Fedora 25: openldap Security Update 2017-ceb1b8659e
Summary
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools. LDAP is a set of
protocols for accessing directory services (usually phone book style
information, but other information is possible) over the Internet,
similar to the way DNS (Domain Name System) information is propagated
over the Internet. The openldap package contains configuration files,
libraries, and documentation for OpenLDAP.
Update Information:
This update should make OpenLDAP up to date with latest NSS, notably: - fix olcTLSProtocolMin handling - fix TLS_CIPHER_SUITE parsing - update a list of ciphers to fit latest NSS development - make use of NSS global settings for `DEFAULTS' TLS_CIPHER_SUITE keyword Additionaly, slapd should start correctly after network is online, now.
Change Log
References
[ 1 ] Bug #1375432 - Setting olcTLSProtocolMin does not change supported protocols https://bugzilla.redhat.com/show_bug.cgi?id=1375432 [ 2 ] Bug #1243517 - CVE-2015-3276 openldap: incorrect multi-keyword mode cipherstring parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1243517 [ 3 ] Bug #1387868 - openldap server doesn't support any strong cipher suites https://bugzilla.redhat.com/show_bug.cgi?id=1387868 [ 4 ] Bug #1336487 - slapd should start after network-online.service https://bugzilla.redhat.com/show_bug.cgi?id=1336487
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade openldap' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html