(RHSA-2024:1372) Moderate: redhat-ds:11 security, bug fix, and enhancement update

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.

Security Fix(es):

• 389-ds-base: A heap overflow flaw that leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. (CVE-2024-1062)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es) and Enhancement(s):

• Adequate etime and no error “Retry count exceeded” on bind, add, delete, and modify operations from revert_cache (BZ#2268136)

• RHDS LDAP server segmentation works as expected (BZ#2268138)

• Slow search when using filter with a virtual attribute (eg: nsRole ). (BZ#2265536)

• RHDS healthcheck incorrectly complains about missing backend definitions. (BZ#2265537)

• Paged search impacts performance (BZ#2265544)

• dtablesize being set to soft maxfiledescriptor limit causing massive slowdown in large environments (BZ#2265538)

• dsconf should prevent setting the replicaID for hub and consumer roles. (BZ#2265543)

• bdb_start - Detected Disorderly Shutdown directory server is not starting (BZ#2265540)

• After an upgrade the LDAP server wont start if nsslapd-conntablesize is present in the dse.ldif file (BZ#2265539)

• [RFE] Required to support both at a same time account inactivity and expiration. (BZ#2265541)