[Oraclevm-errata] OVMSA-2015-0123 Important: Oracle VM 3.3 openldap security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed Sep 30 09:00:24 PDT 2015
Oracle VM Security Advisory OVMSA-2015-0123
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
openldap-2.4.40-6.el6_7.x86_64.rpm
openldap-clients-2.4.40-6.el6_7.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/openldap-2.4.40-6.el6_7.src.rpm
Description of changes:
[2.4.40-6]
- CVE-2015-6908 openldap: ber_get_next denial of service vulnerability
(#1263171)
[2.4.40-5]
- fix: nslcd segfaults due to incorrect mutex initialization (#1144294)
[2.4.40-4]
- fix: Updating openldap deletes database if slapd.conf is used (#1193519)
[2.4.40-3]
- fix: ppc64: slaptest segfault in openldap-2.4.40 (#1202696)
[2.4.40-2]
- fix: bring back accidentaly removed patch (#1147983)
[2.4.40-1]
- rebase to 2.4.40 (#1147983)
[2.4.39-11]
- fix: make /etc/openldap/check_password.conf readable by ldap (#1155390)
[2.4.39-10]
- revert previous patch (#1172296)
- fix: crash in ldap_domain2hostlist when processing SRV record (#1164369)
- support TLS 1.1 and later (#1160467)
- enhancement: add ppolicy-check-password (#1155390)
[2.4.39-9]
- fix: prevent freed memory reuse (#1172296)
[2.4.39-8]
- fix: provide a shim libldif.so (#1110382)
[2.4.39-7]
- fix: remove correct tmp file when generating server cert (#1102083)
[2.4.39-6]
- remove unapplied patches
[2.4.39-5]
- fix: TLS_REQCERT documentation in client manpage (#1027796)
[2.4.39-4]
- review %configure and remove nonexistent options
[2.4.39-3]
- add another missing patch forgotten during the rebase
- fix: enable dynamic linking - unresolved symbols in the smbk5pwd module
[2.4.39-2]
- add missing patches that were removed by mistake during the rebase
[2.4.39-1]
- rebase to 2.4.39 (#923680)
+ drop a lot of upstreamed patches, backport the rest
+ compile in mdb
+ remove automatic slapd.conf -> slapd-config conversion
[2.4.23-35]
- fix: segfault on certain queries with rwm overlay (#1003038)
[2.4.23-34]
- fix: deadlock during SSL_ForceHandshake (#996373)
+ revert nss-handshake-threadsafe.patch
More information about the Oraclevm-errata
mailing list