OracleVM 3.2 : openldap (OVMSA-2016-0069)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.

Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- CVE-2015-6908 openldap: ber_get_next denial of service
vulnerability (#1263170)

- fix: syncprov psearch race condition (#999811)

- fix: CVE-2013-4449 segfault on certain queries with rwm
overlay (#1064146)

- fix: do not send IPv6 DNS queries when IPv6 is disabled
on the host (#812772)

- fix: disable static libraries stripping (#684630)

- fix: memory leaks in syncrepl and slap_sl_free (#741184)

- new feature update: honor priority/weight with
ldap_domain2hostlist (#733435)

- fix: initscript marked as %config incorrectly (#738768)

- new feature: honor priority/weight with
ldap_domain2hostlist (#733435)

- fix: strict aliasing warnings during package build

- fix: OpenLDAP packages lack debug data (#684630)

- doc: Document preferred use of TLS_CACERT instead of
TLS_CACERTDIR to specify Certificate Authorities

- fix: libldap ignores a directory of CA certificates if
any of them can't be read (#609722)

- fix: Migration: can't handle
duplicate entries (#563148)

- fix: Init script is working wrong if database recovery
is needed (#604092)

- fix: CVE-2011-1024 ppolicy forwarded bind failure
messages cause success (#680486)

- fix: slapd concurrent access to connections causes slapd
to silently die (#641953)

- backport: ldap_init_fd API function

- fix: ppolicy crash while replace-deleting userPassword
attribute (#665951)

- fix: connection freeze when using TLS (#591419)

- don't remove task twice during replication

- fixed segfault issues in modrdn (#606375)

- added patch handling null char in TLS to compat package
(#606375, patch backported by Jan Vcelak )

See also :

Solution :

Update the affected openldap / openldap-clients packages.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 91749 ()

Bugtraq ID: 46363

CVE ID: CVE-2011-1024

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now