OVMSA-2015-0123

OVMSA-2015-0123 - openldap security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2015-09-29

Description


[2.4.40-6]
- CVE-2015-6908 openldap: ber_get_next denial of service vulnerability (#1263171)

[2.4.40-5]
- fix: nslcd segfaults due to incorrect mutex initialization (#1144294)

[2.4.40-4]
- fix: Updating openldap deletes database if slapd.conf is used (#1193519)

[2.4.40-3]
- fix: ppc64: slaptest segfault in openldap-2.4.40 (#1202696)

[2.4.40-2]
- fix: bring back accidentaly removed patch (#1147983)

[2.4.40-1]
- rebase to 2.4.40 (#1147983)

[2.4.39-11]
- fix: make /etc/openldap/check_password.conf readable by ldap (#1155390)

[2.4.39-10]
- revert previous patch (#1172296)
- fix: crash in ldap_domain2hostlist when processing SRV record (#1164369)
- support TLS 1.1 and later (#1160467)
- enhancement: add ppolicy-check-password (#1155390)

[2.4.39-9]
- fix: prevent freed memory reuse (#1172296)

[2.4.39-8]
- fix: provide a shim libldif.so (#1110382)

[2.4.39-7]
- fix: remove correct tmp file when generating server cert (#1102083)

[2.4.39-6]
- remove unapplied patches

[2.4.39-5]
- fix: TLS_REQCERT documentation in client manpage (#1027796)

[2.4.39-4]
- review %configure and remove nonexistent options

[2.4.39-3]
- add another missing patch forgotten during the rebase
- fix: enable dynamic linking - unresolved symbols in the smbk5pwd module

[2.4.39-2]
- add missing patches that were removed by mistake during the rebase

[2.4.39-1]
- rebase to 2.4.39 (#923680)
+ drop a lot of upstreamed patches, backport the rest
+ compile in mdb
+ remove automatic slapd.conf -> slapd-config conversion

[2.4.23-35]
- fix: segfault on certain queries with rwm overlay (#1003038)

[2.4.23-34]
- fix: deadlock during SSL_ForceHandshake (#996373)
+ revert nss-handshake-threadsafe.patch


Related CVEs


CVE-2015-6908

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle VM 3.3 (x86_64) openldap-2.4.40-6.el6_7.src.rpm3d0eae28a5c560c13d06e4809c31c9a324a56f59c9fb199f579270ad9136fc6eOVMBA-2018-0141ovm3_x86_64_3.3_patch
openldap-2.4.40-6.el6_7.x86_64.rpma45a90ac7faa259e53f6a4ca78134ec37e822a98936d35f1cc49290bdbd6902eOVMBA-2018-0141ovm3_x86_64_3.3_patch
openldap-clients-2.4.40-6.el6_7.x86_64.rpm9804feccba14a1db7d5e3950e22e2e0bea6d5abc6f676adfad2b7ecfaa44472dOVMBA-2018-0141ovm3_x86_64_3.3_patch
Oracle VM 3.4 (x86_64) openldap-2.4.40-6.el6_7.src.rpm3d0eae28a5c560c13d06e4809c31c9a324a56f59c9fb199f579270ad9136fc6eOVMBA-2018-0141ovm34_x86_64_latest
openldap-2.4.40-6.el6_7.x86_64.rpma45a90ac7faa259e53f6a4ca78134ec37e822a98936d35f1cc49290bdbd6902eOVMBA-2018-0141ovm34_x86_64_latest
openldap-clients-2.4.40-6.el6_7.x86_64.rpm9804feccba14a1db7d5e3950e22e2e0bea6d5abc6f676adfad2b7ecfaa44472dOVMBA-2018-0141ovm34_x86_64_latest



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete