OpenLDAP is an open-source suite of Lightweight Directory Access Protocol
(LDAP) applications and development tools. LDAP is a set of protocols used
to access and maintain distributed directory information services over an
IP network. The openldap packages contain configuration files, libraries,
and documentation for OpenLDAP.
A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings.
As a result, OpenLDAP could potentially use ciphers that were not intended
to be enabled. (CVE-2015-3276)
This issue was discovered by Martin Poole of the Red Hat Software
Maintenance Engineering group.
The openldap packages have been upgraded to upstream version 2.4.40, which
provides a number of bug fixes and one enhancement over the previous
version:
(BZ#1147982)
This update also fixes the following bugs:
Previously, OpenLDAP did not properly handle a number of simultaneous
updates. As a consequence, sending a number of parallel update requests to
the server could cause a deadlock. With this update, a superfluous locking
mechanism causing the deadlock has been removed, thus fixing the bug.
(BZ#1125152)
The httpd service sometimes terminated unexpectedly with a segmentation
fault on the libldap library unload. The underlying source code has been
modified to prevent a bad memory access error that caused the bug to occur.
As a result, httpd no longer crashes in this situation. (BZ#1158005)
After upgrading the system from Red Hat Enterprise Linux 6 to Red Hat
Enterprise Linux 7, symbolic links to certain libraries unexpectedly
pointed to locations belonging to the openldap-devel package. If the user
uninstalled openldap-devel, the symbolic links were broken and the “rpm -V
openldap” command sometimes produced errors. With this update, the symbolic
links no longer get broken in the described situation. If the user
downgrades openldap to version 2.4.39-6 or earlier, the symbolic links
might break. After such downgrade, it is recommended to verify that the
symbolic links did not break. To do this, make sure the yum-plugin-verify
package is installed and obtain the target libraries by running the “rpm -V
openldap” or “yum verify openldap” command. (BZ#1230263)
In addition, this update adds the following enhancement:
All openldap users are advised to upgrade to these updated packages, which
correct these issues and add this enhancement.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | s390x | openldap-servers | < 2.4.40-8.el7 | openldap-servers-2.4.40-8.el7.s390x.rpm |
RedHat | 7 | src | openldap | < 2.4.40-8.el7 | openldap-2.4.40-8.el7.src.rpm |
RedHat | 7 | ppc | openldap-debuginfo | < 2.4.40-8.el7 | openldap-debuginfo-2.4.40-8.el7.ppc.rpm |
RedHat | 7 | x86_64 | openldap-clients | < 2.4.40-8.el7 | openldap-clients-2.4.40-8.el7.x86_64.rpm |
RedHat | 7 | ppc64le | openldap-servers-sql | < 2.4.40-8.el7 | openldap-servers-sql-2.4.40-8.el7.ppc64le.rpm |
RedHat | 7 | s390x | openldap | < 2.4.40-8.el7 | openldap-2.4.40-8.el7.s390x.rpm |
RedHat | 7 | s390x | openldap-debuginfo | < 2.4.40-8.el7 | openldap-debuginfo-2.4.40-8.el7.s390x.rpm |
RedHat | 7 | aarch64 | openldap | < 2.4.40-8.el7 | openldap-2.4.40-8.el7.aarch64.rpm |
RedHat | 7 | ppc64le | openldap-debuginfo | < 2.4.40-8.el7 | openldap-debuginfo-2.4.40-8.el7.ppc64le.rpm |
RedHat | 7 | ppc64le | openldap-clients | < 2.4.40-8.el7 | openldap-clients-2.4.40-8.el7.ppc64le.rpm |