A 389-ds:1.4 security update has been released for Oracle Linux 8.

El-errata: ELSA-2022-5823 Moderate: Oracle Linux 8 389-ds:1.4 security update

Oracle Linux Security Advisory ELSA-2022-5823

  http://linux.oracle.com/errata/ELSA-2022-5823.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
389-ds-base-1.4.3.28-7.module+el8.6.0+20716+53f13155.x86_64.rpm
389-ds-base-devel-1.4.3.28-7.module+el8.6.0+20716+53f13155.x86_64.rpm
389-ds-base-legacy-tools-1.4.3.28-7.module+el8.6.0+20716+53f13155.x86_64.rpm
389-ds-base-libs-1.4.3.28-7.module+el8.6.0+20716+53f13155.x86_64.rpm
389-ds-base-snmp-1.4.3.28-7.module+el8.6.0+20716+53f13155.x86_64.rpm
python3-lib389-1.4.3.28-7.module+el8.6.0+20716+53f13155.noarch.rpm

aarch64:
389-ds-base-1.4.3.28-7.module+el8.6.0+20716+53f13155.aarch64.rpm
389-ds-base-devel-1.4.3.28-7.module+el8.6.0+20716+53f13155.aarch64.rpm
389-ds-base-legacy-tools-1.4.3.28-7.module+el8.6.0+20716+53f13155.aarch64.rpm
389-ds-base-libs-1.4.3.28-7.module+el8.6.0+20716+53f13155.aarch64.rpm
389-ds-base-snmp-1.4.3.28-7.module+el8.6.0+20716+53f13155.aarch64.rpm
python3-lib389-1.4.3.28-7.module+el8.6.0+20716+53f13155.noarch.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/389-ds-base-1.4.3.28-7.module+el8.6.0+20716+53f13155.src.rpm

Related CVEs:

CVE-2022-0918
CVE-2022-0996



Description of changes:

[1.4.3.28-7]
- Bump version to 1.4.3.28-7
- Resolves: Bug 2081008 - CVE-2022-0996 389-ds:1.4/389-ds-base: expired password was still allowed to access the database
- Resolves: Bug 2081014 - CVE-2022-0918 389-ds:1.4/389-ds-base: sending crafted message could result in DoS

_______________________________________________