http://bugzilla.novell.com/show_bug.cgi?id=515659 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de AssignedTo|security-team@suse.de |gjhe@novell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=515659 User gjhe@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=515659#c1 Guanjun He changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gjhe@novell.com --- Comment #1 from Guanjun He 2009-07-16 00:45:48 MDT --- Could you provide the following info? Which version do you update from? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=515659 User hdk@dkluenter.de added comment http://bugzilla.novell.com/show_bug.cgi?id=515659#c2 --- Comment #2 from Dieter Kluenter 2009-07-16 03:33:20 MDT --- Unfortunately I am not maintaining a local cvs system for rpm updates, so I am not sure which version had been previously installed, it might have been 0.9.8h-28.9.1-x86_64 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=515659 User hdk@dkluenter.de added comment http://bugzilla.novell.com/show_bug.cgi?id=515659#c4 Dieter Kluenter changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|hdk@dkluenter.de | --- Comment #4 from Dieter Kluenter 2009-07-21 07:30:34 MDT --- No, I don't think so, but I'm not sure about the openssl update intervals. Please note that the certificates in question had been created with an openssl version supplied with openSUSE-10.3. The creation and expiry date is not the culprit because the certifcates will expire in 2012. Only the most recent openssl version is not able to read or supply the subjectAltName attribut value. In order to keep my system running secured I had to recreate a new certificate chain. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=515659 User gjhe@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=515659#c6 Guanjun He changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | AssignedTo|qa@suse.de |gjhe@novell.com --- Comment #6 from Guanjun He 2009-08-04 21:18:26 MDT --- reopen -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=515659 User thomas@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=515659#c7 Thomas Biege changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |hdk@dkluenter.de --- Comment #7 from Thomas Biege 2009-08-05 03:15:42 MDT --- Can you give us an example code that cause the error (unable to access subjectAltName) and maybe a copy (same content but self-signed) of the cert, so we can reproduce it. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=515659 User hdk@dkluenter.de added comment http://bugzilla.novell.com/show_bug.cgi?id=515659#c9 --- Comment #9 from Dieter Kluenter 2009-08-09 02:46:56 MDT --- (In reply to comment #7)

Can you give us an example code that cause the error (unable to access subjectAltName) and maybe a copy (same content but self-signed) of the cert, so we can reproduce it.

It has been the starttls function of all ldap clients, i.e. perl, python and C based. Unfortunately the complete certificate chain has been rebuild, so no old certificates are available anymore. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=515659 User meissner@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=515659#c11 --- Comment #11 from Marcus Meissner 2009-08-27 06:54:47 MDT --- the bug has not been fully investigated, so it is unclear where the problem is. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=515659 User thomas@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=515659#c14 Thomas Biege changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |CVE-2009-1387: CVSS v2 Base | |Score: 5.0 | |(AV:N/AC:L/Au:N/C:N/I:N/A:P | |) --- Comment #14 from Thomas Biege 2009-10-13 20:41:03 MDT --- CVE-2009-1387: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.