Security update for 389-ds SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1906-1 Final 1 1 2024-06-03T15:25:18Z current 2024-06-03T15:25:18Z 2024-06-03T15:25:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for 389-ds This update for 389-ds fixes the following issues: - Update to version 2.2.8~git65.347aae6: - CVE-2024-1062: Resolved possible denial of service when audit logging is enabled. (bsc#1219836) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/389-ds:latest-2024-1906,SUSE-2024-1906,SUSE-SLE-Module-Server-Applications-15-SP6-2024-1906,openSUSE-SLE-15.6-2024-1906 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241906-1/ Link for SUSE-SU-2024:1906-1 https://lists.suse.com/pipermail/sle-updates/2024-June/035467.html E-Mail link for SUSE-SU-2024:1906-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1219836 SUSE Bug 1219836 https://www.suse.com/security/cve/CVE-2024-1062/ SUSE CVE CVE-2024-1062 page Container suse/389-ds:latest SUSE Linux Enterprise Module for Server Applications 15 SP6 openSUSE Leap 15.6 389-ds-2.2.8~git65.347aae6-150600.8.3.1 lib389-2.2.8~git65.347aae6-150600.8.3.1 libsvrcore0-2.2.8~git65.347aae6-150600.8.3.1 389-ds-devel-2.2.8~git65.347aae6-150600.8.3.1 389-ds-snmp-2.2.8~git65.347aae6-150600.8.3.1 389-ds-2.2.8~git65.347aae6-150600.8.3.1 as a component of Container suse/389-ds:latest lib389-2.2.8~git65.347aae6-150600.8.3.1 as a component of Container suse/389-ds:latest libsvrcore0-2.2.8~git65.347aae6-150600.8.3.1 as a component of Container suse/389-ds:latest 389-ds-2.2.8~git65.347aae6-150600.8.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 389-ds-devel-2.2.8~git65.347aae6-150600.8.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 lib389-2.2.8~git65.347aae6-150600.8.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 libsvrcore0-2.2.8~git65.347aae6-150600.8.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 389-ds-2.2.8~git65.347aae6-150600.8.3.1 as a component of openSUSE Leap 15.6 389-ds-devel-2.2.8~git65.347aae6-150600.8.3.1 as a component of openSUSE Leap 15.6 389-ds-snmp-2.2.8~git65.347aae6-150600.8.3.1 as a component of openSUSE Leap 15.6 lib389-2.2.8~git65.347aae6-150600.8.3.1 as a component of openSUSE Leap 15.6 libsvrcore0-2.2.8~git65.347aae6-150600.8.3.1 as a component of openSUSE Leap 15.6 A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. CVE-2024-1062 Container suse/389-ds:latest:389-ds-2.2.8~git65.347aae6-150600.8.3.1 Container suse/389-ds:latest:lib389-2.2.8~git65.347aae6-150600.8.3.1 Container suse/389-ds:latest:libsvrcore0-2.2.8~git65.347aae6-150600.8.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP6:389-ds-2.2.8~git65.347aae6-150600.8.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP6:389-ds-devel-2.2.8~git65.347aae6-150600.8.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP6:lib389-2.2.8~git65.347aae6-150600.8.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP6:libsvrcore0-2.2.8~git65.347aae6-150600.8.3.1 openSUSE Leap 15.6:389-ds-2.2.8~git65.347aae6-150600.8.3.1 openSUSE Leap 15.6:389-ds-devel-2.2.8~git65.347aae6-150600.8.3.1 openSUSE Leap 15.6:389-ds-snmp-2.2.8~git65.347aae6-150600.8.3.1 openSUSE Leap 15.6:lib389-2.2.8~git65.347aae6-150600.8.3.1 openSUSE Leap 15.6:libsvrcore0-2.2.8~git65.347aae6-150600.8.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241906-1/ https://www.suse.com/security/cve/CVE-2024-1062.html CVE-2024-1062 https://bugzilla.suse.com/1219836 SUSE Bug 1219836