Synopsis:          Low: openldap security and bug fix update
Issue Date:        2012-08-08
CVE Numbers:       CVE-2012-2668

It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite
settings. This resulted in the default cipher suite always being used,
which could lead to weaker than expected ciphers being accepted during
Transport Layer Security (TLS) negotiation with OpenLDAP clients.
(CVE-2012-2668)

This update also fixes the following bug:

- When the smbk5pwd overlay was enabled in an OpenLDAP server, and a user
changed their password, the Microsoft NT LAN Manager (NTLM) and Microsoft
LAN Manager (LM) hashes were not computed correctly. This led to the
sambaLMPassword and sambaNTPassword attributes being updated with incorrect
values, preventing the user logging in using a Windows-based client or a
Samba client.

With this update, the smbk5pwd overlay is linked against OpenSSL. As such,
the NTLM and LM hashes are computed correctly, and password changes work as
expected when using smbk5pwd. (BZ#844428)

After installing this update, the OpenLDAP daemons will be restarted automatically.

SL6
   x86_64
     openldap-2.4.23-26.el6_3.2.i686.rpm
     openldap-2.4.23-26.el6_3.2.x86_64.rpm
     openldap-clients-2.4.23-26.el6_3.2.x86_64.rpm
     openldap-devel-2.4.23-26.el6_3.2.i686.rpm
     openldap-devel-2.4.23-26.el6_3.2.x86_64.rpm
     openldap-servers-2.4.23-26.el6_3.2.x86_64.rpm
     openldap-servers-sql-2.4.23-26.el6_3.2.x86_64.rpm
   i386
     openldap-2.4.23-26.el6_3.2.i686.rpm
     openldap-clients-2.4.23-26.el6_3.2.i686.rpm
     openldap-devel-2.4.23-26.el6_3.2.i686.rpm
     openldap-servers-2.4.23-26.el6_3.2.i686.rpm
     openldap-servers-sql-2.4.23-26.el6_3.2.i686.rpm

- Scientific Linux Development Team