openSUSE Security Update : 389-ds (openSUSE-2021-868)

medium Nessus Plugin ID 150754

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for 389-ds fixes the following issues :

- CVE-2021-3514: Fixed a sync_repl NULL pointer dereference in sync_create_state_control() (bsc#1185356)

389-ds was updated to version 1.4.3.23~git0.f53d0132b :

Bump version to 1.4.3.23 :

- Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727)

- Issue 4759 - Fix coverity issue (#4760)

- Issue 4656 - Fix cherry pick error around replication enabling

- Issue 4701 - RFE - Exclude attributes from retro changelog (#4723) (#4746)

- Issue 4742 - UI - should always use LDAPI path when calling CLI

- Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732)

- Issue 4711 - SIGSEV with sync_repl (#4738)

- Issue 4649 - fix testcase importing ContentSyncPlugin

- Issue 2736 - Warnings from automatic shebang munging macro

- Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736

- Issue 4706 - negative wtime in access log for CMP operations

Bump version to 1.4.3.22 :

- Issue 4671 - UI - Fix browser crashes

- lib389 - Add ContentSyncPlugin class

- Issue 4656 - lib389 - fix cherry pick error

- Issue 4229 - Fix Rust linking

- Issue 4658 - monitor - connection start date is incorrect

- Issue 2621 - lib389 - backport ds_supports_new_changelog()

- Issue 4656 - Make replication CLI backwards compatible with role name change

- Issue 4656 - Remove problematic language from UI/CLI/lib389

- Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down

- Issue 4663 - CLI - unable to add objectclass/attribute without x-origin

Bump version to 1.4.3.21 :

- Issue 4169 - UI - updates on the tuning page are not reflected in the UI

- Issue 4588 - BUG - unable to compile without xcrypt (#4589)

- Issue 4513 - Fix replication CI test failures (#4557)

- Issue 4646 - CLI/UI - revise DNA plugin management

- Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)

- Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)

- Issue 4615 - log message when psearch first exceeds max threads per conn

Bump version to 1.4.3.20 :

- Issue 4324 - Some architectures the cache line size file does not exist

- Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Solution

Update the affected 389-ds packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1185356

https://github.com/389ds/389-ds-base/issues/2736

Plugin Details

Severity: Medium

ID: 150754

File Name: openSUSE-2021-868.nasl

Version: 1.3

Type: local

Agent: unix

Published: 6/14/2021

Updated: 12/13/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2021-3514

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libsvrcore0, p-cpe:/a:novell:opensuse:389-ds-snmp-debuginfo, p-cpe:/a:novell:opensuse:389-ds-debugsource, p-cpe:/a:novell:opensuse:389-ds, cpe:/o:novell:opensuse:15.2, p-cpe:/a:novell:opensuse:389-ds-devel, p-cpe:/a:novell:opensuse:389-ds-snmp, p-cpe:/a:novell:opensuse:lib389, p-cpe:/a:novell:opensuse:389-ds-debuginfo, p-cpe:/a:novell:opensuse:libsvrcore0-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2021

Vulnerability Publication Date: 5/28/2021

Reference Information

CVE: CVE-2021-3514