openldap-2.4.23-26.AXS4.2
エラータID: AXSA:2012-882:03
リリース日:
2012/09/12 Wednesday - 21:10
題名:
openldap-2.4.23-26.AXS4.2
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- OpenLDAP の libraries/libldap/tls_m.c は,Mozilla NSS backend を使用している場合,TLSCipherSuite を設定しているのにもかかわらず,常にデフォルトの暗号スイートを使用しており,OpenLDAP が意図していたものより弱い暗号を使用し,リモートの攻撃者が機密情報を得る可能性のある脆弱性があります。(CVE-2012-2668)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-2668
libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
追加情報:
N/A
ダウンロード:
SRPMS
- openldap-2.4.23-26.AXS4.2.src.rpm
MD5: 19ee1e0218255270af0ec4dc969b60de
SHA-256: 66e240fbd0cbeb8c58b795a60ff550081e17d4409941625bf6114b4d742467d0
Size: 5.04 MB
Asianux Server 4 for x86
- openldap-2.4.23-26.AXS4.2.i686.rpm
MD5: c5b5305205e51070489bacc1535fcd9c
SHA-256: 87e2cf44d77f1abee0e4ae12be07fce2f6aecec526d970193669dbf0f343c0ba
Size: 263.96 kB - openldap-clients-2.4.23-26.AXS4.2.i686.rpm
MD5: e508bb46c1a82f7b401c1648e81607b7
SHA-256: 7d44d6b2b34be0a8f3e7b3a68e9ae28a588f6154dae12b24bc6d05ff87cdfa59
Size: 157.54 kB - openldap-devel-2.4.23-26.AXS4.2.i686.rpm
MD5: c2492850ef874191c9881e56156d0477
SHA-256: 2ab5cea597101b6b5f2bdd10e0150844122cc5ba133e6ff9ce381034bdf21c03
Size: 1.09 MB - openldap-servers-2.4.23-26.AXS4.2.i686.rpm
MD5: a1ab52af1c7d6b70835e6ae373f2b23e
SHA-256: f88ab66bc1032aa3a19930987fd38bfedd358a544fa03c0f57a7f99730ce9a23
Size: 2.00 MB
Asianux Server 4 for x86_64
- openldap-2.4.23-26.AXS4.2.x86_64.rpm
MD5: b2e39dfa79f1a2d502497f85240e7ee5
SHA-256: b1c7b6a4757c6ed76ddf76301f5dd1a5ab041681328f0a11658d95badedcf2c5
Size: 261.48 kB - openldap-clients-2.4.23-26.AXS4.2.x86_64.rpm
MD5: c01391745ace77537be9af2df54ac8b9
SHA-256: a18bf2bbc349a3fcc4a4155bc6ae809210ca2599044a55e541e09a8e44ab0187
Size: 163.06 kB - openldap-devel-2.4.23-26.AXS4.2.x86_64.rpm
MD5: 6c0a193608ab4ffe00dc10af5b573eb7
SHA-256: 99e338c93aa51a810ee8293411ce51e9af026e90a99aabaa50134578f0bbba84
Size: 1.08 MB - openldap-servers-2.4.23-26.AXS4.2.x86_64.rpm
MD5: 07939bf5c9040ce0834bbcda714cccb3
SHA-256: f7aa230a4853f4700ff87c4d8667f21ab0f5fc905c908fcc68d4dd08f5f867d3
Size: 2.01 MB - openldap-2.4.23-26.AXS4.2.i686.rpm
MD5: c5b5305205e51070489bacc1535fcd9c
SHA-256: 87e2cf44d77f1abee0e4ae12be07fce2f6aecec526d970193669dbf0f343c0ba
Size: 263.96 kB - openldap-devel-2.4.23-26.AXS4.2.i686.rpm
MD5: c2492850ef874191c9881e56156d0477
SHA-256: 2ab5cea597101b6b5f2bdd10e0150844122cc5ba133e6ff9ce381034bdf21c03
Size: 1.09 MB