A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.
CVE: (none) => CVE-2019-10224
RedHat issued an advisory for this on November 5, 2019: https://access.redhat.com/errata/RHSA-2019:3401 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10224 https://bugzilla.redhat.com/show_bug.cgi?id=1677147
Summary: [Update Request] 389-ds-base CVE-2019-10224 => 389-ds-base new security issue CVE-2019-10224Whiteboard: (none) => MGA7TOOStatus comment: (none) => Patch available from upstream
commit: https://github.com/389ds/389-ds-base/commit/632ecb90d96ac0535656f5aaf67fd2be4b81d310 is already on our cauldron
CC: (none) => mageiaWhiteboard: MGA7TOO => (none)Version: Cauldron => 7
Thanks for speedy action on M8. In the light of no regular committer for this, assigning it globally for M7.
Assignee: bugsquad => pkg-bugs
Fixed in our previous update. *** This bug has been marked as a duplicate of bug 25824 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE