SUSE-SU-2015:1077-1: moderate: Security update for openldap2

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Jun 18 01:04:59 MDT 2015 

   SUSE Security Update: Security update for openldap2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1077-1
Rating:             moderate
References:         #905959 #916897 #916914 
Cross-References:   CVE-2015-1545 CVE-2015-1546
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Module for Legacy Software 12
                    SUSE Linux Enterprise Desktop 12
                     12
______________________________________________________________________________

   An update that solves two vulnerabilities and has one
   errata is now available.

Description:

   openldap2 was updated to fix two security issues and one non-security bug.

   The following vulnerabilities were fixed:

   * A remote attacker could cause a denial of service through a NULL pointer
     dereference and crash via an empty attribute list in a deref control in
     a search request. (bnc#916897 CVE-2015-1545)
   * A remote attacker could cause a denial of service (crash) via a crafted
     search query with a matched values control. (bnc#916914 CVE-2015-1546)

   The following non-security issue was fixed:

   * Prevent connection-0 (internal connection) from showing up in the
     monitor backend (bnc#905959)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2015-273=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-273=1

   - SUSE Linux Enterprise Module for Legacy Software 12:

      zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-273=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-273=1

   -  12:

      zypper in -t patch SUSE-SLE-SAP-12-2015-273=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64):

      openldap2-back-perl-2.4.39-16.1
      openldap2-back-perl-debuginfo-2.4.39-16.1
      openldap2-client-debuginfo-2.4.39-16.1
      openldap2-client-debugsource-2.4.39-16.1
      openldap2-debuginfo-2.4.39-16.1
      openldap2-debugsource-2.4.39-16.1
      openldap2-devel-2.4.39-16.1
      openldap2-devel-static-2.4.39-16.1

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le):

      openldap2-back-perl-2.4.39-15.1
      openldap2-back-perl-debuginfo-2.4.39-15.1
      openldap2-client-debuginfo-2.4.39-15.1
      openldap2-client-debugsource-2.4.39-15.1
      openldap2-debuginfo-2.4.39-15.1
      openldap2-debugsource-2.4.39-15.1
      openldap2-devel-2.4.39-15.1
      openldap2-devel-static-2.4.39-15.1

   - SUSE Linux Enterprise Server 12 (s390x x86_64):

      libldap-2_4-2-2.4.39-16.1
      libldap-2_4-2-32bit-2.4.39-16.1
      libldap-2_4-2-debuginfo-2.4.39-16.1
      libldap-2_4-2-debuginfo-32bit-2.4.39-16.1
      openldap2-2.4.39-16.1
      openldap2-back-meta-2.4.39-16.1
      openldap2-back-meta-debuginfo-2.4.39-16.1
      openldap2-client-2.4.39-16.1
      openldap2-client-debuginfo-2.4.39-16.1
      openldap2-client-debugsource-2.4.39-16.1
      openldap2-debuginfo-2.4.39-16.1
      openldap2-debugsource-2.4.39-16.1

   - SUSE Linux Enterprise Server 12 (ppc64le):

      libldap-2_4-2-2.4.39-15.1
      libldap-2_4-2-debuginfo-2.4.39-15.1
      openldap2-2.4.39-15.1
      openldap2-back-meta-2.4.39-15.1
      openldap2-back-meta-debuginfo-2.4.39-15.1
      openldap2-client-2.4.39-15.1
      openldap2-client-debuginfo-2.4.39-15.1
      openldap2-client-debugsource-2.4.39-15.1
      openldap2-debuginfo-2.4.39-15.1
      openldap2-debugsource-2.4.39-15.1

   - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64):

      compat-libldap-2_3-0-2.3.37-16.1
      compat-libldap-2_3-0-debuginfo-2.3.37-16.1

   - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le):

      compat-libldap-2_3-0-2.3.37-15.1
      compat-libldap-2_3-0-debuginfo-2.3.37-15.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      libldap-2_4-2-2.4.39-16.1
      libldap-2_4-2-32bit-2.4.39-16.1
      libldap-2_4-2-debuginfo-2.4.39-16.1
      libldap-2_4-2-debuginfo-32bit-2.4.39-16.1
      openldap2-client-2.4.39-16.1
      openldap2-client-debuginfo-2.4.39-16.1
      openldap2-client-debugsource-2.4.39-16.1

   -  12 (x86_64):

      compat-libldap-2_3-0-2.3.37-16.1
      compat-libldap-2_3-0-debuginfo-2.3.37-16.1


References:

   https://www.suse.com/security/cve/CVE-2015-1545.html
   https://www.suse.com/security/cve/CVE-2015-1546.html
   https://bugzilla.suse.com/905959
   https://bugzilla.suse.com/916897
   https://bugzilla.suse.com/916914

More information about the sle-security-updates mailing list