[OmniOS-discuss] libldap security update
Paul B. Henson
henson at acm.org
Wed Jan 25 20:43:39 UTC 2017
> From: Dan McDonald
> Sent: Tuesday, January 24, 2017 2:57 PM
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1310467
This bug isn't public yet, so referring to it isn't particularly useful :).
> https://hg.mozilla.org/releases/comm-
> aurora/rev/afcaac5233d09dd9b0d7235f9a408b581fda8b19
However, from the fix, it would appear this vulnerability only exists if you
feed the LDAP library untrusted configuration data (such as an LDAP server
URL), so presumably if you are only using the system LDAP libraries for
internal purposes such as nsswitch naming services integration this would
not be a critical update. Please correct me if the secret bug indicates
otherwise :).
Thanks.
More information about the OmniOS-discuss
mailing list