ALT-PU-2015-2188-1
Package openldap2.4 updated to version 2.4.42-alt0.M60C.1 for branch c6 in task 153459.
Closed vulnerabilities
BDU:2015-09683
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2023-02-13
CVE-2012-2668
libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
- [oss-security] 20120605 Re: CVE request: openldap does not honor TLSCipherSuite configuration option
- 1027127
- 53823
- [oss-security] 20120606 Re: CVE request: openldap does not honor TLSCipherSuite configuration option
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309
- https://bugzilla.redhat.com/show_bug.cgi?id=825875
- [oss-security] 20120605 CVE request: openldap does not honor TLSCipherSuite configuration option
- http://www.openldap.org/its/index.cgi?findid=7285
- RHSA-2012:1151
- GLSA-201406-36
- openldap-nss-weak-security(76099)
- https://support.apple.com/kb/HT210788
- 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
- 20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commitdiff%3Bh=2c2bb2e
Modified: 2024-11-21
CVE-2015-6908
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
- APPLE-SA-2015-12-08-3
- SUSE-SU-2016:0224
- openSUSE-SU-2016:0226
- openSUSE-SU-2016:0255
- openSUSE-SU-2016:0261
- SUSE-SU-2016:0262
- RHSA-2015:1840
- DSA-3356
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
- 76714
- 1033534
- USN-2742-1
- https://support.apple.com/HT205637
- APPLE-SA-2015-12-08-3
- https://support.apple.com/HT205637
- USN-2742-1
- 1033534
- 76714
- http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
- DSA-3356
- RHSA-2015:1840
- SUSE-SU-2016:0262
- openSUSE-SU-2016:0261
- openSUSE-SU-2016:0255
- openSUSE-SU-2016:0226
- SUSE-SU-2016:0224
Closed bugs
лишние файлы в libldap
Надо обновить или пересобрать.