The 389 Directory Server is an LDAPv3 compliant server. The base packagesinclude the Lightweight Directory Access Protocol (LDAP) server andcommand-line utilities for server administration.An information disclosure flaw was found in the way the 389 DirectoryServer stored information in the Changelog that is exposed via the'cn=changelog' LDAP sub-tree. An unauthenticated user could in certaincases use this flaw to read data from the Changelog, which could includesensitive information such as plain-text passwords. (CVE-2014-8105)This issue was discovered by Petr Špaček of the Red Hat Identity ManagementEngineering Team.This update also fixes the following bugs:In addition, this update adds the following enhancement:All 389-ds-base users are advised to upgrade to these updated packages,which contain backported patches to correct these issues and add thisenhancement. After installing this update, the 389 server service will berestarted automatically.