drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Fehlerhafte Zugriffsrechte in sssd
Name: |
Fehlerhafte Zugriffsrechte in sssd |
|
ID: |
FEDORA-2011-5815 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 14 |
|
Datum: |
Fr, 6. Mai 2011, 10:55 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1758 |
|
Applikationen: |
SSSD |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-5815 2011-04-22 21:00:17 ------------------------------------------------------------------------------- -
Name : sssd Product : Fedora 14 Version : 1.5.7 Release : 1.fc14 URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon Description : Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.
------------------------------------------------------------------------------- - Update Information:
* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1 - Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6.1-1 - Re-add manpage translations
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6-1 - New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd - Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache ------------------------------------------------------------------------------- - ChangeLog:
* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1 - Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename * Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6.1-1 - Re-add manpage translations * Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6-1 - New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd - Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache * Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-1 - New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist * Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.4-1 - New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider * Fri Mar 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-3 - Fix version requirement on libldb * Thu Mar 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-2 - Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication * Fri Mar 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-1 - New upstream release 1.5.3 - Support for libldb >= 1.0.0 * Thu Mar 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.2-1 - New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes * Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-9 - Fix build against older libldb * Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8 - Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users * Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-7 - Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf * Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-6 - Fix memberOf install path * Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-5 - Add support for libldb 1.0.0 * Wed Feb 9 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Feb 1 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-3 - Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage * Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2.1 - Remove requirement on krb5-devel 1.9 * Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2 - Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild * Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes * Tue Jan 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-2 - CVE-2010-4341 - DoS in sssd PAM responder can prevent logins * Wed Dec 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-1 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations * Thu Nov 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-3 - Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade * Tue Nov 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-2 - Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf * Mon Nov 1 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-1 - New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base * Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-2 - Fix incorrect tarball URL * Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-1 - New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #697057 - kpasswd fails when using sssd and kadmin server != kdc server https://bugzilla.redhat.com/show_bug.cgi?id=697057 [ 2 ] Bug #700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites cached password with predicatable filename [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=700891 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update sssd' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|