Package: debian-edu-config Version: 2.10.65 Severity: important After setting up a system including the 'LTSP-Server' profile, the LTSP chroot's SquashFS image (generated at installation time and used by NBD to provide an LTSP client's root filesystem) doesn't include the LDAP server certificate (pub key). The certificate will only be included in the image if it is rebuilt. As long as this isn't done, a MITM attack is possible. See the discussion in #931413.
Wolfgang
signature.asc
Description: PGP signature
