SUSE-OU-2014:0571-1: Optional OpenSSL 1.0 versions of cyrus-sasl, libcurl4 and libldap
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu Apr 24 19:05:14 MDT 2014
SUSE Optional Update: Optional OpenSSL 1.0 versions of cyrus-sasl, libcurl4 and libldap
______________________________________________________________________________
Announcement ID: SUSE-OU-2014:0571-1
Rating: low
References: #843697 #861014 #862623 #864912 #868627 #868629
#870444
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Security Module 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that solves two vulnerabilities and has 5 fixes
is now available.
Description:
This update includes variants of existing libraries built
against OpenSSL 1.0.
As OpenSSL 0.8.9j and OpenSSL 1.0.1 are not binary
compatible, but have the same function names, care must be
taken that they are not loaded by the same program.
As some system libraries also link against libssl.so or
libcrypto.so, these need to be available in variants
linked against OpenSSL 1.0. These libraries are installed
below the /opt/suse/ directory hierarchy.
The version and the APIs of these "shadow" libraries are
exactly the same as the versions in the system, and so are
interchangeable.
For building your OpenSSL 1.0 enabled program, link using
the linkflags
-L/opt/suse/lib64 -Wl, -rpath, /opt/suse/lib64 (on 32bit
systems, use lib instead of lib64).
This update provides variants for the OpenLDAP2 client,
libcurl4 and cyrus-sasl libraries.
Additionally, two bugs have been fixed in openldap2
regarding IPv6 support:
* tls_checkpeer does not work with IPv6 address as
Subject Alternative Name. (bnc#862623)
* getaddrinfo does not return if ldap is used for host
lookups on IPv6 environments. (bnc#843697)
Indications:
Update for optional OpenSSL 1.0.1 built libraries.
Patch Instructions:
To install this SUSE Optional Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-compat-libldap-2_3-0-9139
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-compat-libldap-2_3-0-9139
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-compat-libldap-2_3-0-9139
- SUSE Linux Enterprise Security Module 11 SP3:
zypper in -t patch secsp3-compat-libldap-2_3-0-9139
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-compat-libldap-2_3-0-9139
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
openldap2-back-perl-2.4.26-0.28.5
openldap2-devel-2.4.26-0.28.5
- SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64):
openldap2-devel-32bit-2.4.26-0.28.5
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):
openldap2-2.4.26-0.28.5
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
compat-libldap-2_3-0-2.3.37-2.28.5
libldap-2_4-2-2.4.26-0.28.5
openldap2-2.4.26-0.28.5
openldap2-back-meta-2.4.26-0.28.5
openldap2-client-2.4.26-0.28.5
- SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64):
libldap-2_4-2-32bit-2.4.26-0.28.5
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
compat-libldap-2_3-0-2.3.37-2.28.5
libldap-2_4-2-2.4.26-0.28.5
openldap2-2.4.26-0.28.5
openldap2-back-meta-2.4.26-0.28.5
openldap2-client-2.4.26-0.28.5
- SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64):
libldap-2_4-2-32bit-2.4.26-0.28.5
- SUSE Linux Enterprise Server 11 SP3 (ia64):
libldap-2_4-2-x86-2.4.26-0.28.5
- SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64):
cyrus-sasl-openssl1-2.1.22-0.27.6
cyrus-sasl-openssl1-crammd5-2.1.22-0.27.6
cyrus-sasl-openssl1-digestmd5-2.1.22-0.27.6
cyrus-sasl-openssl1-gssapi-2.1.22-0.27.6
cyrus-sasl-openssl1-ntlm-2.1.22-0.27.6
cyrus-sasl-openssl1-otp-2.1.22-0.27.6
cyrus-sasl-openssl1-plain-2.1.22-0.27.6
libcurl4-openssl1-7.19.7-0.38.1
libldap-openssl1-2_4-2-2.4.26-0.28.8
- SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64):
cyrus-sasl-openssl1-32bit-2.1.22-0.27.6
libcurl4-openssl1-32bit-7.19.7-0.38.1
libldap-openssl1-2_4-2-32bit-2.4.26-0.28.8
- SUSE Linux Enterprise Security Module 11 SP3 (ia64):
cyrus-sasl-openssl1-x86-2.1.22-0.27.6
libcurl4-openssl1-x86-7.19.7-0.38.1
libldap-openssl1-2_4-2-x86-2.4.26-0.28.8
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
libldap-2_4-2-2.4.26-0.28.5
openldap2-client-2.4.26-0.28.5
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
libldap-2_4-2-32bit-2.4.26-0.28.5
References:
http://support.novell.com/security/cve/CVE-2014-0138.html
http://support.novell.com/security/cve/CVE-2014-0139.html
https://bugzilla.novell.com/843697
https://bugzilla.novell.com/861014
https://bugzilla.novell.com/862623
https://bugzilla.novell.com/864912
https://bugzilla.novell.com/868627
https://bugzilla.novell.com/868629
https://bugzilla.novell.com/870444
http://download.suse.com/patch/finder/?keywords=ad9327ac719822769a21fdd795af3e1b
More information about the sle-updates
mailing list