| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2024-8445.patch | Security fix for CVE-2024-8445 Description: The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, this issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. References: - https://access.redhat.com/security/cve/CVE-2024-8445 - https://nvd.nist.gov/vuln/detail/cve-2024-8445 - https://bugzilla.redhat.com/show_bug.cgi?id=2310110 - https://nvd.nist.gov/vuln/detail/CVE-2024-2199 - https://access.redhat.com/security/cve/CVE-2024-2199 - https://bugzilla.redhat.com/show_bug.cgi?id=2267976 |
Pierre Rogier <progier@redhat.com> | no | 2024-09-23 | ||
| CVE-2024-5953.patch | Security fix for CVE-2024-5953 Description: A denial of service vulnerability was found in the 389 Directory Server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Fix Description: To prevent buffer overflow when a bind request is processed, the bind fails if the hash size is not coherent without even attempting to process further the hashed password. References: - https://nvd.nist.gov/vuln/detail/CVE-2024-5953 - https://access.redhat.com/security/cve/CVE-2024-5953 - https://bugzilla.redhat.com/show_bug.cgi?id=2292104 |
Pierre Rogier <progier@redhat.com> | no | 2024-06-14 | ||
| fix-saslpath.diff | no | |||||
| 5610-fix-linking.diff | [PATCH] Issue #5610 - Build failure on Debian Bug Description: On Debian libslapd.so is not getting linked with libcrypto.so, which results in `undefined reference` link errors. Fix Description: Move -lssl and -lcrypto for libslapd.so from LDFLAGS to LIBADD. Reviewed by: ??? |
Viktor Ashirov <vashirov@redhat.com> | no | 2023-01-20 | ||
| dont-run-rpm.diff | no | |||||
| use-packaged-rust-registry.diff | no | |||||
| allow-newer-crates.diff | no | |||||
| CVE-2024-2199.patch | Security fix for CVE-2024-2199 Description: A denial of service vulnerability was found in the 389 Directory Server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input. Fix Description: When doing a mod on userPassword we reset the pblock modifier after we set the modified timestamp, ensuring the pblock data stays valid. References: - https://nvd.nist.gov/vuln/detail/CVE-2024-2199 - https://access.redhat.com/security/cve/CVE-2024-2199 - https://bugzilla.redhat.com/show_bug.cgi?id=2267976 |
James Chapman <jachapma@redhat.com> | no | 2024-05-01 | ||
| CVE-2024-3657.patch | Security fix for CVE-2024-3657 Description: A flaw was found in the 389 Directory Server. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service. Fix Description: The code was modified to avoid a buffer overflow when logging some requests in the audit log. References: - https://nvd.nist.gov/vuln/detail/CVE-2024-3657 - https://access.redhat.com/security/cve/CVE-2024-3657 - https://bugzilla.redhat.com/show_bug.cgi?id=2274401 |
Pierre Rogier <progier@redhat.com> | no | 2024-04-17 |