Bug 825875 (CVE-2012-2668)
Summary: | CVE-2012-2668 openldap: does not honor TLSCipherSuite settings | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | ccsadmins, dspurek, jlieskov, jsynacek, jvcelak, rmeggins, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-08-08 17:43:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 822979, 829481, 844725 | ||
Bug Blocks: | 802520, 825876 |
Description
Vincent Danen
2012-05-28 21:15:44 UTC
This does seem to affect upstream, based on the proposed patch to fix it. From libraries/libldap/tls_m.c in OpenLDAP 2.4.23: 1757 if ( lt->lt_ciphersuite && 1758 tlsm_parse_ciphers( ctx, lt->lt_ciphersuite )) { 1759 Debug( LDAP_DEBUG_ANY, 1760 "TLS: could not set cipher list %s.\n", 1761 lt->lt_ciphersuite, 0, 0 ); 1762 return -1; 1763 } Someone was quicker: http://www.openldap.org/its/index.cgi?findid=7285 Added CVE as per http://www.openwall.com/lists/oss-security/2012/06/06/1 Debian bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309 Created openldap tracking bugs for this issue Affects: fedora-all [bug 829481] openldap-2.4.31-3.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. openldap-2.4.26-8.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1151 https://rhn.redhat.com/errata/RHSA-2012-1151.html Statement: This issue did not affect the version of openldap as shipped with Red Hat Enterprise Linux 5, as it does not use the Mozilla NSS backend. |