SUSE-OU-2014:0571-1: Optional OpenSSL 1.0 versions of cyrus-sasl, libcurl4 and libldap

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Apr 24 19:05:14 MDT 2014


   SUSE Optional Update: Optional OpenSSL 1.0 versions of cyrus-sasl, libcurl4 and libldap
______________________________________________________________________________

Announcement ID:    SUSE-OU-2014:0571-1
Rating:             low
References:         #843697 #861014 #862623 #864912 #868627 #868629 
                    #870444 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP3
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Security Module 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

   An update that solves two vulnerabilities and has 5 fixes
   is now available.

Description:


   This update includes variants of existing libraries built
   against OpenSSL  1.0.

   As OpenSSL 0.8.9j and OpenSSL 1.0.1 are not binary
   compatible, but have the  same function names, care must be
   taken that they are not loaded by the  same program.

   As some system libraries also link against libssl.so or
   libcrypto.so, these  need to be available in variants
   linked against OpenSSL 1.0. These  libraries are installed
   below the /opt/suse/ directory hierarchy.

   The version and the APIs of these "shadow" libraries are
   exactly the same  as the versions in the system, and so are
   interchangeable.

   For building your OpenSSL 1.0 enabled program, link using
   the linkflags
   -L/opt/suse/lib64 -Wl, -rpath, /opt/suse/lib64 (on 32bit
   systems, use lib  instead of lib64).

   This update provides variants for the OpenLDAP2 client,
   libcurl4 and  cyrus-sasl libraries.

   Additionally, two bugs have been fixed in openldap2
   regarding IPv6 support:

   * tls_checkpeer does not work with IPv6 address as
   Subject Alternative Name. (bnc#862623)
   * getaddrinfo does not return if ldap is used for host
   lookups on IPv6 environments. (bnc#843697)

Indications:

   Update for optional OpenSSL 1.0.1 built libraries.

Patch Instructions:

   To install this SUSE Optional Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP3:

      zypper in -t patch sdksp3-compat-libldap-2_3-0-9139

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-compat-libldap-2_3-0-9139

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-compat-libldap-2_3-0-9139

   - SUSE Linux Enterprise Security Module 11 SP3:

      zypper in -t patch secsp3-compat-libldap-2_3-0-9139

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-compat-libldap-2_3-0-9139

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      openldap2-back-perl-2.4.26-0.28.5
      openldap2-devel-2.4.26-0.28.5

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64):

      openldap2-devel-32bit-2.4.26-0.28.5

   - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):

      openldap2-2.4.26-0.28.5

   - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):

      compat-libldap-2_3-0-2.3.37-2.28.5
      libldap-2_4-2-2.4.26-0.28.5
      openldap2-2.4.26-0.28.5
      openldap2-back-meta-2.4.26-0.28.5
      openldap2-client-2.4.26-0.28.5

   - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64):

      libldap-2_4-2-32bit-2.4.26-0.28.5

   - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      compat-libldap-2_3-0-2.3.37-2.28.5
      libldap-2_4-2-2.4.26-0.28.5
      openldap2-2.4.26-0.28.5
      openldap2-back-meta-2.4.26-0.28.5
      openldap2-client-2.4.26-0.28.5

   - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64):

      libldap-2_4-2-32bit-2.4.26-0.28.5

   - SUSE Linux Enterprise Server 11 SP3 (ia64):

      libldap-2_4-2-x86-2.4.26-0.28.5

   - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      cyrus-sasl-openssl1-2.1.22-0.27.6
      cyrus-sasl-openssl1-crammd5-2.1.22-0.27.6
      cyrus-sasl-openssl1-digestmd5-2.1.22-0.27.6
      cyrus-sasl-openssl1-gssapi-2.1.22-0.27.6
      cyrus-sasl-openssl1-ntlm-2.1.22-0.27.6
      cyrus-sasl-openssl1-otp-2.1.22-0.27.6
      cyrus-sasl-openssl1-plain-2.1.22-0.27.6
      libcurl4-openssl1-7.19.7-0.38.1
      libldap-openssl1-2_4-2-2.4.26-0.28.8

   - SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64):

      cyrus-sasl-openssl1-32bit-2.1.22-0.27.6
      libcurl4-openssl1-32bit-7.19.7-0.38.1
      libldap-openssl1-2_4-2-32bit-2.4.26-0.28.8

   - SUSE Linux Enterprise Security Module 11 SP3 (ia64):

      cyrus-sasl-openssl1-x86-2.1.22-0.27.6
      libcurl4-openssl1-x86-7.19.7-0.38.1
      libldap-openssl1-2_4-2-x86-2.4.26-0.28.8

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):

      libldap-2_4-2-2.4.26-0.28.5
      openldap2-client-2.4.26-0.28.5

   - SUSE Linux Enterprise Desktop 11 SP3 (x86_64):

      libldap-2_4-2-32bit-2.4.26-0.28.5


References:

   http://support.novell.com/security/cve/CVE-2014-0138.html
   http://support.novell.com/security/cve/CVE-2014-0139.html
   https://bugzilla.novell.com/843697
   https://bugzilla.novell.com/861014
   https://bugzilla.novell.com/862623
   https://bugzilla.novell.com/864912
   https://bugzilla.novell.com/868627
   https://bugzilla.novell.com/868629
   https://bugzilla.novell.com/870444
   http://download.suse.com/patch/finder/?keywords=ad9327ac719822769a21fdd795af3e1b



More information about the sle-updates mailing list