CVE-2024-5953

Se encontró una vulnerabilidad de denegación de servicio en el servidor LDAP 389-ds-base. Este problema puede permitir que un usuario autenticado provoque una denegación de servicio del servidor al intentar iniciar sesión con un usuario con un hash mal formado en su contraseña.

This update for 389-ds fixes the following issues. Persist extracted key path for ldap_ssl_client_init over repeat invocations Re-enable use of .dsrc basedn for dsidm commands RFE: Use previously extracted key path Update dsidm to prioritize basedn from .dsrc over interactive input UI: Instance fails to load when DB backup directory doesn't exist Improve online import robustness when the server is under load Ensure all slapi_log_err calls end format strings with newline character
RFE: when memberof is enabled, defer updates of members from the update of the group Provide more information in the error message during setup_ol_tls_conn Wrong set of entries returned for some search filters Schema lib389 object is not keeping custom schema data upon editing UI: Fix audit issue with npm - micromatch. Fixed long delay when setting replication agreement with dsconf.