oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Multiple libraries privilege checking

From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 19 Jun 2011 18:38:17 +0200
* Sebastian Krahmer:


The libraries that I had a quick look at and which were found
"vulnerable" are:

- openssl-1.0.0c
- openldap-2.4.23
- cyrus-sasl-2.1.23

which is probably far from complete.


If someone wants to keep track, here's another one:

NSS (the crypto library) has some questionable features controlled by
environment variables.
Previous By Date Next
Previous By Thread Next

Current thread: