Amazon Linux 2 Security Advisory: ALAS-2020-1381
Advisory Release Date: 2020-01-14 19:55 Pacific
Advisory Updated Date: 2020-01-17 16:13 Pacific
Severity:
Important
Issue Overview:
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. (CVE-2019-14824)
Affected Packages:
389-ds-base
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update 389-ds-base to update your system.
New Packages:
aarch64:
389-ds-base-1.3.9.1-12.amzn2.0.1.aarch64
389-ds-base-libs-1.3.9.1-12.amzn2.0.1.aarch64
389-ds-base-devel-1.3.9.1-12.amzn2.0.1.aarch64
389-ds-base-snmp-1.3.9.1-12.amzn2.0.1.aarch64
389-ds-base-debuginfo-1.3.9.1-12.amzn2.0.1.aarch64
i686:
389-ds-base-1.3.9.1-12.amzn2.0.1.i686
389-ds-base-libs-1.3.9.1-12.amzn2.0.1.i686
389-ds-base-devel-1.3.9.1-12.amzn2.0.1.i686
389-ds-base-snmp-1.3.9.1-12.amzn2.0.1.i686
389-ds-base-debuginfo-1.3.9.1-12.amzn2.0.1.i686
src:
389-ds-base-1.3.9.1-12.amzn2.0.1.src
x86_64:
389-ds-base-1.3.9.1-12.amzn2.0.1.x86_64
389-ds-base-libs-1.3.9.1-12.amzn2.0.1.x86_64
389-ds-base-devel-1.3.9.1-12.amzn2.0.1.x86_64
389-ds-base-snmp-1.3.9.1-12.amzn2.0.1.x86_64
389-ds-base-debuginfo-1.3.9.1-12.amzn2.0.1.x86_64