操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

公告ID (KylinSec-SA-2025-1244)

摘要:

three-eight-nine-ds-base security update

安全等级: Medium

公告ID: KylinSec-SA-2025-1244

发布日期: 2025年2月21日

关联CVE: CVE-2024-8445

详细介绍

1. 漏洞描述

389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration.

Security Fix(es):

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.(CVE-2024-8445)

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2024-8445	KY3.4-5A	three-eight-nine-ds-base	Fixed

3. 影响组件

three-eight-nine-ds-base

4. 修复版本

KY3.4-5A

软件名称	架构	版本号
cockpit-389-ds	noarch	1.4.3.36-8.kb1.ky3_4
python3-lib389	noarch	1.4.3.36-8.kb1.ky3_4
389-ds-base	x86_64	1.4.3.36-8.kb1.ky3_4
389-ds-base-devel	x86_64	1.4.3.36-8.kb1.ky3_4
389-ds-base-help	x86_64	1.4.3.36-8.kb1.ky3_4
389-ds-base-legacy-tools	x86_64	1.4.3.36-8.kb1.ky3_4
389-ds-base-snmp	x86_64	1.4.3.36-8.kb1.ky3_4
389-ds-base	aarch64	1.4.3.36-8.kb1.ky3_4
389-ds-base-devel	aarch64	1.4.3.36-8.kb1.ky3_4
389-ds-base-help	aarch64	1.4.3.36-8.kb1.ky3_4
389-ds-base-legacy-tools	aarch64	1.4.3.36-8.kb1.ky3_4
389-ds-base-snmp	aarch64	1.4.3.36-8.kb1.ky3_4