Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-2131)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122741

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2015-2131)

Zusammenfassung: The remote host is missing an update for the 'openldap' package(s) announced via the ELSA-2015-2131 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'openldap' package(s) announced via the ELSA-2015-2131 advisory.

Vulnerability Insight:
[2.4.40-8]
- NSS does not support string ordering (#1231522)
- implement and correct order of parsing attributes (#1231522)
- add multi_mask and multi_strength to correctly handle sets of attributes (#1231522)
- add new cipher suites and correct AES-GCM attributes (#1245279)
- correct DEFAULT ciphers handling to exclude eNULL cipher suites (#1245279)

[2.4.40-7]
- Merge two MozNSS cipher suite definition patches into one. (#1245279)
- Use what NSS considers default for DEFAULT cipher string. (#1245279)
- Remove unnecessary defaults from ciphers' definitions (#1245279)

[2.4.40-6]
- fix: OpenLDAP shared library destructor triggers memory leaks in NSPR (#1249977)

[2.4.40-5]
- enhancement: support TLS 1.1 and later (#1231522,#1160467)
- fix: openldap ciphersuite parsing code handles masks incorrectly (#1231522)
- fix the patch in commit da1b5c (fix: OpenLDAP crash in NSS shutdown handling) (#1231228)

[2.4.40-4]
- fix: rpm -V complains (#1230263) -- make the previous fix do what was intended

[2.4.40-3]
- fix: rpm -V complains (#1230263)

[2.4.40-2]
- fix: missing frontend database indexing (#1226600)

[2.4.40-1]
- new upstream release (#1147982)
- fix: PIE and RELRO check (#1092562)
- fix: slaptest doesn't convert perlModuleConfig lines (#1184585)
- fix: OpenLDAP crash in NSS shutdown handling (#1158005)
- fix: slapd.service may fail to start if binding to NIC ip (#1198781)
- fix: deadlock during SSL_ForceHandshake when getting connection to replica (#1125152)
- improve check_password (#1174723, #1196243)
- provide an unversioned symlink to check_password.so.1.1 (#1174634)
- add findutils to requires (#1209229)

Affected Software/OS:
'openldap' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-3276
1034221
http://www.securitytracker.com/id/1034221
RHSA-2015:2131
http://rhn.redhat.com/errata/RHSA-2015-2131.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1238322

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122741
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2015-2131)
Zusammenfassung:	The remote host is missing an update for the 'openldap' package(s) announced via the ELSA-2015-2131 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'openldap' package(s) announced via the ELSA-2015-2131 advisory. Vulnerability Insight: [2.4.40-8] - NSS does not support string ordering (#1231522) - implement and correct order of parsing attributes (#1231522) - add multi_mask and multi_strength to correctly handle sets of attributes (#1231522) - add new cipher suites and correct AES-GCM attributes (#1245279) - correct DEFAULT ciphers handling to exclude eNULL cipher suites (#1245279) [2.4.40-7] - Merge two MozNSS cipher suite definition patches into one. (#1245279) - Use what NSS considers default for DEFAULT cipher string. (#1245279) - Remove unnecessary defaults from ciphers' definitions (#1245279) [2.4.40-6] - fix: OpenLDAP shared library destructor triggers memory leaks in NSPR (#1249977) [2.4.40-5] - enhancement: support TLS 1.1 and later (#1231522,#1160467) - fix: openldap ciphersuite parsing code handles masks incorrectly (#1231522) - fix the patch in commit da1b5c (fix: OpenLDAP crash in NSS shutdown handling) (#1231228) [2.4.40-4] - fix: rpm -V complains (#1230263) -- make the previous fix do what was intended [2.4.40-3] - fix: rpm -V complains (#1230263) [2.4.40-2] - fix: missing frontend database indexing (#1226600) [2.4.40-1] - new upstream release (#1147982) - fix: PIE and RELRO check (#1092562) - fix: slaptest doesn't convert perlModuleConfig lines (#1184585) - fix: OpenLDAP crash in NSS shutdown handling (#1158005) - fix: slapd.service may fail to start if binding to NIC ip (#1198781) - fix: deadlock during SSL_ForceHandshake when getting connection to replica (#1125152) - improve check_password (#1174723, #1196243) - provide an unversioned symlink to check_password.so.1.1 (#1174634) - add findutils to requires (#1209229) Affected Software/OS: 'openldap' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3276 1034221 http://www.securitytracker.com/id/1034221 RHSA-2015:2131 http://rhn.redhat.com/errata/RHSA-2015-2131.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1238322
Copyright	Copyright (C) 2015 Greenbone AG