Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 771135 (CVE-2020-35518)

Summary: <net-nds/389-ds-base-1.4.4.13: information disclosure during the binding of a DN (CVE-2020-35518)
Product: Gentoo Security Reporter: Robert Förster <Dessa>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: chris, proxy-maint
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/19505
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Robert Förster 2021-02-17 18:52:09 UTC 
RHBZ 1905565 - CVE-2020-35518 389-ds-base: information disclosure during the binding of a DN

Target version also includes a non CVE'd information disclosure fix:

RHBZ 1909675 - RHDS11: “write” permission of ACI changes ns-slapd’s behavior on
 search operation
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-02-17 18:59:32 UTC 
Thank you for the report! Though please note we only set a version restriction in the summary once a fixed version is actually in tree.

Redhat advisory: https://access.redhat.com/errata/RHSA-2021:0599
Comment 2 Larry the Git Cow gentoo-dev 2021-02-22 15:03:35 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=621368e61de5f83f5dae1b57b4ff006a6693b986

commit 621368e61de5f83f5dae1b57b4ff006a6693b986
Author:     Robert Förster <Dessa@gmake.de>
AuthorDate: 2021-02-17 16:38:46 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-02-22 15:03:29 +0000

    net-nds/389-ds-base: remove vulnerable
    
    Bug: https://bugs.gentoo.org/771135
    
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Robert Förster <Dessa@gmake.de>
    Closes: https://github.com/gentoo/gentoo/pull/19505
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 net-nds/389-ds-base/389-ds-base-1.4.4.9.ebuild | 275 -------------------------
 net-nds/389-ds-base/Manifest                   |  37 ----
 2 files changed, 312 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f50467b8b65e752dd92ab170955e9cdc021b4f58

commit f50467b8b65e752dd92ab170955e9cdc021b4f58
Author:     Robert Förster <Dessa@gmake.de>
AuthorDate: 2021-02-17 16:37:43 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-02-22 15:03:29 +0000

    net-nds/389-ds-base: bump to 1.4.4.13 with fix for CVE-2020-35518
    
    Bug: https://bugs.gentoo.org/771135
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Robert Förster <Dessa@gmake.de>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 net-nds/389-ds-base/389-ds-base-1.4.4.13.ebuild    | 304 +++++++++++++++++++++
 net-nds/389-ds-base/Manifest                       |  65 +++++
 .../files/389-ds-base-1.4.4.13-libxcrypt.patch     |  66 +++++
 3 files changed, 435 insertions(+)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-02-23 00:58:33 UTC 
Thank you! All done.