drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in 389-ds-base
Name: |
Mangelnde Rechteprüfung in 389-ds-base |
|
ID: |
FEDORA-2012-20156 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 16 |
|
Datum: |
Di, 15. Januar 2013, 14:45 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4450 |
|
Applikationen: |
389 Directory Server |
|
Originalnachricht |
Name : 389-ds-base Product : Fedora 16 Version : 1.2.10.24 Release : 1.fc16 URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
------------------------------------------------------------------------------- - Update Information:
Here is where you give an explanation of your update. Here is where you give an explanation of your update. cleanallruv support - Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) ------------------------------------------------------------------------------- - ChangeLog:
* Mon Dec 10 2012 Mark Reynolds <mreynolds@redhat.com> - 1-2.10.24-1 - Bumped version to 1.2.10.24 * Mon Nov 12 2012 Mark Reynolds <mreynolds@redhat.com> - 1.2.10.17 - 1.2.10.23 - Final CLEANALLRUV changes * Thu Oct 18 2012 Mark Reynolds <mreynolds@redhat.com> - 1.2.10.16-1 - 569c2d3 bump version to 1.2.10.16 - Ticket 403 - CLEANALLRUV - minor fixes and add support for replica-force-cleaning * Tue Oct 16 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.15-1 - Trac Ticket #340 - Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl - Ticket #491 - multimaster_extop_cleanruv returns wrong error codes - 7bbaf35 COVERITY FIXES in replica_execute_cleanall_ruv_task - 1f356fa CLEANALLRUV - remove calls to agmt_get_enabled because this feature is not in 1.2.10 - Ticket 477 - CLEANALLRUV if there are only winsync agmts task will hang - Ticket 467 - CLEANALLRUV abort task should be able to ignore down replicas - Ticket 450 - CLEANALLRUV task gets stuck on winsync replication agreement - 8545947 CLEANALLRUV coverity fixes - Ticket 403 - fix CLEANALLRUV regression from last commit - Ticket 403 - CLEANALLRUV revisions - Ticket 403 - cleanallruv coverity fixes - Ticket 403 - CLEANALLRUV feature - 4753f97 Update the slapi-plugin documentation on new slapi functions, and added a slapi function for checking on shutdowns - b3f5a71 Coverity Fix - Ticket 368 - Make the cleanAllRUV task one step - Ticket #337 - Improve CLEANRUV task - Ticket #353 - coverity 12625-12629 - leaks, dead code, unchecked return - Ticket #337 - RFE - Improve CLEANRUV functionality * Wed Jul 18 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.14-1 - Ticket #410 - Referential integrity plug-in does not work when update interval is not zero * Mon Jul 16 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.13-1 - Ticket #406 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled - Ticket #405 - referint modrdn not working if case is different * Wed Jun 27 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.12-1 - Ticket 378 - unhashed#user#password visible after changing password - fix typo in previous patch - Trac Ticket 396 - Account Usability Control Not Working * Thu Jun 21 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.11-1 - Ticket #378 - audit log does not log unhashed password: enabled, by default. - Ticket #378 - unhashed#user#password visible after changing password - Ticket #365 - passwords in clear text in the audit log * Mon Jun 18 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.10-1 - Ticket #390 - [abrt] 389-ds-base-1.2.10.6-1.fc16: slapi_attr_value_cmp: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) * Thu May 24 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.9-1 - Ticket #382 - DS Shuts down intermittently - Trac Ticket #359 - Database RUV could mismatch the one in changelog under the stress - Bug #361: Bad DNs in ACIs can segfault ns-slapd - Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object * Thu May 3 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.8-1 - Ticket #348 - crash in ldap_initialize with multiple threads - previous fix would crash in ldclt - this fixes that crash * Mon Apr 30 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.7-1 - Ticket #348 - crash in ldap_initialize with multiple threads - Ticket #347 - IPA dirsvr seg-fault during system longevity test * Tue Apr 10 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.6-1 - Bug 808770 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) - typo in previous patch * Tue Apr 10 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.5-1 - Bug 808770 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV) - same as Ticket #336 * Wed Mar 21 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.4-2 - get rid of posttrans - move update code to post * Tue Mar 13 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.4-1 - Ticket #305 - Certain CMP operations hang or cause ns-slapd to crash * Mon Mar 5 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.3-1 - b05139b memleak in normalize_mods2bvals - c0eea24 memleak in mep_parse_config_entry - 90bc9eb handle null smods - Ticket #305 - Certain CMP operations hang or cause ns-slapd to crash - Ticket #306 - void function cannot return value - ticket 304 - Fix kernel version checking in dsktune * Thu Feb 23 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.2-1 - Trac Ticket #298 - crash when replicating orphaned tombstone entry - Ticket #281 - TLS not working with latest openldap - Trac Ticket #290 - server hangs during shutdown if betxn pre/post op fails - Trac Ticket #26 - Please support setting defaultNamingContext in the rootdse - Ticket #124 - add Provides: ldif2ldbm to rpm * Tue Feb 14 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.1-1 - Ticket #294 - 389 DS Segfaults during replica install in FreeIPA * Mon Feb 13 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10.0-1 - Ticket 284 - Remove unnecessary SNMP MIB files - Ticket 51 - memory leaks in 389-ds-base-1.2.8.2-1.el5? - Ticket 175 - logconv.pl improvements * Thu Feb 2 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10-0.10.rc1 - ad9dd30 coverity 12488 Resource leak In attr_index_config(): Leak of memory or pointers to system resources - Ticket #281 - TLS not working with latest openldap - Ticket #280 - extensible binary filters do not work - Ticket #279 - filter normalization does not use matching rules - Trac Ticket #275 - Invalid read reported by valgrind - Ticket #277 - cannot set repl referrals or state - Ticket #278 - Schema replication update failed: Invalid syntax - Ticket #39 - Account Policy Plugin does not work for simple binds when PAM Pass Through Auth plugin is enabled - Ticket #13 - slapd process exits when put the database on read only mode while updates are coming to the server - Ticket #87 - Manpages fixes - c493fb4 fix a couple of minor coverity issues - Ticket #55 - Limit of 1024 characters for nsMatchingRule - Trac Ticket #274 - Reindexing entryrdn fails if ancestors are also tombstoned - Ticket #6 - protocol error from proxied auth operation - Ticket #38 - nisDomain schema is incorrect - Ticket #273 - ruv tombstone searches don't work after reindex entryrdn - Ticket #29 - Samba3-schema is missing sambaTrustedDomainPassword - Ticket #22 - RFE: Support sendmail LDAP routing schema - Ticket #161 - Review and address latest Coverity issues - Ticket #140 - incorrect memset parameters - Trac Ticket 35 - Log not clear enough on schema errors - Trac Ticket 139 - eliminate the use of char *dn in favor of Slapi_DN *dn - Trac Ticket #52 - FQDN set to nsslapd-listenhost makes the server start fail if IPv4-mapped-IPv6 address is given * Tue Jan 24 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10-0.9.a8 - Ticket #272 - add tombstonenumsubordinates to schema * Mon Jan 23 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10-0.8.a7 - fixes for systemd - remove .pid files after shutting down servers - Ticket #263 - add systemd include directive - Ticket #264 - upgrade needs better check for "server is running" * Fri Jan 20 2012 Rich Megginson <rmeggins@redhat.com> - 1.2.10-0.7.a7 - Ticket #262 - pid file not removed with systemd - Ticket #50 - server should not call a plugin after the plugin close function is called - Ticket #18 - Data inconsitency during replication - Ticket #49 - better handling for server shutdown while long running tasks are active - Ticket #15 - Get rid of rwlock.h/rwlock.c and just use slapi_rwlock instead - Ticket #257 - repl-monitor doesn't work if leftmost hostnames are the same - Ticket #12 - 389 DS DNA Plugin / Replication failing on GSSAPI - 6aaeb77 add a hack to disable sasl hostname canonicalization - Ticket 168 - minssf should not apply to rootdse - Ticket #177 - logconv.pl doesn't detect restarts - Ticket #159 - Managed Entry Plugin runs against managed entries upon any update without validating - Ticket 75 - Unconfigure plugin opperations are being called. - Ticket 26 - Please support setting defaultNamingContext in the rootdse. - Ticket #71 - unable to delete managed entry config - Ticket #167 - Mixing transaction and non-transaction plugins can cause deadlock - Ticket #256 - debug build assertion in ACL_EvalDestroy() - Ticket #4 - bak2db gets stuck in infinite loop - Ticket #162 - Infinite loop / spin inside strcmpi_fast, acl_read_access_allowed_on_attr, server DoS - Ticket #3: acl cache overflown problem - Ticket 1 - pre-normalize filter and pre-compile substring regex - and other optimizations - Ticket 2 - If node entries are tombstone'd, subordinate entries fail to get the full DN. * Thu Dec 15 2011 Rich Megginson <rmeggins@redhat.com> - 1.2.10-0.6.a6 - Bug 755725 - 389 programs linked against openldap crash during shutdown - Bug 755754 - Unable to start dirsrv service using systemd - Bug 745259 - Incorrect entryUSN index under high load in replicated environment - d439e3a use slapi_hexchar2int and slapi_str_to_u8 everywhere - 5910551 csn_init_as_string should not use sscanf - b53ba00 reduce calls to csn_as_string and slapi_log_error - c897267 fix member variable name error in slapi_uniqueIDFormat - 66808e5 uniqueid formatting - use slapi_u8_to_hex instead of sprintf - 580a875 csn_as_string - use slapi_uN_to_hex instead of sprintf - Bug 751645 - crash when simple paged fails to send entry to client - Bug 752155 - Use restorecon after creating init script lock file * Fri Nov 4 2011 Rich Megginson <rmeggins@redhat.com> - 1.2.10-0.5.a5 - Bug 751495 - 'setup-ds.pl -u' fails with undefined routine 'updateSystemD' - Bug 750625 750624 750622 744946 Coverity issues - Bug 748575 - part 2 - rhds81 modrdn operation and 100% cpu use in replication - Bug 748575 - rhds81 modrn operation and 100% cpu use in replication - Bug 745259 - Incorrect entryUSN index under high load in replicated environment - f639711 Reduce the number of DN normalization - c06a8fa Keep unhashed password psuedo-attribute in the adding entry - Bug 744945 - nsslapd-counters attribute value cannot be set to "off" - 8d3b921 Use new PLUGIN_CONFIG_ENTRY feature to allow switching between txn and regular - d316a67 Change referential integrity to be a betxnpostoperation plugin ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #340 - procps-1.2.9 bug fix - sorting in reverse order w/short options https://bugzilla.redhat.com/show_bug.cgi?id=340 [ 2 ] Bug #491 - Video mode deselects back to 25x80 on startup of Inetd https://bugzilla.redhat.com/show_bug.cgi?id=491 [ 3 ] Bug #337 - "unqualified hostname unknown" and "unable to qualify my own domainname" https://bugzilla.redhat.com/show_bug.cgi?id=337 [ 4 ] Bug #353 - NFS install over PLIP does not work properly. https://bugzilla.redhat.com/show_bug.cgi?id=353 [ 5 ] Bug #860608 - CVE-2012-4450 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=860608 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update 389-ds-base' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|