Bug 1931182

Summary: CVE-2020-35518 389-ds-base: information disclosure during the binding of a DN [rhel-7]
Product: Red Hat Enterprise Linux 7 Reporter: sgouvern
Component: 389-ds-baseAssignee: thierry bordaz <tbordaz>
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.9CC: abokovoy, cbuissar, ds-qe-bugs, jreznik, ldap-maint, mreynolds, sgouvern, tbordaz, tkubota, tscherf
Target Milestone: rcKeywords: Security, SecurityTracking, TestCaseProvided, Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sync-to-jira
Fixed In Version: 389-ds-base-1.3.10.2-12.el7_9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1904991 Environment:
Last Closed: 2021-06-08 22:35:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1904991    
Bug Blocks: 1905565, 1923217, 1930272, 1959349    
Deadline: 2021-12-07   

Comment 3 thierry bordaz 2021-05-06 09:30:35 UTC 
*** Bug 1918135 has been marked as a duplicate of this bug. ***
Comment 6 thierry bordaz 2021-05-10 11:48:58 UTC 
Fix pushed upsteam https://github.com/389ds/389-ds-base/issues/4609#issuecomment-776751282 => POST
Comment 15 errata-xmlrpc 2021-06-08 22:35:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: 389-ds-base security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2323