Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 19 Update: 389-ds-base-1.3.1.7-1.fc19
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Friday 30th August 2013 23:03:14 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-15540
2013-08-29 21:15:13
--------------------------------------------------------------------------------

Name        : 389-ds-base
Product     : Fedora 19
Version     : 1.3.1.7
Release     : 1.fc19
URL         : http://port389.org/
Summary     : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server.  The base package
includes
the LDAP server and command line utilities for server administration.

--------------------------------------------------------------------------------
Update Information:

In this version, a security bug -- modifying an entry specified by an
invalid DN crashed the server and a Windows Sync bug were fixed; logconv
and setup-ds.pl scripts were enhanced.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 28 2013 Noriko Hosoi  - 1.3.1.7-1
- bump version to 1.3.1.7
- Bug 1002215 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN
- Ticket 47488 - Users from AD sub OU does not sync to IPA
- Ticket 47461 - logconv.pl - Use of comma-less variable list is deprecated
- Ticket 47473 - setup-ds.pl doesn't lookup the "root" group correctly
* Thu Aug  1 2013 Noriko Hosoi  - 1.3.1.6-1
- bump version to 1.3.1.6
- Ticket 47455 - valgrind - value mem leaks, uninit mem usage
- fix coverity 11915 - dead code - introduced with fix for ticket 346
- fix coverity 11895 - null deref - caused by fix to ticket 47392
- fix compiler warning in posix winsync code for
posix_group_del_memberuid_callback
- Fix compiler warnings for Ticket 47395 and 47397
- fix compiler warning (cherry picked from commit
904416f4631d842a105851b4a9931ae17822a107)
- Ticket 47450 - Fix compiler formatting warning errors for 32/64 bit arch
- fix compiler warnings
- Fix compiler warning (cherry picked from commit
ec6ebc0b0f085a82041d993ab2450a3922ef5502)
* Wed Jul 31 2013 Noriko Hosoi  - 1.3.1.5-1
- bump version to 1.3.1.5
- Ticket 47456 - delete present values should append values to deleted
values
- Ticket 47455 - valgrind - value mem leaks, uninit mem usage
- Ticket 47448 - Segfault in 389-ds-base-1.3.1.4-1.fc19 when setting up
FreeIPA replication
- Ticket 47440 - Fix runtime errors caused by last patch.
- Ticket 47440 - Fix compilation warnings and header files
- Ticket 47405 - CVE-2013-2219 ACLs inoperative in some search scenarios
- Ticket 47447 - logconv.pl man page missing -m,-M,-B,-D
- Ticket 47378 - fix recent compiler warnings
- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
- Ticket 47449 - deadlock after adding and deleting entries
- Ticket 47441 - Disk Monitoring not checking filesystem with logs
- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
* Fri Jul 19 2013 Noriko Hosoi  - 1.3.1.4-1
- bump version to 1.3.1.4
- Ticket 47435 - Very large entryusn values after enabling the USN plugin
and the lastusn value is negative.
- Ticket 47424 - Replication problem with add-delete requests on
single-valued attributes
- Ticket 47367 - (phase 2) ldapdelete returns non-leaf entry error while
trying to remove a leaf entry
- Ticket 47367 - (phase 1) ldapdelete returns non-leaf entry error while
trying to remove a leaf entry
- Ticket 47421 - memory leaks in set_krb5_creds
- Ticket 346 - version 4 Slow ldapmodify operation time for large
quantities of multi-valued attribute values
- Ticket 47369  version2 - provide default syntax plugin
- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
- Ticket 47399 - RHDS denies MODRDN access if ACI list contains any DENY
rule
- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
- Ticket 47428 - Memory leak in 389-ds-base 1.2.11.15
- Ticket 47392 - ldbm errors when adding/modifying/deleting entries
- Ticket 47385 - Disk Monitoring is not triggered as expected.
- Ticket 47410 - changelog db deadlocks with DNA and replication
* Wed Jul  3 2013 Noriko Hosoi  - 1.3.1.3-1
- bump version to 1.3.1.3
- Ticket 47374 - flush.pl is not included in perl5
- Ticket 47391 - deleting and adding userpassword fails to update the
password (additional fix)
- Ticket 47393 - Attribute are not encrypted on a consumer after a full
initialization
- Ticket 47395 47397 - v2 correct behaviour of account policy if only
stateattr is configured or no alternate attr is configured
- Ticket 47396 - crash on modrdn of tombstone
- Ticket 47400 - MMR stress test with dna enabled causes a deadlock
- Ticket 47409 - allow setting db deadlock rejection policy
- Ticket 47419 - Unhashed userpassword can accidentally get removed from
mods
- Ticket 47420 - An upgrade script 80upgradednformat.pl fails to handle a
server instance name incuding '-'
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #999634 - CVE-2013-4283 389-ds-base: ns-slapd crash due to
bogus DN
        https://bugzilla.redhat.com/show_bug.cgi?id=999634
  [ 2 ] Bug #979508 - CVE-2013-2219 Directory Server: ACLs inoperative in
some search scenarios
        https://bugzilla.redhat.com/show_bug.cgi?id=979508
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update 389-ds-base' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms