Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-2131)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122741

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2015-2131)

Resumen: The remote host is missing an update for the 'openldap' package(s) announced via the ELSA-2015-2131 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openldap' package(s) announced via the ELSA-2015-2131 advisory.

Vulnerability Insight:
[2.4.40-8]
- NSS does not support string ordering (#1231522)
- implement and correct order of parsing attributes (#1231522)
- add multi_mask and multi_strength to correctly handle sets of attributes (#1231522)
- add new cipher suites and correct AES-GCM attributes (#1245279)
- correct DEFAULT ciphers handling to exclude eNULL cipher suites (#1245279)

[2.4.40-7]
- Merge two MozNSS cipher suite definition patches into one. (#1245279)
- Use what NSS considers default for DEFAULT cipher string. (#1245279)
- Remove unnecessary defaults from ciphers' definitions (#1245279)

[2.4.40-6]
- fix: OpenLDAP shared library destructor triggers memory leaks in NSPR (#1249977)

[2.4.40-5]
- enhancement: support TLS 1.1 and later (#1231522,#1160467)
- fix: openldap ciphersuite parsing code handles masks incorrectly (#1231522)
- fix the patch in commit da1b5c (fix: OpenLDAP crash in NSS shutdown handling) (#1231228)

[2.4.40-4]
- fix: rpm -V complains (#1230263) -- make the previous fix do what was intended

[2.4.40-3]
- fix: rpm -V complains (#1230263)

[2.4.40-2]
- fix: missing frontend database indexing (#1226600)

[2.4.40-1]
- new upstream release (#1147982)
- fix: PIE and RELRO check (#1092562)
- fix: slaptest doesn't convert perlModuleConfig lines (#1184585)
- fix: OpenLDAP crash in NSS shutdown handling (#1158005)
- fix: slapd.service may fail to start if binding to NIC ip (#1198781)
- fix: deadlock during SSL_ForceHandshake when getting connection to replica (#1125152)
- improve check_password (#1174723, #1196243)
- provide an unversioned symlink to check_password.so.1.1 (#1174634)
- add findutils to requires (#1209229)

Affected Software/OS:
'openldap' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3276
1034221
http://www.securitytracker.com/id/1034221
RHSA-2015:2131
http://rhn.redhat.com/errata/RHSA-2015-2131.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1238322

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122741
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-2131)
Resumen:	The remote host is missing an update for the 'openldap' package(s) announced via the ELSA-2015-2131 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openldap' package(s) announced via the ELSA-2015-2131 advisory. Vulnerability Insight: [2.4.40-8] - NSS does not support string ordering (#1231522) - implement and correct order of parsing attributes (#1231522) - add multi_mask and multi_strength to correctly handle sets of attributes (#1231522) - add new cipher suites and correct AES-GCM attributes (#1245279) - correct DEFAULT ciphers handling to exclude eNULL cipher suites (#1245279) [2.4.40-7] - Merge two MozNSS cipher suite definition patches into one. (#1245279) - Use what NSS considers default for DEFAULT cipher string. (#1245279) - Remove unnecessary defaults from ciphers' definitions (#1245279) [2.4.40-6] - fix: OpenLDAP shared library destructor triggers memory leaks in NSPR (#1249977) [2.4.40-5] - enhancement: support TLS 1.1 and later (#1231522,#1160467) - fix: openldap ciphersuite parsing code handles masks incorrectly (#1231522) - fix the patch in commit da1b5c (fix: OpenLDAP crash in NSS shutdown handling) (#1231228) [2.4.40-4] - fix: rpm -V complains (#1230263) -- make the previous fix do what was intended [2.4.40-3] - fix: rpm -V complains (#1230263) [2.4.40-2] - fix: missing frontend database indexing (#1226600) [2.4.40-1] - new upstream release (#1147982) - fix: PIE and RELRO check (#1092562) - fix: slaptest doesn't convert perlModuleConfig lines (#1184585) - fix: OpenLDAP crash in NSS shutdown handling (#1158005) - fix: slapd.service may fail to start if binding to NIC ip (#1198781) - fix: deadlock during SSL_ForceHandshake when getting connection to replica (#1125152) - improve check_password (#1174723, #1196243) - provide an unversioned symlink to check_password.so.1.1 (#1174634) - add findutils to requires (#1209229) Affected Software/OS: 'openldap' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3276 1034221 http://www.securitytracker.com/id/1034221 RHSA-2015:2131 http://rhn.redhat.com/errata/RHSA-2015-2131.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1238322
Copyright	Copyright (C) 2015 Greenbone AG