{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for 389-ds","title":"Title of the patch"},{"category":"description","text":"This update for 389-ds fixes the following issues:\n\n- CVE-2021-3514: Fixed a sync_repl NULL pointer dereference in sync_create_state_control() (bsc#1185356)\n\n389-ds was updated to version 1.4.3.23~git0.f53d0132b:\n\nBump version to 1.4.3.23:\n\n* Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727)\n* Issue 4759 - Fix coverity issue (#4760)\n* Issue 4656 - Fix cherry pick error around replication enabling\n* Issue 4701 - RFE - Exclude attributes from retro changelog (#4723) (#4746)\n* Issue 4742 - UI - should always use LDAPI path when calling CLI\n* Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732)\n* Issue 4711 - SIGSEV with sync_repl (#4738)\n* Issue 4649 - fix testcase importing ContentSyncPlugin\n* Issue 2736 - Warnings from automatic shebang munging macro\n* Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736\n* Issue 4706 - negative wtime in access log for CMP operations\n\nBump version to 1.4.3.22:\n\n* Issue 4671 - UI - Fix browser crashes\n* lib389 - Add ContentSyncPlugin class\n* Issue 4656 - lib389 - fix cherry pick error\n* Issue 4229 - Fix Rust linking\n* Issue 4658 - monitor - connection start date is incorrect\n* Issue 2621 - lib389 - backport ds_supports_new_changelog()\n* Issue 4656 - Make replication CLI backwards compatible with role name change\n* Issue 4656 - Remove problematic language from UI/CLI/lib389\n* Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down\n* Issue 4663 - CLI - unable to add objectclass/attribute without x-origin\n\nBump version to 1.4.3.21:\n\n* Issue 4169 - UI - updates on the tuning page are not reflected in the UI\n* Issue 4588 - BUG - unable to compile without xcrypt (#4589)\n* Issue 4513 - Fix replication CI test failures (#4557)\n* Issue 4646 - CLI/UI - revise DNA plugin management\n* Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)\n* Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)\n* Issue 4615 - log message when psearch first exceeds max threads per conn\n\nBump version to 1.4.3.20:\n\n* Issue 4324 - Some architectures the cache line size file does not exist\n* Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.","title":"Description of the patch"},{"category":"details","text":"openSUSE-2021-868","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0868-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2021:0868-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DGKRCMKIKM4Z423PIZY3DK2A4ZMBRUNT/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2021:0868-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DGKRCMKIKM4Z423PIZY3DK2A4ZMBRUNT/"},{"category":"self","summary":"SUSE Bug 1185356","url":"https://bugzilla.suse.com/1185356"},{"category":"self","summary":"SUSE CVE CVE-2021-3514 page","url":"https://www.suse.com/security/cve/CVE-2021-3514/"}],"title":"Security update for 389-ds","tracking":{"current_release_date":"2021-06-11T14:06:53Z","generator":{"date":"2021-06-11T14:06:53Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2021:0868-1","initial_release_date":"2021-06-11T14:06:53Z","revision_history":[{"date":"2021-06-11T14:06:53Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"389-ds-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","product":{"name":"389-ds-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","product_id":"389-ds-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"}},{"category":"product_version","name":"389-ds-devel-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","product":{"name":"389-ds-devel-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","product_id":"389-ds-devel-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"}},{"category":"product_version","name":"389-ds-snmp-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","product":{"name":"389-ds-snmp-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","product_id":"389-ds-snmp-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"}},{"category":"product_version","name":"lib389-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","product":{"name":"lib389-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","product_id":"lib389-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"}},{"category":"product_version","name":"libsvrcore0-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","product":{"name":"libsvrcore0-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","product_id":"libsvrcore0-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.2","product":{"name":"openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.2"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"389-ds-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:389-ds-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"},"product_reference":"389-ds-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"389-ds-devel-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:389-ds-devel-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"},"product_reference":"389-ds-devel-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"389-ds-snmp-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:389-ds-snmp-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"},"product_reference":"389-ds-snmp-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"lib389-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:lib389-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"},"product_reference":"lib389-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libsvrcore0-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libsvrcore0-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"},"product_reference":"libsvrcore0-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"}]},"vulnerabilities":[{"cve":"CVE-2021-3514","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-3514"}],"notes":[{"category":"general","text":"When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:389-ds-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:389-ds-devel-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:389-ds-snmp-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:lib389-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:libsvrcore0-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-3514","url":"https://www.suse.com/security/cve/CVE-2021-3514"},{"category":"external","summary":"SUSE Bug 1185356 for CVE-2021-3514","url":"https://bugzilla.suse.com/1185356"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:389-ds-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:389-ds-devel-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:389-ds-snmp-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:lib389-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:libsvrcore0-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:389-ds-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:389-ds-devel-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:389-ds-snmp-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:lib389-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64","openSUSE Leap 15.2:libsvrcore0-1.4.3.23~git0.f53d0132b-lp152.2.15.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-06-11T14:06:53Z","details":"moderate"}],"title":"CVE-2021-3514"}]}