[SECURITY] Fedora 18 Update: 389-ds-base-1.3.0.5-1.fc18

updates at fedoraproject.org updates at fedoraproject.org
Wed Apr 3 04:32:01 UTC 2013


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-4578
2013-03-30 21:02:02
--------------------------------------------------------------------------------

Name        : 389-ds-base
Product     : Fedora 18
Version     : 1.3.0.5
Release     : 1.fc18
URL         : http://port389.org/
Summary     : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server.  The base package includes
the LDAP server and command line utilities for server administration.

--------------------------------------------------------------------------------
Update Information:

This release fixes 7 critical bugs including one security bug.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 28 2013 Noriko Hosoi <nhosoi at redhat.com> - 1.3.0.5-1
- bump version to 1.3.0.5
- Ticket 47308 - unintended information exposure when anonymous access is set to rootdse
- Ticket 628 - crash in aci evaluation
- Ticket 627 - ns-slapd crashes sporadically with segmentation fault in libslapd.so
- Ticket 634 - Deadlock in DNA plug-in Ticket #576 - DNA: use event queue for config update only at the start up
- Ticket 632 - 389-ds-base cannot handle Kerberos tickets with PAC
- Ticket 623 - cleanAllRUV task fails to cleanup config upon completion
* Mon Mar 11 2013 Mark Reynolds <mreynolds at redhat.com> - 1.3.0.4-1
e53d691 bump version to 1.3.0.4
Bug 912964 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data
Ticket 570 - DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled)
Ticket 490 - Slow role performance when using a lot of roles
Ticket 590 - ns-slapd segfaults while trying to delete a tombstone entry
* Wed Feb 13 2013 Noriko Hosoi <nhosoi at redhat.com> - 1.3.0.3-1
- bump version to 1.3.0.3
- Ticket #584 - Existence of an entry is not checked when its password is to be deleted
- Ticket 562 - Crash when deleting suffix
* Wed Jan 16 2013 Noriko Hosoi <nhosoi at redhat.com> - 1.3.0.2-1
- bump version to 1.3.0.2
- Ticket #542 - Cannot dynamically set nsslapd-maxbersize
* Wed Jan 16 2013 Noriko Hosoi <nhosoi at redhat.com> - 1.3.0.1-1
- bump version to 1.3.0.1
- Ticket 556 - Don't overwrite certmap.conf during upgrade
* Tue Jan  8 2013 Noriko Hosoi <nhosoi at redhat.com> - 1.3.0.0-1
- bump version to 1.3.0.0
* Tue Jan  8 2013 Noriko Hosoi <nhosoi at redhat.com> - 1.3.0-0.3.rc3
- bump version to 1.3.0.rc3
- Ticket 549 - DNA plugin no longer reports additional info when range is depleted
- Ticket 541 - need to set plugin as off in ldif template
- Ticket 541 - RootDN Access Control plugin is missing after upgrade
* Fri Dec 14 2012 Noriko Hosoi <nhosoi at redhat.com> - 1.3.0-0.2.rc2
- bump version to 1.3.0.rc2
- Trac Ticket #497 - Escaped character cannot be used in the substring search filter
- Ticket 509 - lock-free access to be->be_suffixlock
- Trac Ticket #522 - betxn: upgrade is not implemented yet
* Tue Dec 11 2012 Noriko Hosoi <nhosoi at redhat.com> - 1.3.0-0.1.rc1
- bump version to 1.3.0.rc1
- Ticket #322 - Create DOAP description for the 389 Directory Server project
- Trac Ticket #499 - Handling URP results is not corrrect
- Ticket 509 - lock-free access to be->be_suffixlock
- Ticket 456 - improve entry cache sizing
- Trac Ticket #531 - loading an entry from the database should use str2entry_f
- Trac Ticket #536 - Clean up compiler warnings for 1.3
- Trac Ticket #531 - loading an entry from the database should use str2entry_fast
- Ticket 509 - lock-free access to be->be_suffixlock
- Ticket 527 - ns-slapd segfaults if it cannot rename the logs
- Ticket 395 - RFE: 389-ds shouldn't advertise in the rootDSE that we can handle a sasl mech if we really can't
- Ticket 216 - disable replication agreements
- Ticket 518 - dse.ldif is 0 length after server kill or machine kill
- Ticket 393 - Change in winSyncInterval does not take immediate effect
- Ticket 20 - Allow automember to work on entries that have already been added
- Coverity Fixes
- Ticket 349 - nsViewFilter syntax issue in 389DS 1.2.5
- Ticket 337 - improve CLEANRUV functionality
- Fix for ticket 504
- Ticket 394 - modify-delete userpassword
- minor fixes for bdb 4.2/4.3 and mozldap
- Trac Ticket #276 - Multiple threads simultaneously working on connection's private buffer causes ns-slapd to abort
- Fix for ticket 465: cn=monitor showing stats for other db instances
- Ticket 507 - use mutex for FrontendConfig lock instead of rwlock
- Fix for ticket 510 Avoid creating an attribute just to determine the syntax for a type, look up the syntax directly by type
- Coverity defect: Resource leak 13110
- Ticket 517 - crash in DNA if no dnaMagicRegen is specified
- Trac Ticket #520 - RedHat Directory Server crashes (segfaults) when moving ldap entry
- Trac Ticket #519 - Search with a complex filter including range search is slow
- Trac Ticket #500 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error
- Trac Ticket #311 - IP lookup failing with multiple DNS entries
- Trac Ticket #447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs
- Trac Ticket #443 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error
- Ticket #503 - Improve AD version in winsync log message
- Trac Ticket #190 - Un-resolvable server in replication agreement produces unclear error message
- Coverity fixes
- Trac Ticket #391 - Slapd crashes when deleting backends while operations are still in progress
- Trac Ticket #448 - Possible to set invalid macros in Macro ACIs
- Trac Ticket #498 - Cannot abaondon simple paged result search
- Coverity defects
- Trac Ticket #494 - slapd entered to infinite loop during new index addition
- Fixing compiler warnings in the posix-winsync plugin
- Coverity defects
- Ticket 147 - Internal Password Policy usage very inefficient
- Ticket 495 - internalModifiersname not updated by DNA plugin
- Revert "Ticket 495 - internalModifiersname not updated by DNA plugin"
- Ticket 495 - internalModifiersname not updated by DNA plugin
- Ticket 468 - if pam_passthru is enabled, need to AC_CHECK_HEADERS([security/pam_appl.h])
- Ticket 486 - nsslapd-enablePlugin should not be multivalued
- Ticket 488 - Doc: DS error log messages with typo
- Trac Ticket #451 - Allow db2ldif to be quiet
- Ticket #491 - multimaster_extop_cleanruv returns wrong error codes
- Ticket #481 - expand nested posix groups
- Trac Ticket #455 - Insufficient rights to unhashed#user#password when user deletes his password
- Ticket #446 - anonymous limits are being applied to directory manager
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #928105 - CVE-2013-1897 389-ds: unintended information exposure when rootdse is enabled
        https://bugzilla.redhat.com/show_bug.cgi?id=928105
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update 389-ds-base' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list