[Pkg-openldap-devel] slapd: dangerous access rule in default config
Brian May
brian at microcomaustralia.com.au
Tue Jan 20 00:03:58 UTC 2015
Hello,
I realize we are getting close to a release for Jessie, however I feel that
a security bug that allows changing your user id to 0 using default
configuration from our stable release deserves a security fix, or at least
a security notification asking administrators to check that they are not
vulnerable.
(I only found out about this because it was mentioned at a talk at LCA2015)
Please consider stable users when fixing security issues in unstable.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406
The latest version for wheezy is 2.4.31-1+nmu2, which does have this
problem.
Thanks
--
Brian May <brian at microcomaustralia.com.au>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20150120/33b00c7c/attachment.html>
More information about the Pkg-openldap-devel
mailing list