Information on source package 389-ds-base

Available versions

ReleaseVersion
jessie1.3.3.5-4+deb8u7
stretch1.3.5.17-2
buster1.4.0.21-1+deb10u1
bullseye1.4.4.11-2
bookworm2.3.1+dfsg1-1
sid3.1.1+dfsg1-2

Open issues

BugjessiestretchbusterbullseyebookwormsidDescription
CVE-2024-8445vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableThe fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all ...
CVE-2024-6237vulnerablevulnerablevulnerablevulnerable (no DSA, postponed)vulnerable (no DSA)fixedA flaw was found in the 389 Directory Server. This flaw allows an unau ...
CVE-2024-5953vulnerablevulnerablevulnerablevulnerablevulnerablefixedA denial of service vulnerability was found in the 389-ds-base LDAP se ...
CVE-2024-3657vulnerablevulnerablevulnerablevulnerablevulnerablefixedA flaw was found in 389-ds-base. A specially-crafted LDAP query can po ...
CVE-2024-2199vulnerablevulnerablevulnerablevulnerablevulnerable (no DSA)fixedA denial of service vulnerability was found in 389-ds-base ldap server ...
CVE-2024-1062vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedA heap overflow flaw was found in 389-ds-base. This issue leads to a d ...
CVE-2023-1055vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedA flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP t ...
CVE-2022-2850vulnerablevulnerablefixedvulnerable (no DSA)fixedfixedA flaw was found In 389-ds-base. When the Content Synchronization plug ...
CVE-2022-1949vulnerablevulnerablevulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedAn access control bypass vulnerability found in 389-ds-base. That mish ...
CVE-2022-0996vulnerablevulnerablefixedvulnerable (no DSA)fixedfixedA vulnerability was found in the 389 Directory Server that allows expi ...
CVE-2022-0918vulnerablevulnerablefixedvulnerable (no DSA)fixedfixedA vulnerability was discovered in the 389 Directory Server that allows ...
CVE-2021-4091vulnerablefixedfixedvulnerable (no DSA)fixedfixedA double-free was found in the way 389-ds-base handles virtual attribu ...
CVE-2021-3652vulnerablevulnerable (no DSA)fixedvulnerable (no DSA)fixedfixedA flaw was found in 389-ds-base. If an asterisk is imported as passwor ...
CVE-2021-3514vulnerablevulnerable (no DSA)fixedfixedfixedfixedWhen using a sync_repl client in 389-ds-base, an authenticated attacke ...
CVE-2020-35518vulnerablefixedfixedfixedfixedfixedWhen binding against a DN during authentication, the reply from 389-ds ...
CVE-2019-14824fixedvulnerable (no DSA)fixedfixedfixedfixedA flaw was found in the 'deref' plugin of 389-ds-base where it could u ...
CVE-2019-3883fixedvulnerable (no DSA)fixedfixedfixedfixedIn 389-ds-base up to version 1.4.1.2, requests are handled by workers ...
CVE-2018-14648fixedvulnerable (no DSA)fixedfixedfixedfixedA flaw was found in 389 Directory Server. A specially crafted search q ...
CVE-2018-14638fixedvulnerable (no DSA)fixedfixedfixedfixedA flaw was found in 389-ds-base before version 1.3.8.4-13. The process ...
CVE-2018-14624fixedvulnerable (no DSA)fixedfixedfixedfixedA vulnerability was discovered in 389-ds-base through versions 1.3.7.1 ...
CVE-2018-10935fixedvulnerable (no DSA)fixedfixedfixedfixedA flaw was found in the 389 Directory Server that allows users to caus ...
CVE-2018-10871fixedvulnerable (no DSA)fixedfixedfixedfixed389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Clear ...
CVE-2018-10850fixedvulnerable (no DSA)fixedfixedfixedfixed389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race ...
CVE-2018-1089fixedvulnerable (no DSA)fixedfixedfixedfixed389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properl ...
CVE-2018-1054fixedvulnerable (no DSA)fixedfixedfixedfixedAn out-of-bounds memory read flaw was found in the way 389-ds-base han ...
CVE-2017-15134fixedvulnerable (no DSA)fixedfixedfixedfixedA stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x ...
CVE-2017-7551fixedvulnerable (no DSA)fixedfixedfixedfixed389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to pass ...
CVE-2016-5405vulnerable (no DSA)fixedfixedfixedfixedfixed389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, ...
CVE-2016-4992vulnerable (no DSA)fixedfixedfixedfixedfixed389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormsidDescription
CVE-2016-5416vulnerablevulnerablevulnerablevulnerablevulnerablevulnerable389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, ...

Resolved issues

BugDescription
CVE-2019-10224A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. ...
CVE-2019-10171It was found that the fix for CVE-2018-14648 in 389-ds-base, versions ...
CVE-2017-15135It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0. ...
CVE-2017-2668389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an ...
CVE-2017-2591389-ds-base before version 1.3.6 is vulnerable to an improperly NULL t ...
CVE-2016-0741slapd/connection.c in 389 Directory Server (formerly Fedora Directory ...
CVE-2015-3230389 Directory Server (formerly Fedora Directory Server) before 1.3.3.1 ...
CVE-2015-1854389 Directory Server before 1.3.3.10 allows attackers to bypass intend ...
CVE-2014-8112389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x bef ...
CVE-2014-8105389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does n ...
CVE-2014-3562Red Hat Directory Server 8 and 389 Directory Server, when debugging is ...
CVE-2014-0132The SASL authentication functionality in 389 Directory Server before 1 ...
CVE-2013-4485389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8. ...
CVE-2013-4283ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attacker ...
CVE-2013-2219The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server ...
CVE-2013-1897The do_search function in ldap/servers/slapd/search.c in 389 Directory ...
CVE-2013-0336The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ ...
CVE-2013-0312389 Directory Server before 1.3.0.4 allows remote attackers to cause a ...
CVE-2012-4450389 Directory Server 1.2.10 does not properly update the ACL when a DN ...
CVE-2012-2746389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server bef ...
CVE-2012-2678389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server bef ...
CVE-2012-0833The acllas__handle_group_entry function in servers/plugins/acl/acllas. ...

Security announcements

DSA / DLADescription
DLA-3399-1389-ds-base - security update
DLA-2004-1389-ds-base - security update
DLA-1779-1389-ds-base - security update
DLA-1554-2389-ds-base - regression update
DLA-1554-1389-ds-base - security update
DLA-1526-1389-ds-base - security update
DLA-1483-1389-ds-base - security update
DLA-1428-1389-ds-base - security update

Search for package or bug name: Reporting problems