ELSA-2024-5192

ULN >
Oracle Linux Errata repository >
ELSA-2024-5192

ELSA-2024-5192 - 389-ds-base security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-08-11

Description

[2.4.5-9]
- Bump version to 2.4.5-9
- Resolves: RHEL-44323 - unauthenticated user can trigger a DoS by sending a specific extended search request
- Resolves: RHEL-40945 - Malformed userPassword hash may cause Denial of Service
- Resolves: RHEL-49457 - perf search result investigation for many large static groups and members
- Resolves: RHEL-49459 - subsuffix are not returned in one level scoped search

Related CVEs

CVE-2024-6237

CVE-2024-5953

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	389-ds-base-2.4.5-9.el9_4.src.rpm	a066b9bc3db0ba06baa0ac9651997ef5	-	ol9_aarch64_appstream
	389-ds-base-2.4.5-9.el9_4.src.rpm	a066b9bc3db0ba06baa0ac9651997ef5	-	ol9_aarch64_codeready_builder
	389-ds-base-2.4.5-9.el9_4.aarch64.rpm	7ffc91b6f736d1d6363ec854a43bdfd6	-	ol9_aarch64_appstream
	389-ds-base-devel-2.4.5-9.el9_4.aarch64.rpm	f72e64daf25135eb8fe724d96cb50bc3	-	ol9_aarch64_codeready_builder
	389-ds-base-libs-2.4.5-9.el9_4.aarch64.rpm	7cc3030efabe73db4c6b8b423a1a9194	-	ol9_aarch64_appstream
	python3-lib389-2.4.5-9.el9_4.noarch.rpm	2e6ee247045bdd9f0f1051028cca0f65	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	389-ds-base-2.4.5-9.el9_4.src.rpm	a066b9bc3db0ba06baa0ac9651997ef5	-	ol9_x86_64_appstream
	389-ds-base-2.4.5-9.el9_4.src.rpm	a066b9bc3db0ba06baa0ac9651997ef5	-	ol9_x86_64_codeready_builder
	389-ds-base-2.4.5-9.el9_4.x86_64.rpm	32fdcb85c2aa27d1e8bb9ceaefe265f2	-	ol9_x86_64_appstream
	389-ds-base-devel-2.4.5-9.el9_4.x86_64.rpm	73296633bc8d4634a25648ded215a344	-	ol9_x86_64_codeready_builder
	389-ds-base-libs-2.4.5-9.el9_4.x86_64.rpm	6cc43173ae5700dbf704763cd87b5ab5	-	ol9_x86_64_appstream
	python3-lib389-2.4.5-9.el9_4.noarch.rpm	2e6ee247045bdd9f0f1051028cca0f65	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691