Bug 28147

Summary: 389-ds-base new security issue CVE-2019-10224
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-10224
Whiteboard:
Source RPM: 389-ds-base-1.4.0.26-8.mga8.src.rpm CVE: CVE-2019-10224
Status comment: Patch available from upstream

Description Zombie Ryushu 2021-01-17 13:51:15 CET 
A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.
Zombie Ryushu 2021-01-17 13:51:59 CET

CVE: (none) => CVE-2019-10224

Comment 1 David Walser 2021-01-17 17:51:15 CET 
RedHat issued an advisory for this on November 5, 2019:
https://access.redhat.com/errata/RHSA-2019:3401

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10224
https://bugzilla.redhat.com/show_bug.cgi?id=1677147

Summary: [Update Request] 389-ds-base CVE-2019-10224 => 389-ds-base new security issue CVE-2019-10224
Whiteboard: (none) => MGA7TOO
Status comment: (none) => Patch available from upstream

Comment 2 Nicolas Lécureuil 2021-01-17 19:46:19 CET 
commit: https://github.com/389ds/389-ds-base/commit/632ecb90d96ac0535656f5aaf67fd2be4b81d310

is already on our cauldron

CC: (none) => mageia
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

Comment 3 Lewis Smith 2021-01-17 21:57:17 CET 
Thanks for speedy action on M8.
In the light of no regular committer for this, assigning it globally for M7.

Assignee: bugsquad => pkg-bugs

Comment 4 David Walser 2021-01-18 00:51:25 CET 
Fixed in our previous update.

*** This bug has been marked as a duplicate of bug 25824 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE