FEDORA-2024-ac07913be8 — security update for 389-ds-base

stable

389-ds-base-3.0.4-2.fc40

FEDORA-2024-ac07913be8 created by vashirov 11 months ago for Fedora 40

Changelog

* Tue Jul 30 2024 Viktor Ashirov <vashirov@redhat.com> - 3.0.4-2
- Replace lmdb with lmdb-libs in Requires

* Tue Jul 30 2024 Viktor Ashirov <vashirov@redhat.com> - 3.0.4-1
- Update to 3.0.4
- Resolves: CVE-2024-1062 (rhbz#2261884)
- Resolves: CVE-2024-2199 (rhbz#2283632)
- Resolves: CVE-2024-3657 (rhbz#2283631)
- Resolves: CVE-2024-5953 (rhbz#2292109)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-ac07913be8

This update has been submitted for testing by vashirov.

11 months ago

This update's test gating status has been changed to 'waiting'.

11 months ago

vashirov edited this update.

11 months ago

vashirov edited this update.

11 months ago

vashirov edited this update.

New build(s):

389-ds-base-3.0.4-2.fc40

Removed build(s):

389-ds-base-3.0.4-1.fc40

Karma has been reset.

11 months ago

This update's test gating status has been changed to 'failed'.

11 months ago

This update's test gating status has been changed to 'waiting'.

11 months ago

This update's test gating status has been changed to 'passed'.

11 months ago

This update's test gating status has been changed to 'waiting'.

11 months ago

This update's test gating status has been changed to 'passed'.

11 months ago

This update has been pushed to testing.

11 months ago

This update has been submitted for stable by bodhi.

10 months ago

This update has been pushed to stable.

10 months ago

Please log in to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

passed

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

14 days

Dates

submitted

11 months ago

in testing

11 months ago

in stable

10 months ago

modified

11 months ago

approved

10 months ago

Builds

389-ds-base-3.0.4-2.fc40

BZ#2261879 CVE-2024-1062 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

BZ#2261884 CVE-2024-1062 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) [fedora-all]

BZ#2267976 CVE-2024-2199 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c

BZ#2274401 CVE-2024-3657 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request

BZ#2283631 CVE-2024-3657 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request [fedora-all]

BZ#2283632 CVE-2024-2199 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c [fedora-all]

BZ#2292104 CVE-2024-5953 389-ds-base: Malformed userPassword hash may cause Denial of Service

BZ#2292109 CVE-2024-5953 389-ds-base: Malformed userPassword hash may cause Denial of Service [fedora-all]

389-ds-base-3.0.4-2.fc40

Automated Test Results

passed

Test Cases


0	0	Test Case 389 Directory Server instance setup