Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 424167 (CVE-2012-2668) - <net-nds/openldap-2.4.35 : weak cyphers lead to possible information leak (CVE-2012-2668)
Summary: <net-nds/openldap-2.4.35 : weak cyphers lead to possible information leak (CV...
Status: RESOLVED FIXED
Alias: CVE-2012-2668
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [glsa]
Keywords:
Depends on: 480304
Blocks:
  Show dependency tree
 
Reported: 2012-06-29 21:12 UTC by GLSAMaker/CVETool Bot
Modified: 2014-07-01 00:22 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-06-29 21:12:05 UTC
CVE-2012-2668 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2668):
  libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when
  using the Mozilla NSS backend, always uses the default cipher suite even
  when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers
  than intended and make it easier for remote attackers to obtain sensitive
  information.
Comment 2 Sergey Popov gentoo-dev Security 2013-10-07 09:27:15 UTC
Added to existing GLSA draft
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-07-01 00:22:12 UTC
This issue was resolved and addressed in
 GLSA 201406-36 at http://security.gentoo.org/glsa/glsa-201406-36.xml
by GLSA coordinator Yury German (BlueKnight).