Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update Security Advisory secalert@redhat.com Red Hat Security Response Team RHSA-2012:0813 Final 4 4 2012-06-20T08:19:00Z Current version 2012-06-20T08:19:00Z 2012-06-20T08:19:00Z Red Hat rhsa-to-cvrf 1.0.1484 2012-06-20T08:57:08Z Updated 389-ds-base packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon (ns-slapd) handled access control instructions (ACIs) using certificate groups. If an LDAP user that had a certificate group defined attempted to bind to the directory server, it would cause ns-slapd to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2012-0833) Red Hat would like to thank Graham Leggett for reporting this issue. These updated 389-ds-base packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. Users are advised to upgrade to these updated 389-ds-base packages, which resolve these issues and add these enhancements. After installing this update, the 389 server service will be restarted automatically. Please see https://www.redhat.com/footer/terms-of-use.html Copyright © 2012 Red Hat, Inc. All rights reserved. Low https://rhn.redhat.com/errata/RHSA-2012-0813.html https://rhn.redhat.com/errata/RHSA-2012-0813.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/security/updates/classification/#low https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/pkg-389-ds-base.html#RHSA-2012-0813 https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/pkg-389-ds-base.html#RHSA-2012-0813 https://bugzilla.redhat.com/show_bug.cgi?id=766322 https://bugzilla.redhat.com/show_bug.cgi?id=766322 https://bugzilla.redhat.com/show_bug.cgi?id=768086 https://bugzilla.redhat.com/show_bug.cgi?id=768086 https://bugzilla.redhat.com/show_bug.cgi?id=768091 https://bugzilla.redhat.com/show_bug.cgi?id=768091 https://bugzilla.redhat.com/show_bug.cgi?id=772777 https://bugzilla.redhat.com/show_bug.cgi?id=772777 https://bugzilla.redhat.com/show_bug.cgi?id=772778 https://bugzilla.redhat.com/show_bug.cgi?id=772778 https://bugzilla.redhat.com/show_bug.cgi?id=772779 https://bugzilla.redhat.com/show_bug.cgi?id=772779 https://bugzilla.redhat.com/show_bug.cgi?id=781529 https://bugzilla.redhat.com/show_bug.cgi?id=781529 https://bugzilla.redhat.com/show_bug.cgi?id=781534 https://bugzilla.redhat.com/show_bug.cgi?id=781534 https://bugzilla.redhat.com/show_bug.cgi?id=784343 https://bugzilla.redhat.com/show_bug.cgi?id=784343 https://bugzilla.redhat.com/show_bug.cgi?id=784344 https://bugzilla.redhat.com/show_bug.cgi?id=784344 https://bugzilla.redhat.com/show_bug.cgi?id=788140 https://bugzilla.redhat.com/show_bug.cgi?id=788140 https://bugzilla.redhat.com/show_bug.cgi?id=788722 https://bugzilla.redhat.com/show_bug.cgi?id=788722 https://bugzilla.redhat.com/show_bug.cgi?id=788723 https://bugzilla.redhat.com/show_bug.cgi?id=788723 https://bugzilla.redhat.com/show_bug.cgi?id=788724 https://bugzilla.redhat.com/show_bug.cgi?id=788724 https://bugzilla.redhat.com/show_bug.cgi?id=788725 https://bugzilla.redhat.com/show_bug.cgi?id=788725 https://bugzilla.redhat.com/show_bug.cgi?id=788726 https://bugzilla.redhat.com/show_bug.cgi?id=788726 https://bugzilla.redhat.com/show_bug.cgi?id=788728 https://bugzilla.redhat.com/show_bug.cgi?id=788728 https://bugzilla.redhat.com/show_bug.cgi?id=788729 https://bugzilla.redhat.com/show_bug.cgi?id=788729 https://bugzilla.redhat.com/show_bug.cgi?id=788731 https://bugzilla.redhat.com/show_bug.cgi?id=788731 https://bugzilla.redhat.com/show_bug.cgi?id=788732 https://bugzilla.redhat.com/show_bug.cgi?id=788732 https://bugzilla.redhat.com/show_bug.cgi?id=788741 https://bugzilla.redhat.com/show_bug.cgi?id=788741 https://bugzilla.redhat.com/show_bug.cgi?id=788745 https://bugzilla.redhat.com/show_bug.cgi?id=788745 https://bugzilla.redhat.com/show_bug.cgi?id=788749 https://bugzilla.redhat.com/show_bug.cgi?id=788749 https://bugzilla.redhat.com/show_bug.cgi?id=788750 