Optional OpenSSL 1.0 versions of cyrus-sasl, libcurl4 and libldap
SUSE Optional Update: Optional OpenSSL 1.0 versions of cyrus-sasl, libcurl4 and libldap
This update includes variants of existing libraries built
against OpenSSL 1.0.
As OpenSSL 0.8.9j and OpenSSL 1.0.1 are not binary
compatible, but have the same function names, care must be
taken that they are not loaded by the same program.
As some system libraries also link against libssl.so or
libcrypto.so, these need to be available in variants
linked against OpenSSL 1.0. These libraries are installed
below the /opt/suse/ directory hierarchy.
The version and the APIs of these "shadow" libraries are
exactly the same as the versions in the system, and so are
interchangeable.
For building your OpenSSL 1.0 enabled program, link using
the linkflags
-L/opt/suse/lib64 -Wl, -rpath, /opt/suse/lib64 (on 32bit
systems, use lib instead of lib64).
This update provides variants for the OpenLDAP2 client,
libcurl4 and cyrus-sasl libraries.
Additionally, two bugs have been fixed in openldap2
regarding IPv6 support:
* tls_checkpeer does not work with IPv6 address as
Subject Alternative Name. (bnc#862623)
* getaddrinfo does not return if ldap is used for host
lookups on IPv6 environments. (bnc#843697)
| Announcement ID: | SUSE-OU-2014:0571-1 |
| Rating: | low |
| References: | #843697 #861014 #862623 #864912 #868627 #868629 #870444 |
| Affected Products: |
An update that solves two vulnerabilities and has 5 fixes is now available.
Description:
This update includes variants of existing libraries built
against OpenSSL 1.0.
As OpenSSL 0.8.9j and OpenSSL 1.0.1 are not binary
compatible, but have the same function names, care must be
taken that they are not loaded by the same program.
As some system libraries also link against libssl.so or
libcrypto.so, these need to be available in variants
linked against OpenSSL 1.0. These libraries are installed
below the /opt/suse/ directory hierarchy.
The version and the APIs of these "shadow" libraries are
exactly the same as the versions in the system, and so are
interchangeable.
For building your OpenSSL 1.0 enabled program, link using
the linkflags
-L/opt/suse/lib64 -Wl, -rpath, /opt/suse/lib64 (on 32bit
systems, use lib instead of lib64).
This update provides variants for the OpenLDAP2 client,
libcurl4 and cyrus-sasl libraries.
Additionally, two bugs have been fixed in openldap2
regarding IPv6 support:
* tls_checkpeer does not work with IPv6 address as
Subject Alternative Name. (bnc#862623)
* getaddrinfo does not return if ldap is used for host
lookups on IPv6 environments. (bnc#843697)
Indications:
Update for optional OpenSSL 1.0.1 built libraries.
Patch Instructions:
To install this SUSE Optional Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-compat-libldap-2_3-0-9139 - SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-compat-libldap-2_3-0-9139 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-compat-libldap-2_3-0-9139 - SUSE Linux Enterprise Security Module 11 SP3:
zypper in -t patch secsp3-compat-libldap-2_3-0-9139 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-compat-libldap-2_3-0-9139
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- openldap2-back-perl-2.4.26-0.28.5
- openldap2-devel-2.4.26-0.28.5
- SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64):
- openldap2-devel-32bit-2.4.26-0.28.5
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64):
- openldap2-2.4.26-0.28.5
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
- compat-libldap-2_3-0-2.3.37-2.28.5
- libldap-2_4-2-2.4.26-0.28.5
- openldap2-2.4.26-0.28.5
- openldap2-back-meta-2.4.26-0.28.5
- openldap2-client-2.4.26-0.28.5
- SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64):
- libldap-2_4-2-32bit-2.4.26-0.28.5
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- compat-libldap-2_3-0-2.3.37-2.28.5
- libldap-2_4-2-2.4.26-0.28.5
- openldap2-2.4.26-0.28.5
- openldap2-back-meta-2.4.26-0.28.5
- openldap2-client-2.4.26-0.28.5
- SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64):
- libldap-2_4-2-32bit-2.4.26-0.28.5
- SUSE Linux Enterprise Server 11 SP3 (ia64):
- libldap-2_4-2-x86-2.4.26-0.28.5
- SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- cyrus-sasl-openssl1-2.1.22-0.27.6
- cyrus-sasl-openssl1-crammd5-2.1.22-0.27.6
- cyrus-sasl-openssl1-digestmd5-2.1.22-0.27.6
- cyrus-sasl-openssl1-gssapi-2.1.22-0.27.6
- cyrus-sasl-openssl1-ntlm-2.1.22-0.27.6
- cyrus-sasl-openssl1-otp-2.1.22-0.27.6
- cyrus-sasl-openssl1-plain-2.1.22-0.27.6
- libcurl4-openssl1-7.19.7-0.38.1
- libldap-openssl1-2_4-2-2.4.26-0.28.8
- SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64):
- cyrus-sasl-openssl1-32bit-2.1.22-0.27.6
- libcurl4-openssl1-32bit-7.19.7-0.38.1
- libldap-openssl1-2_4-2-32bit-2.4.26-0.28.8
- SUSE Linux Enterprise Security Module 11 SP3 (ia64):
- cyrus-sasl-openssl1-x86-2.1.22-0.27.6
- libcurl4-openssl1-x86-7.19.7-0.38.1
- libldap-openssl1-2_4-2-x86-2.4.26-0.28.8
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
- libldap-2_4-2-2.4.26-0.28.5
- openldap2-client-2.4.26-0.28.5
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
- libldap-2_4-2-32bit-2.4.26-0.28.5
References:
- http://support.novell.com/security/cve/CVE-2014-0138.html
- http://support.novell.com/security/cve/CVE-2014-0139.html
- https://bugzilla.novell.com/843697
- https://bugzilla.novell.com/861014
- https://bugzilla.novell.com/862623
- https://bugzilla.novell.com/864912
- https://bugzilla.novell.com/868627
- https://bugzilla.novell.com/868629
- https://bugzilla.novell.com/870444
- http://download.suse.com/patch/finder/?keywords=ad9327ac719822769a21fdd795af3e1b