CVE-2012-2668: cipher suite selection by name can be ignored
Resolves: #825875
This commit is contained in:
parent
fe1c1e0eeb
commit
904778f620
27
openldap-cve-nss-cipher-suite-ignored.patch
Normal file
27
openldap-cve-nss-cipher-suite-ignored.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
MozNSS: cipher suite selection by name may be ignored
|
||||||
|
|
||||||
|
Author: Tim Strobell <tim.strobell.ctr@nrl.navy.mil>
|
||||||
|
Upstream ITS: #7289
|
||||||
|
Upstream commit: 4b6bd2c600a79960409499f43a818aa0ca9fe463
|
||||||
|
Resolves: #825875 (CVE-2012-2668)
|
||||||
|
|
||||||
|
---
|
||||||
|
libraries/libldap/tls_m.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
||||||
|
index 4c18360..d71fec7 100644
|
||||||
|
--- a/libraries/libldap/tls_m.c
|
||||||
|
+++ b/libraries/libldap/tls_m.c
|
||||||
|
@@ -624,7 +624,7 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
|
||||||
|
} else {
|
||||||
|
for (i=0; i<ciphernum; i++) {
|
||||||
|
if (!strcmp(ciphers_def[i].ossl_name, cipher) &&
|
||||||
|
- cipher_list[1] != -1)
|
||||||
|
+ cipher_list[i] != -1)
|
||||||
|
cipher_list[i] = action;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.7.10.4
|
||||||
|
|
@ -43,6 +43,7 @@ Patch11: openldap-nss-allow-ca-dbdir-pemfile.patch
|
|||||||
Patch12: openldap-tls-unbind-shutdown-order.patch
|
Patch12: openldap-tls-unbind-shutdown-order.patch
|
||||||
Patch13: openldap-nss-dont-overwrite-verify-cert-error.patch
|
Patch13: openldap-nss-dont-overwrite-verify-cert-error.patch
|
||||||
Patch14: openldap-nss-clean-memory-for-token-pin.patch
|
Patch14: openldap-nss-clean-memory-for-token-pin.patch
|
||||||
|
Patch15: openldap-cve-nss-cipher-suite-ignored.patch
|
||||||
|
|
||||||
# Fedora specific patches
|
# Fedora specific patches
|
||||||
Patch100: openldap-fedora-systemd.patch
|
Patch100: openldap-fedora-systemd.patch
|
||||||
@ -153,6 +154,7 @@ pushd openldap-%{version}
|
|||||||
%patch12 -p1
|
%patch12 -p1
|
||||||
%patch13 -p1
|
%patch13 -p1
|
||||||
%patch14 -p1
|
%patch14 -p1
|
||||||
|
%patch15 -p1
|
||||||
|
|
||||||
%patch100 -p1
|
%patch100 -p1
|
||||||
|
|
||||||
@ -669,6 +671,7 @@ exit 0
|
|||||||
- fix: invalid order of TLS shutdown operations (#808464)
|
- fix: invalid order of TLS shutdown operations (#808464)
|
||||||
- fix: TLS error messages overwriting in tlsm_verify_cert() (#810462)
|
- fix: TLS error messages overwriting in tlsm_verify_cert() (#810462)
|
||||||
- fix: reading pin from file can make all TLS connections hang (#829317)
|
- fix: reading pin from file can make all TLS connections hang (#829317)
|
||||||
|
- CVE-2012-2668: cipher suite selection by name can be ignored (#825875)
|
||||||
|
|
||||||
* Fri May 18 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-2
|
* Fri May 18 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-2
|
||||||
- fix: nss-tools package is required by the base package, not the server subpackage
|
- fix: nss-tools package is required by the base package, not the server subpackage
|
||||||
|
Loading…
Reference in New Issue
Block a user