Jump to:

CVE-2015-3276

Jump to:

CVE-2015-3276

Package openldap updated to version 2.4.42-alt0.M70C.2 for branch c7 in task 161759.

Published: 2015-12-07
Modified: 2024-11-21

CVE-2015-3276

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

RHSA-2015:2131
RHSA-2015:2131
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
1034221
1034221
https://bugzilla.redhat.com/show_bug.cgi?id=1238322
https://bugzilla.redhat.com/show_bug.cgi?id=1238322

Version: 2.1.0

Package openldap update in c7 on 2016-03-22

ALT-PU-2016-1273-1

Closed vulnerabilities

CVE-2015-3276