ALAS-2017-799


Amazon Linux AMI Security Advisory: ALAS-2017-799
Advisory Release Date: 2017-02-14 12:00 Pacific
Severity: Medium
References: CVE-2015-3276 

Issue Overview:

A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled.


Affected Packages:

openldap


Issue Correction:
Run yum update openldap to update your system.

New Packages:
i686:
    openldap-debuginfo-2.4.40-12.30.amzn1.i686
    openldap-clients-2.4.40-12.30.amzn1.i686
    openldap-servers-sql-2.4.40-12.30.amzn1.i686
    openldap-2.4.40-12.30.amzn1.i686
    openldap-servers-2.4.40-12.30.amzn1.i686
    openldap-devel-2.4.40-12.30.amzn1.i686

src:
    openldap-2.4.40-12.30.amzn1.src

x86_64:
    openldap-servers-2.4.40-12.30.amzn1.x86_64
    openldap-servers-sql-2.4.40-12.30.amzn1.x86_64
    openldap-clients-2.4.40-12.30.amzn1.x86_64
    openldap-2.4.40-12.30.amzn1.x86_64
    openldap-debuginfo-2.4.40-12.30.amzn1.x86_64
    openldap-devel-2.4.40-12.30.amzn1.x86_64