Detalji

U radu programskog paketa SSSD uočene su dvije nove ranjivosti. SSSD (eng. System Security Services Daemon) je pozadinski proces čija je primarna funkcija osigurati pristup udaljenim resursima i autentikacijskim mehanizmima. Propust se javlja u "auth_send()" funkciji kada je LDAP autentikacija omogućena. Uspješno iskorištavanje spomenutog propusta omogućuje zaobilaženje autentikacijskih mehanizama putem prazne korisničke lozinke. Korisnicima se preporuča primjena dostupnih programskih rješenja kako bi se zaštitili od navedenog problema.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0337
2011-01-13 17:40:22
--------------------------------------------------------------------------------

Name        : sssd
Product     : Fedora 13
Version     : 1.3.0
Release     : 40.fc13
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
Description :
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.

--------------------------------------------------------------------------------
Update Information:

Addresses low-priority CVE-2010-4341: DoS in sssd PAM responder can prevent
logins
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 12 2011 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.0-40
- Bump release to rebuild with patch in source-control
* Tue Jan 11 2011 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.0-39
- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
* Thu Nov 18 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.0-38
- Solve a shutdown race-condition that sometimes left processes running
* Thu Nov 18 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.0-37
- Resolves: rhbz#606887 - SSSD stops on upgrade
* Wed Oct 27 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.0-36
- Fix segfault issue in the kerberos provider
* Mon Oct  4 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.0-35
- Fix pre and post script requirements
* Mon Oct  4 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.0-34
- Resolves: rhbz#606887 - sssd stops on upgrade
* Fri Oct  1 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.0-33
- Resolves: rhbz#626205 - Unable to unlock screen
* Tue Sep 28 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.0-32
- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but
-                         doesn't require it
* Thu Sep 16 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.0-31
- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib
* Tue Aug 24 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.0-30
- New upstream version 1.3.0
- Improved LDAP failover
- Synchronous sysdb API (provides performance enhancements)
- Better online reconnection detection
* Tue Aug 24 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.2-21
- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
-                           against LDAP
* Wed Aug  4 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.2-20
- Resolves: rhbz#621307 - Password changes are broken on LDAP
* Tue Aug  3 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.2-19
- Resolves: rhbz#606887 - sssd stops on upgrade
* Mon Aug  2 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.2-18
- New stable upstream version 1.2.2
- The LDAP provider no longer requires access to the LDAP RootDSE. If it is
- unavailable, we will continue on with our best guess
- The LDAP provider will now log issues with TLS and GSSAPI to the syslog
- Significant performance improvement when performing initgroups on users who
- are members of large groups in LDAP.
- The sss_client will now reconnect properly to the SSSD if the daemon is
- restarted.
* Mon Jun 21 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.1-15
- New stable upstream version 1.2.1
- Resolves: rhbz#595529 - spec file should eschew %define in favor of
-                         %global
- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service
-                         to fail while restart.
- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel
-                         keyring
- Resolves: rhbz#599724 - sssd is broken on Rawhide
* Thu Jun 17 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.1-13
- Eliminate tight loop when reconnecting to LDAP - rhbz#604961
* Mon May 24 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.0-12
- New stable upstream version 1.2.0
- Support ServiceGroups for FreeIPA v2 HBAC rules
- Fix long-standing issue with auth_provider = proxy
- Better logging for TLS issues in LDAP
* Tue May 18 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.1.92-11
- New LDAP access provider allows for filtering user access by LDAP attribute
- Reduced default timeout for detecting offline status with LDAP
- GSSAPI ticket lifetime made configurable
- Better offline->online transition support in Kerberos
* Fri May  7 2010 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.1.91-10
- Release new upstream version 1.1.91
- Enhancements when using SSSD with FreeIPA v2
- Support for deferred kinit
- Support for DNS SRV records for failover
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent
logins
        https://bugzilla.redhat.com/show_bug.cgi?id=661163
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update sssd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh