Synopsis: Low: 389-ds-base security and bug fix update Advisory ID: SLSA-2021:3807-1 Issue Date: 2021-10-12 CVE Numbers: CVE-2021-3652 -- Security Fix(es): * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * A plugin can create an index. Even if the index can be used immediately (for searches) the index remains offline until further reindex * In some rare case, a replication connection may be treated as a regular connection and ACIs evaluated even if they should not. * A regular connection can be erroneously flagged replication connection --- SL7 x86_64 389-ds-base-1.3.10.2-13.el7_9.x86_64.rpm 389-ds-base-debuginfo-1.3.10.2-13.el7_9.x86_64.rpm 389-ds-base-devel-1.3.10.2-13.el7_9.x86_64.rpm 389-ds-base-libs-1.3.10.2-13.el7_9.x86_64.rpm 389-ds-base-snmp-1.3.10.2-13.el7_9.x86_64.rpm -- - Scientific Linux Development Team