ALAS-2025-2798

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. (CVE-2024-2199)

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service (CVE-2024-3657)

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. (CVE-2024-5953)

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input. (CVE-2024-8445)

aarch64:
    389-ds-base-1.3.10.2-17.amzn2.0.2.aarch64
    389-ds-base-libs-1.3.10.2-17.amzn2.0.2.aarch64
    389-ds-base-devel-1.3.10.2-17.amzn2.0.2.aarch64
    389-ds-base-snmp-1.3.10.2-17.amzn2.0.2.aarch64
    389-ds-base-debuginfo-1.3.10.2-17.amzn2.0.2.aarch64

i686:
    389-ds-base-1.3.10.2-17.amzn2.0.2.i686
    389-ds-base-libs-1.3.10.2-17.amzn2.0.2.i686
    389-ds-base-devel-1.3.10.2-17.amzn2.0.2.i686
    389-ds-base-snmp-1.3.10.2-17.amzn2.0.2.i686
    389-ds-base-debuginfo-1.3.10.2-17.amzn2.0.2.i686

src:
    389-ds-base-1.3.10.2-17.amzn2.0.2.src

x86_64:
    389-ds-base-1.3.10.2-17.amzn2.0.2.x86_64
    389-ds-base-libs-1.3.10.2-17.amzn2.0.2.x86_64
    389-ds-base-devel-1.3.10.2-17.amzn2.0.2.x86_64
    389-ds-base-snmp-1.3.10.2-17.amzn2.0.2.x86_64
    389-ds-base-debuginfo-1.3.10.2-17.amzn2.0.2.x86_64