https://bugzilla.redhat.com/show_bug.cgi?id=788750 https://bugzilla.redhat.com/show_bug.cgi?id=788751 https://bugzilla.redhat.com/show_bug.cgi?id=788751 https://bugzilla.redhat.com/show_bug.cgi?id=788753 https://bugzilla.redhat.com/show_bug.cgi?id=788753 https://bugzilla.redhat.com/show_bug.cgi?id=788755 https://bugzilla.redhat.com/show_bug.cgi?id=788755 https://bugzilla.redhat.com/show_bug.cgi?id=788756 https://bugzilla.redhat.com/show_bug.cgi?id=788756 https://bugzilla.redhat.com/show_bug.cgi?id=788760 https://bugzilla.redhat.com/show_bug.cgi?id=788760 https://bugzilla.redhat.com/show_bug.cgi?id=788764 https://bugzilla.redhat.com/show_bug.cgi?id=788764 https://bugzilla.redhat.com/show_bug.cgi?id=790433 https://bugzilla.redhat.com/show_bug.cgi?id=790433 https://bugzilla.redhat.com/show_bug.cgi?id=790491 https://bugzilla.redhat.com/show_bug.cgi?id=790491 https://bugzilla.redhat.com/show_bug.cgi?id=800215 https://bugzilla.redhat.com/show_bug.cgi?id=800215 https://bugzilla.redhat.com/show_bug.cgi?id=800217 https://bugzilla.redhat.com/show_bug.cgi?id=800217 https://bugzilla.redhat.com/show_bug.cgi?id=803930 https://bugzilla.redhat.com/show_bug.cgi?id=803930 https://bugzilla.redhat.com/show_bug.cgi?id=811291 https://bugzilla.redhat.com/show_bug.cgi?id=811291 https://bugzilla.redhat.com/show_bug.cgi?id=813964 https://bugzilla.redhat.com/show_bug.cgi?id=813964 https://bugzilla.redhat.com/show_bug.cgi?id=815991 https://bugzilla.redhat.com/show_bug.cgi?id=815991 https://bugzilla.redhat.com/show_bug.cgi?id=819643 https://bugzilla.redhat.com/show_bug.cgi?id=819643 https://bugzilla.redhat.com/show_bug.cgi?id=821176 https://bugzilla.redhat.com/show_bug.cgi?id=821176 https://bugzilla.redhat.com/show_bug.cgi?id=821542 https://bugzilla.redhat.com/show_bug.cgi?id=821542 https://bugzilla.redhat.com/show_bug.cgi?id=822700 https://bugzilla.redhat.com/show_bug.cgi?id=822700 https://bugzilla.redhat.com/show_bug.cgi?id=824014 https://bugzilla.redhat.com/show_bug.cgi?id=824014 Red Hat Enterprise Linux Desktop Optional (v. 6) Red Hat Enterprise Linux HPC Node Optional (v. 6) Red Hat Enterprise Linux Workstation Optional (v. 6) Red Hat Enterprise Linux Workstation (v. 6) Red Hat Enterprise Linux Server Optional (v. 6) Red Hat Enterprise Linux Server (v. 6) 389-ds-base-1.2.10.2-15.el6.src.rpm 389-ds-base-1.2.10.2-15.el6 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6) 389-ds-base-1.2.10.2-15.el6 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6) 389-ds-base-1.2.10.2-15.el6 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6) 389-ds-base-1.2.10.2-15.el6 as a component of Red Hat Enterprise Linux Workstation (v. 6) 389-ds-base-1.2.10.2-15.el6 as a component of Red Hat Enterprise Linux Server Optional (v. 6) 389-ds-base-1.2.10.2-15.el6 as a component of Red Hat Enterprise Linux Server (v. 6) A flaw was found in the way the 389 Directory Server daemon (ns-slapd) handled access control instructions (ACIs) using certificate groups. If an LDAP user that had a certificate group defined attempted to bind to the directory server, it would cause ns-slapd to enter an infinite loop and consume an excessive amount of CPU time. 2011-12-28T00:00:00Z 2012-01-05T00:00:00Z CVE-2012-0833 6Client-optional:389-ds-base-1.2.10.2-15.el6 6ComputeNode-optional:389-ds-base-1.2.10.2-15.el6 6Server-optional:389-ds-base-1.2.10.2-15.el6 6Server:389-ds-base-1.2.10.2-15.el6 6Workstation-optional:389-ds-base-1.2.10.2-15.el6 6Workstation:389-ds-base-1.2.10.2-15.el6 Low 1.4 AV:A/AC:H/Au:S/C:N/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-0813.html https://www.redhat.com/security/data/cve/CVE-2012-0833.html CVE-2012-0833 https://bugzilla.redhat.com/show_bug.cgi?id=787014 bz#787014: CVE-2012-0833 389: denial of service when using certificate groups Red Hat would like to thank Graham Leggett for reporting this issue.