Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 619022 - net-nds/openldap: Long list of acceptable CA names breaks encryption
Summary: net-nds/openldap: Long list of acceptable CA names breaks encryption
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openldap.org/software/rele...
Whiteboard: B3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-20 08:39 UTC by Agostino Sarubbo
Modified: 2018-05-28 17:54 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-05-20 08:39:18 UTC
From ${URL} :

It was found that using openldap with a long list of acceptable CA names might break encryption. Sending the credentials while the handshake 
is complete would cause them to go out unencrypted.

References:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861838


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Demetris Nakos (sokan) 2018-05-28 12:41:41 UTC
@maintainer(s):

A patch is available: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=7b5181da8cdd47a13041f9ee36fa9590a0fa6e48.
It has been merged in debian version 2.4.45+dfsg-1.

Demetris Nakos
-- Gentoo Security Padawan --