{"affected":[{"ecosystem_specific":{"binaries":[{"389-ds":"2.2.10~git18.20ce9289-150600.8.10.1","389-ds-devel":"2.2.10~git18.20ce9289-150600.8.10.1","lib389":"2.2.10~git18.20ce9289-150600.8.10.1","libsvrcore0":"2.2.10~git18.20ce9289-150600.8.10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP6","name":"389-ds","purl":"pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.10~git18.20ce9289-150600.8.10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"389-ds":"2.2.10~git18.20ce9289-150600.8.10.1","389-ds-devel":"2.2.10~git18.20ce9289-150600.8.10.1","389-ds-snmp":"2.2.10~git18.20ce9289-150600.8.10.1","lib389":"2.2.10~git18.20ce9289-150600.8.10.1","libsvrcore0":"2.2.10~git18.20ce9289-150600.8.10.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"389-ds","purl":"pkg:rpm/opensuse/389-ds&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.10~git18.20ce9289-150600.8.10.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for 389-ds fixes the following issues:\n\n- Persist extracted key path for ldap_ssl_client_init over repeat invocations (bsc#1230852)\n- Re-enable use of .dsrc basedn for dsidm commands (bsc#1231462)\n- Update to version 2.2.10~git18.20ce9289:\n  * RFE: Use previously extracted key path\n  * Update dsidm to prioritize basedn from .dsrc over interactive input\n  * UI: Instance fails to load when DB backup directory doesn't exist\n  * Improve online import robustness when the server is under load\n  * Ensure all slapi_log_err calls end format strings with newline character \\n\n  * RFE: when memberof is enabled, defer updates of members from the update of the group\n  * Provide more information in the error message during setup_ol_tls_conn()\n  * Wrong set of entries returned for some search filters\n  * Schema lib389 object is not keeping custom schema data upon editing\n  * UI: Fix audit issue with npm - micromatch\n  * Fix long delay when setting replication agreement with dsconf\n  * Changelog trims updates from a given RID even if a consumer has not received any of them\n  * test_password_modify_non_utf8 should set default password storage scheme\n  * Update Cargo.lock\n  * Rearrange includes for 32-bit support logic\n  * Fix fedora cop RawHide builds\n  * Bump braces from 3.0.2 to 3.0.3 in /src/cockpit/389-console\n  * Enabling replication for a sub suffix crashes browser\n  * d2entry - Could not open id2entry err 0 - at startup when having sub-suffixes\n  * Slow ldif2db import on a newly created BDB backend\n  * Audit log buffering doesn't handle large updates\n  * RFE: improve the performance of evaluation of filter component when tested against a large valueset (like group members)\n  * passwordHistory is not updated with a pre-hashed password\n  * ns-slapd crash in referint_get_config\n  * Fix the UTC offset print\n  * Fix OpenLDAP version autodetection\n  * RFE: add new operation note for MFA authentications\n  * Add log buffering to audit log\n  * Fix connection timeout error breaking errormap\n  * Improve dsidm CLI No Such Entry handling\n  * Improve connection timeout error logging\n  * Add hidden -v and -j options to each CLI subcommand\n  * Fix various issues with logconv.pl\n  * Fix certificate lifetime displayed as NaN\n  * Enhance Rust and JS bundling and add SPDX licenses for both\n  * Remove audit-ci from dependencies\n  * Fix unused variable warning from previous commit\n  * covscan: fix memory leak in audit log when adding entries\n  * Add a check for tagged commits\n  * dscreate ds-root - accepts relative path\n  * Change replica_id from str to int\n  * Attribute Names changed to lowercase after adding the Attributes\n  * ns-slapd crashes at startup if a backend has no suffix\n  * During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it\n  * Reversion of the entry cache should be limited to BETXN plugin failures\n  * Disable Transparent Huge Pages\n  * Freelist ordering causes high wtime\n  * Security fix for CVE-2024-2199\n- VUL-0: CVE-2024-3657: 389-ds: potential denial of service via specially crafted kerberos AS-REQ request (bsc#1225512)\n- VUL-0: CVE-2024-5953: 389-ds: malformed userPassword hashes may cause a denial of service (bsc#1226277)\n- 389ds crash when user does change password using iso-8859-1 encoding (bsc#1228912)\n","id":"SUSE-SU-2024:3844-1","modified":"2024-10-31T08:50:21Z","published":"2024-10-31T08:50:21Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20243844-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1225512"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226277"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228912"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230852"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231462"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-2199"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-3657"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5953"}],"related":["CVE-2024-2199","CVE-2024-3657","CVE-2024-5953"],"summary":"Security update for 389-ds","upstream":["CVE-2024-2199","CVE-2024-3657","CVE-2024-5953"]}