HCE2-SA-2024-0263 Important HCE 2.0 Security Fix(es): A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service (CVE-2024-3657) A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. (CVE-2024-2199) An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. (CVE-2022-1949) A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. (CVE-2024-5953) HCE 2.0 389-ds-base-1.4.3.36-5.r2.hce2.aarch64.rpm 389-ds-base-devel-1.4.3.36-5.r2.hce2.aarch64.rpm 389-ds-base-help-1.4.3.36-5.r2.hce2.aarch64.rpm 389-ds-base-legacy-tools-1.4.3.36-5.r2.hce2.aarch64.rpm 389-ds-base-snmp-1.4.3.36-5.r2.hce2.aarch64.rpm python3-lib389-1.4.3.36-5.r2.hce2.noarch.rpm 389-ds-base-1.4.3.36-5.r2.hce2.x86_64.rpm 389-ds-base-devel-1.4.3.36-5.r2.hce2.x86_64.rpm 389-ds-base-help-1.4.3.36-5.r2.hce2.x86_64.rpm 389-ds-base-legacy-tools-1.4.3.36-5.r2.hce2.x86_64.rpm 389-ds-base-snmp-1.4.3.36-5.r2.hce2.x86_64.rpm