——————————————————————————–
Fedora Update Notification
FEDORA-2013-21875
2013-11-23 09:03:05
——————————————————————————–

Name : 389-ds-base
Product : Fedora 18
Version : 1.3.0.9
Release : 1.fc18
URL : http://port389.org/
Summary : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.

——————————————————————————–
Update Information:

Each release has bug fixes in addition to the CVE fix
——————————————————————————–
ChangeLog:

* Thu Nov 21 2013 Rich Megginson <rmeggins@redhat.com> – 1.3.0.9-1
– Ticket #47605 CVE-2013-4485: DoS due to improper handling of ger attr searches
– Ticket #47596 attrcrypt fails to find unlocked key
– Ticket #47585 Replication Failures related to skipped entries due to cleaned rids
– Ticket 47577 – crash when removing entries from cache
– ad64367 Coverity Fixes
– Ticket 47329 – Improve slapi_back_transaction_begin() return code when transactions are not available
– Ticket #47550 logconv: failed logins: Use of uninitialized value in numeric comparison at logconv.pl line 949
– Ticket #47551 logconv: -V does not produce unindexed search report
– Ticket 47517 – fix memory leaks in ldaputil.c nad ldbm_delete.c
– Ticket #422 – 389-ds-base – Can’t call method “getText”
– aa19f9a Coverity fixes – 12023, 12024, and 12025
– Ticket 47533 logconv: some stats do not work across server restarts
– Ticket #47501 logconv.pl uses /var/tmp for BDB temp files
– Ticket 47520 – Fix various issues with logconv.pl
– Ticket #47387 – improve logconv.pl performance with large access logs
– Ticket 47354 – Indexed search are logged with ‘notes=U’ in the access logs
– Ticket 47461 – logconv.pl – Use of comma-less variable list is deprecated
– Ticket 47447 – logconv.pl man page missing -m,-M,-B,-D
– Ticket #47348 – add etimes to per second/minute stats
– Ticket #47341 – logconv.pl -m time calculation is wrong
– Ticket #47336 – logconv.pl -m not working for all stats
– Ticket 611 – logconv.pl missing stats for StartTLS, LDAPI, and AUTOBIND
– TIcket 419 – logconv.pl – improve memory management
– Ticket 471 – logconv.pl tool removes the access logs contents if “-M” is not correctly used
– Ticket 539 – logconv.pl should handle microsecond timing
– Ticket #47504 idlistscanlimit per index/type/value
– Ticket #47516 replication stops with excessive clock skew
* Wed Aug 28 2013 Noriko Hosoi <nhosoi@redhat.com> – 1.3.0.8-1
– bump version to 1.3.0.8
– Bug 1002215 – CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN
* Wed Jul 31 2013 Noriko Hosoi <nhosoi@redhat.com> – 1.3.0.7-1
– bump version to 1.3.0.7
– fix coverity 11895 – null deref – caused by fix to ticket 47392
– fix compiler warning in posix winsync code for posix_group_del_memberuid_callback (cherry picked from commit f440e039a5f2a7b2ea0dd087d8e91c554abc1be0)
– Fix compiler warnings for Ticket 47395 and 47397
– fix compiler warning (cherry picked from commit 904416f4631d842a105851b4a9931ae17822a107) (cherry picked from commit 3a5f8de21fba3656670b8ee35e020f159d4110db)
– Ticket 543 – Sorting with attributes in ldapsearch gives incorrect result
– Ticket 47405 – CVE-2013-2219 ACLs inoperative in some search scenarios
– Ticket 47449 – deadlock after adding and deleting entries
– Ticket 47421 – memory leaks in set_krb5_creds
– Ticket 47441 – Disk Monitoring not checking filesystem with logs
– Ticket 47435 – Very large entryusn values after enabling the USN plugin and the lastusn value is negative.
– Ticket 47424 – Replication problem with add-delete requests on single-valued attributes
– Ticket 47367 – (phase 2) ldapdelete returns non-leaf entry error while trying to remove a leaf entry
– Ticket 47367 – (phase 1) ldapdelete returns non-leaf entry error while trying to remove a leaf entry
– Ticket 47399 – RHDS denies MODRDN access if ACI list contains any DENY rule
– Ticket 47427 – Overflow in nsslapd-disk-monitoring-threshold
– Ticket 47428 – Memory leak in 389-ds-base 1.2.11.15
– Ticket 47392 – ldbm errors when adding/modifying/deleting entries
– Ticket 47385 – Disk Monitoring is not triggered as expected.
– Ticket 47410 – changelog db deadlocks with DNA and replication
– Ticket 47419 – Unhashed userpassword can accidentally get removed from mods
