CentOS Local Security Checks : CentOS Update for 389-ds-base CESA-2018:1380 centos7

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.882899

Category: CentOS Local Security Checks

Title: CentOS Update for 389-ds-base CESA-2018:1380 centos7

Summary: Check the version of 389-ds-base

Description: Summary:
Check the version of 389-ds-base

Vulnerability Insight:
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The
base packages include the Lightweight Directory Access Protocol (LDAP)
server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: ns-slapd crash via large filter value in ldapsearch
(CVE-2018-1089)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Greg Kubok for reporting this issue.

Bug Fix(es):

* Indexing tasks in Directory Server contain the nsTaskStatus attribute to
monitor whether the task is completed and the database is ready to receive
updates. Before this update, the server set the value that indexing had
completed before the database was ready to receive updates. Applications
which monitor nsTaskStatus could start sending updates as soon as indexing
completed, but before the database was ready. As a consequence, the server
rejected updates with an UNWILLING_TO_PERFORM error. The problem has been
fixed. As a result, the nsTaskStatus attribute now shows that indexing is
completed after the database is ready to receive updates. (BZ#1553605)

* Previously, Directory Server did not remember when the first operation,
bind, or a connection was started. As a consequence, the server applied in
certain situations anonymous resource limits to an authenticated client.
With this update, Directory Server properly marks authenticated client
connections. As a result, it applies the correct resource limits, and
authenticated clients no longer get randomly restricted by anonymous
resource limits. (BZ#1554720)

* When debug replication logging is enabled, Directory Server incorrectly
logged an error that updating the replica update vector (RUV) failed when
in fact the update succeeded. The problem has been fixed, and the server no
longer logs an error if updating the RUV succeeds. (BZ#1559464)

* This update adds the -W option to the ds-replcheck utility. With this
option, ds-replcheck asks for the password, similar to OpenLDAP utilities.
As a result, the password is not stored in the shell's history file when
the -W option is used. (BZ#1559760)

* If an administrator moves a group in Directory Server from one subtree to
another, the memberOf plug-in deletes the memberOf attribute with the old
value and adds a new memberOf attribute with the new group's distinguished
name (DN) in affected user entries. Previously, if the old subtree was not
within the scope of the memberOf plug-in, deleting the old memberOf
attribute failed because the values ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
389-ds-base on CentOS 7

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-1089
BugTraq ID: 104137
http://www.securityfocus.com/bid/104137
https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html
RedHat Security Advisories: RHSA-2018:1364
https://access.redhat.com/errata/RHSA-2018:1364
RedHat Security Advisories: RHSA-2018:1380
https://access.redhat.com/errata/RHSA-2018:1380

Copyright Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.882899
Category:	CentOS Local Security Checks
Title:	CentOS Update for 389-ds-base CESA-2018:1380 centos7
Summary:	Check the version of 389-ds-base
Description:	Summary: Check the version of 389-ds-base Vulnerability Insight: 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: ns-slapd crash via large filter value in ldapsearch (CVE-2018-1089) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Greg Kubok for reporting this issue. Bug Fix(es): * Indexing tasks in Directory Server contain the nsTaskStatus attribute to monitor whether the task is completed and the database is ready to receive updates. Before this update, the server set the value that indexing had completed before the database was ready to receive updates. Applications which monitor nsTaskStatus could start sending updates as soon as indexing completed, but before the database was ready. As a consequence, the server rejected updates with an UNWILLING_TO_PERFORM error. The problem has been fixed. As a result, the nsTaskStatus attribute now shows that indexing is completed after the database is ready to receive updates. (BZ#1553605) * Previously, Directory Server did not remember when the first operation, bind, or a connection was started. As a consequence, the server applied in certain situations anonymous resource limits to an authenticated client. With this update, Directory Server properly marks authenticated client connections. As a result, it applies the correct resource limits, and authenticated clients no longer get randomly restricted by anonymous resource limits. (BZ#1554720) * When debug replication logging is enabled, Directory Server incorrectly logged an error that updating the replica update vector (RUV) failed when in fact the update succeeded. The problem has been fixed, and the server no longer logs an error if updating the RUV succeeds. (BZ#1559464) * This update adds the -W option to the ds-replcheck utility. With this option, ds-replcheck asks for the password, similar to OpenLDAP utilities. As a result, the password is not stored in the shell's history file when the -W option is used. (BZ#1559760) * If an administrator moves a group in Directory Server from one subtree to another, the memberOf plug-in deletes the memberOf attribute with the old value and adds a new memberOf attribute with the new group's distinguished name (DN) in affected user entries. Previously, if the old subtree was not within the scope of the memberOf plug-in, deleting the old memberOf attribute failed because the values ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: 389-ds-base on CentOS 7 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1089 BugTraq ID: 104137 http://www.securityfocus.com/bid/104137 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html RedHat Security Advisories: RHSA-2018:1364 https://access.redhat.com/errata/RHSA-2018:1364 RedHat Security Advisories: RHSA-2018:1380 https://access.redhat.com/errata/RHSA-2018:1380
Copyright	Copyright (C) 2018 Greenbone AG