Login
Newsletter
Werbung

Sicherheit: Verwendung schwacher Verschlüsselung in 389-ds-base
Aktuelle Meldungen Distributionen
Name: Verwendung schwacher Verschlüsselung in 389-ds-base
ID: FEDORA-2015-15128
Distribution: Fedora
Plattformen: Fedora 21
Datum: Fr, 9. Oktober 2015, 06:39
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3230
Applikationen: 389-ds-base

Originalnachricht

Name        : 389-ds-base
Product : Fedora 21
Version : 1.3.3.13
Release : 1.fc21
URL : http://port389.org/
Summary : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.

-------------------------------------------------------------------------------
-
Update Information:

389-ds-base-1.3.3.13-1.fc21 - release 1.3.3.13 - Ticket 48265 - Complex
filter in a search request doen't work as expected. (regression) - Ticket
47981
- COS cache doesn't properly mark vattr cache as invalid when there are
multiple
suffixes - Ticket 48252 - db2index creates index entry from deleted records -
Ticket 48228 - wrong password check if passwordInHistory is decreased. - Ticket
48252 - db2index creates index entry from deleted records - Ticket 48254 - CLI
db2index fails with usage errors - Ticket 47831 - remove debug logging from
retro cl - Ticket 48245 - Man pages and help for remove-ds.pl doesn't
display
"-a" option - Ticket 47931 - Fix coverity issues - Ticket 47931 -
memberOf &
retrocl deadlocks - Ticket 48228 - wrong password check if passwordInHistory is
decreased. - Ticket 48215 - update dbverify usage in main.c - Ticket 48215 -
update dbverify usage - Ticket 48215 - verify_db.pl doesn't verify DB
specified
by -a option - Ticket 47810 - memberOf plugin not properly rejecting updates -
Ticket 48231 - logconv autobind handling regression caused by 47446 - Ticket
48232 - winsync lastlogon attribute not syncing between DS and AD. - Ticket
48206 - Crash during retro changelog trimming - Ticket 48224 - redux 2 -
logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket 48226 - In
MMR, double free coould occur under some special condition - Ticket 48224 -
redux - logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket 48224
- redux - logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket
48224 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket 48192
- Individual abandoned simple paged results request has no chance to be cleaned
up - Ticket 48212 - Dynamic nsMatchingRule changes had no effect on the
attrinfo
thus following reindexing, as well. - Ticket 48195 - Slow replication when
deleting large quantities of multi-valued attributes - Ticket 48175 - Avoid
using regex in ACL if possible
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1232896 - CVE-2015-3230 389-ds-base: nsSSL3Ciphers preference not
enforced server side (regression) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1232896
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update 389-ds-base' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung