-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: redhat-ds:11.3 security and bug fix update Advisory ID: RHSA-2022:0952-01 Product: Red Hat Directory Server Advisory URL: https://access.redhat.com/errata/RHSA-2022:0952 Issue date: 2022-03-16 CVE Names: CVE-2021-3514 CVE-2021-4091 ==================================================================== 1. Summary: An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.3 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Directory Server 11.3 for RHEL 8 - noarch, x86_64 3. Description: Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration. Security Fix(es): * 389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control() (CVE-2021-3514) * 389-ds-base: double-free of the virtual attribute context in persistent search (CVE-2021-4091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * ACIs are being evaluated against the Replication Manager account in a replication context. (BZ#2022086) * A connection can be erroneously flagged as replication conn during evaluation of an aci with ip bind rule (BZ#2022090) * DB corruption "_entryrdn_insert_key - Same DN (dn: nsuniqueid˙ffffff-ffffffff-ffffffff-ffffffff,) is already in the entryrdn file" (BZ#2022686) * CLI needs option to set nsslapd-state (BZ#2040794) Users of Red Hat Directory Server 11 are advised to install these updated packages. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1952907 - CVE-2021-3514 389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control() 2022086 - ACIs are being evaluated against the Replication Manager account in a replication context. 2022090 - A connection can be erroneously flagged as replication conn during evaluation of an aci with ip bind rule 2022686 - DB corruption "_entryrdn_insert_key - Same DN (dn: nsuniqueid˙ffffff-ffffffff-ffffffff-ffffffff,) is already in the entryrdn file" 2030307 - CVE-2021-4091 389-ds-base: double free of the virtual attribute context in persistent search 2040794 - CLI needs option to set nsslapd-state 6. Package List: Red Hat Directory Server 11.3 for RHEL 8: Source: 389-ds-base-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.src.rpm noarch: cockpit-389-ds-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.noarch.rpm python3-lib389-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.noarch.rpm x86_64: 389-ds-base-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm 389-ds-base-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm 389-ds-base-debugsource-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm 389-ds-base-devel-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm 389-ds-base-legacy-tools-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm 389-ds-base-legacy-tools-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm 389-ds-base-libs-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm 389-ds-base-libs-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm 389-ds-base-snmp-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm 389-ds-base-snmp-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3514 https://access.redhat.com/security/cve/CVE-2021-4091 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYjJSBNzjgjWX9erEAQhyow//aeqRJu4K3K7Gcb6KzoIgtyOtn3C5vFZl zMycZgdvYSzobixwrA/0IShzaRcFBIwMNr7fp34lAvaK+5JYTAI5mAXf87eEd3Gr eHsIUf227rDpVcVGZ1QuaBQB1DkaSsiMluW2WoVgAKH5Wn6xgLoJ1HXebstWZAzC crVMNthUMZSaKGg6CCCwRKIjAXAPUh/aTPghX/485YKX+GgUVcWOV6tXt97M/+yL yrsq3ELFMnCC9/jOX9LIGtmF15qo00bCOIpszV2MyFcS6n8g4C1lHzsazR60+9lH Z7xSTAKi+DGszsbxmxgZe/LN8O4Z1J5v/Jn2X3AM56MJyWBcDzj3jd2D7WeQCk+k 3pOmY/ozFS/OeUaRE04v/4ob7aEihy2HMczDtKZurSDqnT/vEPuhrFPD7jcQfazm rdBc79/vdz0V6Qr7olimNm3ENtGTO1TrdhUnqC4f0tRnIo/Fi2ugH3Dmm2AH0l0+ /NzBaBXkK+MnghSzbU12dRw6AYD8M0foYH6hbb1LEFnhee8oyuspRKkKRIzXgtmv A8VolnLJ2EtFAuLTP1CEnJmK/qmFz7iSVZk7xuuWO7x6nkw0+elSP7drwWubBDhY Al9UAMjYrfOr0IO7PKKfEbmC2Qch0amHjJs9Uwaitf/vIAp2aZJtgF6PeL88iRs0 w5oW4H2QcRI=pUiZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce