摘要:
three-eight-nine-ds-base security update
安全等级: Medium
公告ID: KylinSec-SA-2025-1609
发布日期: 2025年3月18日
关联CVE: CVE-2025-24898
389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration.
Security Fix(es):
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback.(CVE-2025-24898)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-24898 | V6 | three-eight-nine-ds-base | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| cockpit-389-ds | noarch | 3.1.1-5.ks6 |
| python3-lib389 | noarch | 3.1.1-5.ks6 |
| 389-ds-base | x86_64 | 3.1.1-5.ks6 |
| 389-ds-base-devel | x86_64 | 3.1.1-5.ks6 |
| 389-ds-base-help | x86_64 | 3.1.1-5.ks6 |
| 389-ds-base-snmp | x86_64 | 3.1.1-5.ks6 |
| 389-ds-base | aarch64 | 3.1.1-5.ks6 |
| 389-ds-base-devel | aarch64 | 3.1.1-5.ks6 |
| 389-ds-base-help | aarch64 | 3.1.1-5.ks6 |
| 389-ds-base-snmp | aarch64 | 3.1.1-5.ks6 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
