drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in sssd
Name: |
Denial of Service in sssd |
|
ID: |
FEDORA-2011-0364 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 14 |
|
Datum: |
Sa, 22. Januar 2011, 07:33 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4341 |
|
Applikationen: |
SSSD |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-0364 2011-01-13 17:41:18 ------------------------------------------------------------------------------- -
Name : sssd Product : Fedora 14 Version : 1.5.0 Release : 2.fc14 URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon Description : Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.
------------------------------------------------------------------------------- - Update Information:
Addresses low-priority CVE-2010-4341: DoS in sssd PAM responder can prevent logins ------------------------------------------------------------------------------- - ChangeLog:
* Tue Jan 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-2 - CVE-2010-4341 - DoS in sssd PAM responder can prevent logins * Wed Dec 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-1 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations * Thu Nov 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-3 - Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade * Tue Nov 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-2 - Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf * Mon Nov 1 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-1 - New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base * Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-2 - Fix incorrect tarball URL * Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-1 - New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins https://bugzilla.redhat.com/show_bug.cgi?id=661163 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update sssd' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|