| Revision Date: | 2019-11-05 | Version: | 640 | | Title: | RHSA-2019:3401: 389-ds:1.4 security, bug fix, and enhancement update (Important) | | Description: | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
The following packages have been upgraded to a later upstream version: 389-ds-base (1.4.1.3). (BZ#1712467)
Security Fix(es):
389-ds-base: Read permission check bypass via the deref plugin (CVE-2019-14824)
389-ds-base: replication and the Retro Changelog plugin store plaintext password by default (CVE-2018-10871)
389-ds-base: DoS via hanging secured connections (CVE-2019-3883)
389-ds-base: using dscreate in verbose mode results in information disclosure (CVE-2019-10224)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
| | Family: | unix | Class: | patch | | Status: | | Reference(s): | CVE-2018-10871
CVE-2019-10224
CVE-2019-14824
CVE-2019-3883
RHSA-2019:3401
| | Platform(s): | Red Hat Enterprise Linux 8
| Product(s): | | | Definition Synopsis | | Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 8 is installed
OR Red Hat CoreOS 4 is installed
AND
Module 389-ds:1.4 is enabled
|
|