.el6_9.src.rpm     MD5: 9b4c7ce480019f54ea7b237a80f37c65
SHA-256: 3167af0d4eb76f03f03f034b66d0a41fe0a5b9c71ecbac500f5bb761e9bf2652
 
IA-32:
389-ds-base-1.2.11.15-91.el6_9.i686.rpm     MD5: a9adb52bd3be6808ad79c33cb815fb01
SHA-256: 248fb28c2e6f59fd375fb01958da022424fb4c88efdf6f07eb2018c75f48645a
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm     MD5: dfda8fc7e4a892ab64d8d9e27db5057d
SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm     MD5: 6d2699e051786f87995c21ec592d7a62
SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm     MD5: cf0f5069a55eef3816e5601869fee383
SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54
 
x86_64:
389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 075cecbc1c9d3b0eb944442f2907702b
SHA-256: 7647d7978be9793f1685020ef7d73217c884737486734083ff521ac400adb31f
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm     MD5: dfda8fc7e4a892ab64d8d9e27db5057d
SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc
389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm     MD5: b86b0a662ef26a3fb57bb17939fe213a
SHA-256: 5105cc8df848c6fa91b0c550f1d7510cd1f2185784d62229c485c593f3b83142
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm     MD5: 6d2699e051786f87995c21ec592d7a62
SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c
389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 72cf63a845dda287edf2dc289442f90a
SHA-256: 3b0eebf22eb1951a188296c16709bcc21d2d5a0039427f2dbdc1ff5e02056bd0
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm     MD5: cf0f5069a55eef3816e5601869fee383
SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54
389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 76e00d0f9f9a5ab4de6a970ddfbe2b93
SHA-256: 8e3f1c45196495b95ec5c3dc9416ce02a6fb1221e35ef71c382ff3eda7abca73
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
389-ds-base-1.2.11.15-91.el6_9.src.rpm     MD5: 9b4c7ce480019f54ea7b237a80f37c65
SHA-256: 3167af0d4eb76f03f03f034b66d0a41fe0a5b9c71ecbac500f5bb761e9bf2652
 
IA-32:
389-ds-base-1.2.11.15-91.el6_9.i686.rpm     MD5: a9adb52bd3be6808ad79c33cb815fb01
SHA-256: 248fb28c2e6f59fd375fb01958da022424fb4c88efdf6f07eb2018c75f48645a
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm     MD5: dfda8fc7e4a892ab64d8d9e27db5057d
SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm     MD5: 6d2699e051786f87995c21ec592d7a62
SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm     MD5: cf0f5069a55eef3816e5601869fee383
SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54
 
x86_64:
389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 075cecbc1c9d3b0eb944442f2907702b
SHA-256: 7647d7978be9793f1685020ef7d73217c884737486734083ff521ac400adb31f
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm     MD5: dfda8fc7e4a892ab64d8d9e27db5057d
SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc
389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm     MD5: b86b0a662ef26a3fb57bb17939fe213a
SHA-256: 5105cc8df848c6fa91b0c550f1d7510cd1f2185784d62229c485c593f3b83142
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm     MD5: 6d2699e051786f87995c21ec592d7a62
SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c
389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 72cf63a845dda287edf2dc289442f90a
SHA-256: 3b0eebf22eb1951a188296c16709bcc21d2d5a0039427f2dbdc1ff5e02056bd0
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm     MD5: cf0f5069a55eef3816e5601869fee383
SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54
389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm     MD5: 76e00d0f9f9a5ab4de6a970ddfbe2b93
SHA-256: 8e3f1c45196495b95ec5c3dc9416ce02a6fb1221e35ef71c382ff3eda7abca73
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1435365 - Unable to dereference unqiemember attribute because it is dn [#UID] not dn syntax
1436575 - CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/