– Ticket 47409 – allow setting db deadlock rejection policy
– Ticket 47393 – Attribute are not encrypted on a consumer after a full initialization
– Ticket 47395 47397 v2 correct behaviour of account policy if only stateattr is configured or no alternate attr is configured
– Ticket 47396 – crash on modrdn of tombstone
– Ticket 47402 – Attribute names are incorrect in search results
– Ticket 47400 – MMR stress test with dna enabled causes a deadlock
– Ticket 47391 – deleting and adding userpassword fails to update the password (additional fix)
– Ticket 47391 – deleting and adding userpassword fails to update the password
– Coverity Fixes (Part 7)
– Ticket 47376 – DESC should not be empty as per RFC 2252 (ldapv3)
– Ticket 47375 – flush_ber error sending back start_tls response will deadlock
– Ticket 47377 – make listen backlog size configurable
– Ticket 47383 – connections attribute in cn=snmp,cn=monitor is counted twice
– Ticket 47385 – DS not shutting down when disk monitoring threshold is reached
– Ticket 47378 – fix recent compiler warnings
– Coverity Fixes (Part 5)
– Coverity Fixes (Part 4)
– Coverity Fixes (Part 3)
– Coverity Fixes (Part 2)
– Coverity Fixes (part 1)
– Ticket 580 – Wrong error code return when using EXTERNAL SASL and no client certificate
– Ticket 47349 – DS instance crashes under a high load
– Ticket 47359 – new ldap connections can block ldaps and ldapi connections
– Ticket 47327 – error syncing group if group member user is not synced
– Ticket 47362 – ipa upgrade selinuxusermap data not replicating
– Revert “Ticket 47355 – dse.ldif doesn’t replicate update to nsslapd-sasl-mapping-fallback”
– Revert “Ticket 511 – Revision – allow turning off vattr lookup in search entry return”
– Ticket 511 – Revision – allow turning off vattr lookup in search entry return
– Ticket 47355 – dse.ldif doesn’t replicate update to nsslapd-sasl-mapping-fallback
– Ticket 47347 – Simple paged results should support async search
* Wed Apr 10 2013 Noriko Hosoi <nhosoi@redhat.com> – 1.3.0.6-1
– bump version to 1.3.0.6
– Ticket 623 – cleanAllRUV task fails to cleanup config upon completion
– Coverity fix 13139 – Dereference after NULL check in slapi_attr_value_normalize_ext()
– Ticket 47318 – server fails to start after upgrade(schema error)
* Thu Mar 28 2013 Noriko Hosoi <nhosoi@redhat.com> – 1.3.0.5-1
– bump version to 1.3.0.5
– Ticket 47308 – unintended information exposure when anonymous access is set to rootdse
– Ticket 628 – crash in aci evaluation
– Ticket 627 – ns-slapd crashes sporadically with segmentation fault in libslapd.so
– Ticket 634 – Deadlock in DNA plug-in Ticket #576 – DNA: use event queue for config update only at the start up
– Ticket 632 – 389-ds-base cannot handle Kerberos tickets with PAC
– Ticket 623 – cleanAllRUV task fails to cleanup config upon completion
* Mon Mar 11 2013 Mark Reynolds <mreynolds@redhat.com> – 1.3.0.4-1
e53d691 bump version to 1.3.0.4
Bug 912964 – CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data
Ticket 570 – DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled)
Ticket 490 – Slow role performance when using a lot of roles
Ticket 590 – ns-slapd segfaults while trying to delete a tombstone entry
* Wed Feb 13 2013 Noriko Hosoi <nhosoi@redhat.com> – 1.3.0.3-1
– bump version to 1.3.0.3
– Ticket #584 – Existence of an entry is not checked when its password is to be deleted
– Ticket 562 – Crash when deleting suffix
* Wed Jan 16 2013 Noriko Hosoi <nhosoi@redhat.com> – 1.3.0.2-1
– bump version to 1.3.0.2
– Ticket #542 – Cannot dynamically set nsslapd-maxbersize
* Wed Jan 16 2013 Noriko Hosoi <nhosoi@redhat.com> – 1.3.0.1-1
– bump version to 1.3.0.1
– Ticket 556 – Don’t overwrite certmap.conf during upgrade
* Tue Jan 8 2013 Noriko Hosoi <nhosoi@redhat.com> – 1.3.0.0-1
– bump version to 1.3.0.0
* Tue Jan 8 2013 Noriko Hosoi <nhosoi@redhat.com> – 1.3.0-0.3.rc3
– bump version to 1.3.0.rc3
– Ticket 549 – DNA plugin no longer reports additional info when range is depleted
– Ticket 541 – need to set plugin as off in ldif template
– Ticket 541 – RootDN Access Control plugin is missing after upgrade
