Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Unsichere Verwendung temporärer Dateien in 389-admin
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in 389-admin
ID: FEDORA-2015-1711
Distribution: Fedora
Plattformen: Fedora 21
Datum: So, 15. März 2015, 19:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0233

Originalnachricht

Name        : 389-admin
Product : Fedora 21
Version : 1.1.38
Release : 1.fc21
URL : http://port389.org/
Summary : 389 Administration Server (admin)
Description :
389 Administration Server is an HTTP agent that provides management features
for 389 Directory Server. It provides some management web apps that can
be used through a web browser. It provides the authentication, access control,
and CGI utilities used by the console.

-------------------------------------------------------------------------------
-
Update Information:

Release 1.1.38
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Feb 3 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.1.38-1
- bump version to 1.1.38
- Ticket 48024 - repl-monitor invoked from adminserver cgi fails
- Ticket 47995 - Admin Server: source code cleaning
- Ticket 47891 - Admin Server reconfig breaks SSL config
- Ticket 47929 - Admin Server - disable SSLv3 by default
- Ticket 201 - nCipher HSM cannot be configured via the console
- Ticket 47493 - Configuration Tab does not work with FIPS mode enabled
- Ticket 47697 - Resource leak in lib/libdsa/dsalib_updown.c
- Ticket 47860 - register-ds-admin.pl problem when following steps to replicate
o=netscaperoot
- Ticket 47548 - register-ds-admin does not register into remote config ds
- Ticket 47893 - Admin Server should use Sys::Hostname instead Net::Domain
- Ticket 47891 - Admin Server reconfig breaks SSL config
- Ticket 47300 - Update man page for remove-ds-admin.pl
- Ticket 47850 - "nsslapd-allow-anonymous-access: rootdse" makes login
as "admin" fail at the first time
- Ticket 47497 - Admin Express - remove "Security Level"
- Ticket 47495 - admin express: wrong instance creation time
- Ticket 47665 - Create new instance results in setting wrong ACI for the
"cn=config" entry
- Ticket 47478 - No groups file? error restarting Admin server
- Ticket 47300 - [RFE] remove-ds-admin.pl: redesign the behaviour
- Ticket 434 - admin-serv logs filling with "admserv_host_ip_check:
ap_get_remote_host could not resolve <ip address>"
- Ticket 47563 - cannot restart directory server from console
- Ticket 222 - Admin Express issues "Internal Server Error" when the
Config DS is down.
- Ticket 418 - Error with register-ds-admin.pl
- Ticket 377 - Unchecked use of SELinux command Reviewed by: rmeggins
- Ticket 47498 - Error Message for Failed to create the configuration directory
server
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1183153 - CVE-2015-0233 389-admin: multiple /tmp/ file
vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1183153
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update 389-admin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung