RHSA-2021:1243: Red Hat Security Advisory: redhat-ds:11 security and bug fix update

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.2 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration. Security Fix(es):

• 389-ds-base: information disclosure during the binding of a DN (CVE-2020-35518) (BZ#1905565) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es):
• The UI become unresponsive when an error occured (BZ#1751082)
• The python-lib389 class Accounts displayed an error during delete operations (BZ#1859215)
• The server version number has been added to the UI (BZ#1859288)
• Searches by an unauthorized client can no longer determine if an entry exists or not by the result code (BZ#1925537)
• Changes made on the Server Tuning page in the web console are now correctly reflected (BZ#1927051)
• Adding new schema using dsconf no longer displayes a “values has to be a tuple” error (BZ#1937036) Users of Red Hat Directory Server 11 are advised to install these updated packages. Related CVEs:
• CVE-2020-35518: 389-ds-base: information disclosure during the binding of a DN