* Fri Dec 14 2012 Noriko Hosoi <nhosoi@redhat.com> – 1.3.0-0.2.rc2
– bump version to 1.3.0.rc2
– Trac Ticket #497 – Escaped character cannot be used in the substring search filter
– Ticket 509 – lock-free access to be->be_suffixlock
– Trac Ticket #522 – betxn: upgrade is not implemented yet
* Tue Dec 11 2012 Noriko Hosoi <nhosoi@redhat.com> – 1.3.0-0.1.rc1
– bump version to 1.3.0.rc1
– Ticket #322 – Create DOAP description for the 389 Directory Server project
– Trac Ticket #499 – Handling URP results is not corrrect
– Ticket 509 – lock-free access to be->be_suffixlock
– Ticket 456 – improve entry cache sizing
– Trac Ticket #531 – loading an entry from the database should use str2entry_f
– Trac Ticket #536 – Clean up compiler warnings for 1.3
– Trac Ticket #531 – loading an entry from the database should use str2entry_fast
– Ticket 509 – lock-free access to be->be_suffixlock
– Ticket 527 – ns-slapd segfaults if it cannot rename the logs
– Ticket 395 – RFE: 389-ds shouldn’t advertise in the rootDSE that we can handle a sasl mech if we really can’t
– Ticket 216 – disable replication agreements
– Ticket 518 – dse.ldif is 0 length after server kill or machine kill
– Ticket 393 – Change in winSyncInterval does not take immediate effect
– Ticket 20 – Allow automember to work on entries that have already been added
– Coverity Fixes
– Ticket 349 – nsViewFilter syntax issue in 389DS 1.2.5
– Ticket 337 – improve CLEANRUV functionality
– Fix for ticket 504
– Ticket 394 – modify-delete userpassword
– minor fixes for bdb 4.2/4.3 and mozldap
– Trac Ticket #276 – Multiple threads simultaneously working on connection’s private buffer causes ns-slapd to abort
– Fix for ticket 465: cn=monitor showing stats for other db instances
– Ticket 507 – use mutex for FrontendConfig lock instead of rwlock
– Fix for ticket 510 Avoid creating an attribute just to determine the syntax for a type, look up the syntax directly by type
– Coverity defect: Resource leak 13110
– Ticket 517 – crash in DNA if no dnaMagicRegen is specified
– Trac Ticket #520 – RedHat Directory Server crashes (segfaults) when moving ldap entry
– Trac Ticket #519 – Search with a complex filter including range search is slow
– Trac Ticket #500 – Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error
– Trac Ticket #311 – IP lookup failing with multiple DNS entries
– Trac Ticket #447 – Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs
– Trac Ticket #443 – Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error
– Ticket #503 – Improve AD version in winsync log message
– Trac Ticket #190 – Un-resolvable server in replication agreement produces unclear error message
– Coverity fixes
– Trac Ticket #391 – Slapd crashes when deleting backends while operations are still in progress
– Trac Ticket #448 – Possible to set invalid macros in Macro ACIs
– Trac Ticket #498 – Cannot abaondon simple paged result search
– Coverity defects
– Trac Ticket #494 – slapd entered to infinite loop during new index addition
– Fixing compiler warnings in the posix-winsync plugin
– Coverity defects
– Ticket 147 – Internal Password Policy usage very inefficient
– Ticket 495 – internalModifiersname not updated by DNA plugin
– Revert “Ticket 495 – internalModifiersname not updated by DNA plugin”
– Ticket 495 – internalModifiersname not updated by DNA plugin
– Ticket 468 – if pam_passthru is enabled, need to AC_CHECK_HEADERS([security/pam_appl.h])
– Ticket 486 – nsslapd-enablePlugin should not be multivalued
– Ticket 488 – Doc: DS error log messages with typo
– Trac Ticket #451 – Allow db2ldif to be quiet
– Ticket #491 – multimaster_extop_cleanruv returns wrong error codes
– Ticket #481 – expand nested posix groups
– Trac Ticket #455 – Insufficient rights to unhashed#user#password when user deletes his password
– Ticket #446 – anonymous limits are being applied to directory manager
——————————————————————————–
References:

[ 1 ] Bug #1024552 – CVE-2013-4485 389-ds-base: DoS due to improper handling of ger attr searches
https://bugzilla.redhat.com/show_bug.cgi?id=1024552
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update 389-ds-base’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce