Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

openSUSE 13.2: 2016:0226-1 Important: LDAP DoS & Encryption Issues

opensuse
Calendar Grey January 25, 2016
Dist Opensuse Esm H88
The latest patch addresses critical vulnerabilities found in openldap2 for openSUSE 13.2, significantly reinforcing security measures and boosting overall system functionality.
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes ...

Description

This update fixes the following security issues:

- CVE-2015-6908: The ber_get_next function allowed remote attackers to

cause a denial

of service (reachable assertion and application crash) via crafted BER

data, as demonstrated by an attack against slapd. (bsc#945582)

- CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766)

It also fixes the following non-security bugs:

- bsc#955210: Unresponsive LDAP host lookups in IPv6 environment

- bsc#904028: Add missing dependency binutils used by %pre.

Topics%20covered

Topics Covered

security advisory update encryption DoS patch LDAP openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-92=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

compat-libldap-2_3-0-2.3.37-8.9.1

compat-libldap-2_3-0-debuginfo-2.3.37-8.9.1

libldap-2_4-2-2.4.39-8.9.1

libldap-2_4-2-debuginfo-2.4.39-8.9.1

openldap2-2.4.39-8.9.1

openldap2-back-meta-2.4.39-8.9.1

openldap2-back-meta-debuginfo-2.4.39-8.9.1

openldap2-back-perl-2.4.39-8.9.1

openldap2-back-perl-debuginfo-2.4.39-8.9.1

openldap2-back-sql-2.4.39-8.9.1

openldap2-back-sql-debuginfo-2.4.39-8.9.1

openldap2-client-2.4.39-8.9.1

openldap2-client-debuginfo-2.4.39-8.9.1

openldap2-client-debugsource-2.4.39-8.9.1

openldap2-debuginfo-2.4.39-8.9.1

openldap2-debugsource-2.4.39-8.9.1

openldap2-devel-2.4.39-8.9.1

openldap2-devel-static-2.4.39-8.9.1

- openSUSE 13.2 (x86_64):

libldap-2_4-2-32bit-2.4.39-8.9.1

libldap-2_4-2-debuginfo-32bit-2.4.39-8.9.1

openldap2-devel-32bit-2.4.39-8.9.1

- openSUSE 13.2 (noarch):

openldap2-doc-2.4.39-8.9.1

References

https://www.suse.com/security/cve/CVE-2015-4000.html

https://www.suse.com/security/cve/CVE-2015-6908.html

https://bugzilla.suse.com/904028

https://bugzilla.suse.com/937766

https://bugzilla.suse.com/945582

https://bugzilla.suse.com/955210

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:0226-1
Rating: important
Affected Products: openSUSE 13.2

Topics%20covered

Topics Covered

security advisory update encryption DoS patch LDAP openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here