ALAS-2017-799

Amazon Linux 1 Security Advisory: ALAS-2017-799
Advisory Release Date: 2017-02-14 12:00 Pacific
Advisory Updated Date: 2017-02-14 12:00 Pacific

Severity: Medium

References: CVE-2015-3276
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled.

Affected Packages:

openldap

Issue Correction:
Run yum update openldap to update your system.

New Packages:

i686:
    openldap-debuginfo-2.4.40-12.30.amzn1.i686
    openldap-clients-2.4.40-12.30.amzn1.i686
    openldap-servers-sql-2.4.40-12.30.amzn1.i686
    openldap-2.4.40-12.30.amzn1.i686
    openldap-servers-2.4.40-12.30.amzn1.i686
    openldap-devel-2.4.40-12.30.amzn1.i686

src:
    openldap-2.4.40-12.30.amzn1.src

x86_64:
    openldap-servers-2.4.40-12.30.amzn1.x86_64
    openldap-servers-sql-2.4.40-12.30.amzn1.x86_64
    openldap-clients-2.4.40-12.30.amzn1.x86_64
    openldap-2.4.40-12.30.amzn1.x86_64
    openldap-debuginfo-2.4.40-12.30.amzn1.x86_64
    openldap-devel-2.4.40-12.30.amzn1.x86_64

Additional References

Red Hat: CVE-2015-3276

Mitre: CVE-2015-3276