安全公告详情

NS-SA-2019-0261

2019-12-31 11:29:40

简介

important: 389-ds-base/firefox security update

严重级别

important

主题

An update for 389-ds-base/firefox is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

389-ds-base: 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
firefox: This package provides debug information for package firefox. Debug information is useful when developing applications that use this package or when debugging this package.


Security Fix(es):
389-ds-base: A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.(CVE-2019-14824)
389-ds-base: bugfix
firefox: No description is available for this CVE.(CVE-2019-17010)
firefox: No description is available for this CVE.(CVE-2019-17011)
firefox: No description is available for this CVE.(CVE-2019-17012)
firefox: No description is available for this CVE.(CVE-2019-17008)
firefox: No description is available for this CVE.(CVE-2019-17005)
firefox: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F21.

影响组件

  • 389-ds-base
  • firefox

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["389-ds-base-1.3.9.1-12.el7_7.x86_64.rpm","389-ds-base-debuginfo-1.3.9.1-12.el7_7.x86_64.rpm","389-ds-base-devel-1.3.9.1-12.el7_7.x86_64.rpm","389-ds-base-libs-1.3.9.1-12.el7_7.x86_64.rpm","389-ds-base-snmp-1.3.9.1-12.el7_7.x86_64.rpm","389-ds-base-tests-1.3.9.1-12.el7_7.noarch.rpm"],"source":"389-ds-base-1.3.9.1-12.el7_7.src.rpm"},{"binary":["firefox-debuginfo-68.3.0-1.el7.centos.x86_64.rpm","firefox-68.3.0-1.el7.centos.x86_64.rpm"],"source":"firefox-68.3.0-1.el7.centos.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["389-ds-base-1.3.9.1-12.el7_7.x86_64.rpm","389-ds-base-debuginfo-1.3.9.1-12.el7_7.x86_64.rpm","389-ds-base-devel-1.3.9.1-12.el7_7.x86_64.rpm","389-ds-base-libs-1.3.9.1-12.el7_7.x86_64.rpm","389-ds-base-snmp-1.3.9.1-12.el7_7.x86_64.rpm","389-ds-base-tests-1.3.9.1-12.el7_7.noarch.rpm"],"source":"389-ds-base-1.3.9.1-12.el7_7.src.rpm"},{"binary":["firefox-68.3.0-1.el7.centos.x86_64.rpm","firefox-debuginfo-68.3.0-1.el7.centos.x86_64.rpm"],"source":"firefox-68.3.0-1.el7.centos.src.rpm"}]}]}

CVE

参考