[Pkg-openldap-devel] slapd: dangerous access rule in default config

Brian May brian at microcomaustralia.com.au
Tue Jan 20 00:03:58 UTC 2015


Hello,

I realize we are getting close to a release for Jessie, however I feel that
a security bug that allows changing your user id to 0 using default
configuration from our stable release deserves a security fix, or at least
a security notification asking administrators to check that they are not
vulnerable.

(I only found out about this because it was mentioned at a talk at LCA2015)

Please consider stable users when fixing security issues in unstable.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406

The latest version for wheezy is 2.4.31-1+nmu2, which does have this
problem.

Thanks
-- 
Brian May <brian at microcomaustralia.com.au>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20150120/33b00c7c/attachment.html>


More information about the Pkg-openldap-devel mailing list