Stay Connected:

ELSA-2015-2131

ELSA-2015-2131 - openldap security, bug fix, and enhancement update

Type:SECURITY
Impact:MODERATE
Release Date:2015-11-23

Description


[2.4.40-8]
- NSS does not support string ordering (#1231522)
- implement and correct order of parsing attributes (#1231522)
- add multi_mask and multi_strength to correctly handle sets of attributes (#1231522)
- add new cipher suites and correct AES-GCM attributes (#1245279)
- correct DEFAULT ciphers handling to exclude eNULL cipher suites (#1245279)

[2.4.40-7]
- Merge two MozNSS cipher suite definition patches into one. (#1245279)
- Use what NSS considers default for DEFAULT cipher string. (#1245279)
- Remove unnecesary defaults from ciphers' definitions (#1245279)

[2.4.40-6]
- fix: OpenLDAP shared library destructor triggers memory leaks in NSPR (#1249977)

[2.4.40-5]
- enhancement: support TLS 1.1 and later (#1231522,#1160467)
- fix: openldap ciphersuite parsing code handles masks incorrectly (#1231522)
- fix the patch in commit da1b5c (fix: OpenLDAP crash in NSS shutdown handling) (#1231228)

[2.4.40-4]
- fix: rpm -V complains (#1230263) -- make the previous fix do what was intended

[2.4.40-3]
- fix: rpm -V complains (#1230263)

[2.4.40-2]
- fix: missing frontend database indexing (#1226600)

[2.4.40-1]
- new upstream release (#1147982)
- fix: PIE and RELRO check (#1092562)
- fix: slaptest doesn't convert perlModuleConfig lines (#1184585)
- fix: OpenLDAP crash in NSS shutdown handling (#1158005)
- fix: slapd.service may fail to start if binding to NIC ip (#1198781)
- fix: deadlock during SSL_ForceHandshake when getting connection to replica (#1125152)
- improve check_password (#1174723, #1196243)
- provide an unversioned symlink to check_password.so.1.1 (#1174634)
- add findutils to requires (#1209229)


Related CVEs


CVE-2015-3276

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 7 (x86_64) openldap-2.4.40-8.el7.src.rpmb62c7e88eb6f07c78e8ab69d3618dee142fedb9356b98b6a7dd8f23de3d86e30ELSA-2022-0621ol7_x86_64_latest_archive
openldap-2.4.40-8.el7.src.rpmb62c7e88eb6f07c78e8ab69d3618dee142fedb9356b98b6a7dd8f23de3d86e30ELSA-2022-0621ol7_x86_64_optional_archive
openldap-2.4.40-8.el7.src.rpmb62c7e88eb6f07c78e8ab69d3618dee142fedb9356b98b6a7dd8f23de3d86e30ELSA-2022-0621ol7_x86_64_u2_base
openldap-2.4.40-8.el7.i686.rpm4b8d8c9f1f33ee194d32b01a8860a56b09fbb4e4b9fc922d06d25a867551edcaELSA-2022-0621ol7_x86_64_latest_archive
openldap-2.4.40-8.el7.i686.rpm4b8d8c9f1f33ee194d32b01a8860a56b09fbb4e4b9fc922d06d25a867551edcaELSA-2022-0621ol7_x86_64_u2_base
openldap-2.4.40-8.el7.x86_64.rpm0629237e11d0b5ead7c1e5acd7816e3a4e76014645ca968cef718c59abb68451ELSA-2022-0621ol7_x86_64_latest_archive
openldap-2.4.40-8.el7.x86_64.rpm0629237e11d0b5ead7c1e5acd7816e3a4e76014645ca968cef718c59abb68451ELSA-2022-0621ol7_x86_64_u2_base
openldap-clients-2.4.40-8.el7.x86_64.rpm01abd11117011507d0e151b8fb794fe9f92448282e001a258680059d4824751eELSA-2022-0621ol7_x86_64_latest_archive
openldap-clients-2.4.40-8.el7.x86_64.rpm01abd11117011507d0e151b8fb794fe9f92448282e001a258680059d4824751eELSA-2022-0621ol7_x86_64_u2_base
openldap-devel-2.4.40-8.el7.i686.rpm4ddd05a8a98eb0aef123fb5ab14d7135422bac8bb05dc872c9ea29ee10c5c873ELSA-2022-0621ol7_x86_64_latest_archive
openldap-devel-2.4.40-8.el7.i686.rpm4ddd05a8a98eb0aef123fb5ab14d7135422bac8bb05dc872c9ea29ee10c5c873ELSA-2022-0621ol7_x86_64_u2_base
openldap-devel-2.4.40-8.el7.x86_64.rpm2100425d10fbf1149af14b85be6cd65ac283e954c2764ea44b3f5ad8b5d67723ELSA-2022-0621ol7_x86_64_latest_archive
openldap-devel-2.4.40-8.el7.x86_64.rpm2100425d10fbf1149af14b85be6cd65ac283e954c2764ea44b3f5ad8b5d67723ELSA-2022-0621ol7_x86_64_u2_base
openldap-servers-2.4.40-8.el7.x86_64.rpm6e6082989350ada467d56308232b97324bcad5e993d4e5b8cffba5dffe248a2cELSA-2022-0621ol7_x86_64_latest_archive
openldap-servers-2.4.40-8.el7.x86_64.rpm6e6082989350ada467d56308232b97324bcad5e993d4e5b8cffba5dffe248a2cELSA-2022-0621ol7_x86_64_u2_base
openldap-servers-sql-2.4.40-8.el7.x86_64.rpmd68f4b8065197e04416dcf6b49bc6ecbf8829b7ebdc5b31fe59c76a15d85030dELSA-2022-0621ol7_x86_64_optional_archive



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights