Kod programske biblioteke libuser, namijenjene operacijskim sustavima Fedora 13 i 14, uočen je novi sigurnosni propust. Spomenuta biblioteka implementira standardizirano sučelje za upravljanje i administraciju korisničkih računa i grupa. Propust se može pojaviti zbog nepravilnog postavljanja zapisa ulazne zaporke kod stvaranja novih LDAP (eng. Lightweight Directory Access Protocol) korisnika. Na taj se način može olakšati udaljenom napadaču pristup osjetljivim informacijama. Kako se ovaj propust ne bi iskoristio, svi se korisnici ranjivog sustava upućuju na korištenje dostupne programske nadogradnje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0320
2011-01-12 05:02:31
--------------------------------------------------------------------------------
Name : libuser
Product : Fedora 13
Version : 0.56.16
Release : 1.fc13.2
URL : https://fedorahosted.org/libuser/
Summary : A user and group account administration library
Description :
The libuser library implements a standardized interface for manipulating
and administering user and group accounts. The library uses pluggable
back-ends to interface to its data sources.
Sample applications modeled after those included with the shadow password
suite are included.
--------------------------------------------------------------------------------
Update Information:
Fixes default userPassword value on LDAP; note that this affects only accounts
for which the password was not changed later.
In addition to installing this update, maintainers of LDAP servers used for
authentication should review their LDAP directory for unexpected plaintext
userPassword values.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 10 2011 Miloslav TrmaÄ? <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.56.16-1.2
- Correctly mark the LDAP default password value as encrypted (CVE-2011-0002)
Resolves: #668534
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #643227 - CVE-2011-0002 libuser creates LDAP users with a default
password
https://bugzilla.redhat.com/show_bug.cgi?id=643227
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libuser' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0316
2011-01-12 05:02:19
--------------------------------------------------------------------------------
Name : libuser
Product : Fedora 14
Version : 0.56.18
Release : 3.fc14
URL : https://fedorahosted.org/libuser/
Summary : A user and group account administration library
Description :
The libuser library implements a standardized interface for manipulating
and administering user and group accounts. The library uses pluggable
back-ends to interface to its data sources.
Sample applications modeled after those included with the shadow password
suite are included.
--------------------------------------------------------------------------------
Update Information:
Fixes default userPassword value on LDAP; note that this affects only accounts
for which the password was not changed later. In addition to installing this
update, maintainers of LDAP servers used for authentication should review their
LDAP directory for unexpected plaintext userPassword values.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 10 2011 Miloslav TrmaÄ? <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.56.18-3
- Correctly mark the LDAP default password value as encrypted (CVE-2011-0002)
Resolves: #668534
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #643227 - CVE-2011-0002 libuser creates LDAP users with a default
password
https://bugzilla.redhat.com/show_bug.cgi?id=643227
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libuser' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke