[OmniOS-discuss] libldap security update
Dan McDonald
danmcd at omniti.com
Wed Jan 25 20:47:59 UTC 2017
> On Jan 25, 2017, at 3:43 PM, Paul B. Henson <henson at acm.org> wrote:
>
> However, from the fix, it would appear this vulnerability only exists if you
> feed the LDAP library untrusted configuration data (such as an LDAP server
> URL), so presumably if you are only using the system LDAP libraries for
> internal purposes such as nsswitch naming services integration this would
> not be a critical update. Please correct me if the secret bug indicates
> otherwise :).
That sounds correct. The secret bug didn't have much else beyond embargo considerations, from what I remember seeing.
Dan
More information about the OmniOS-discuss
mailing list