SCIENTIFIC-LINUX-ERRATA Archives

March 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Low: ipa on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Mon, 4 Mar 2013 13:09:53 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (76 lines) 
Synopsis:          Low: ipa security, bug fix and enhancement update
Issue Date:        2013-02-21
CVE Numbers:       CVE-2012-4546
--

It was found that the current default configuration of IPA servers did not
publish correct CRLs (Certificate Revocation Lists). The default 
configuration
specifies that every replica is to generate its own CRL; however, this can
result in inconsistencies in the CRL contents provided to clients from
different Identity Management replicas. More specifically, if a 
certificate is
revoked on one Identity Management replica, it will not show up on another
Identity Management replica. (CVE-2012-4546)
--

SL6
   x86_64
     ipa-client-3.0.0-25.el6.x86_64.rpm
     ipa-debuginfo-3.0.0-25.el6.x86_64.rpm
     ipa-python-3.0.0-25.el6.x86_64.rpm
     ipa-admintools-3.0.0-25.el6.x86_64.rpm
     ipa-server-3.0.0-25.el6.x86_64.rpm
     ipa-server-selinux-3.0.0-25.el6.x86_64.rpm
     ipa-server-trust-ad-3.0.0-25.el6.x86_64.rpm
   i386
     ipa-client-3.0.0-25.el6.i686.rpm
     ipa-debuginfo-3.0.0-25.el6.i686.rpm
     ipa-python-3.0.0-25.el6.i686.rpm
     ipa-admintools-3.0.0-25.el6.i686.rpm
     ipa-server-3.0.0-25.el6.i686.rpm
     ipa-server-selinux-3.0.0-25.el6.i686.rpm
     ipa-server-trust-ad-3.0.0-25.el6.i686.rpm

The following packages were added for dependency resolution
SL6
   x86_64
     certmonger-0.61-3.el6.x86_64.rpm
     mod_nss-1.0.8-18.el6.x86_64.rpm
     nss-3.14.0.0-12.el6.i686.rpm
     nss-3.14.0.0-12.el6.x86_64.rpm
     nss-devel-3.14.0.0-12.el6.i686.rpm
     nss-devel-3.14.0.0-12.el6.x86_64.rpm
     nss-pkcs11-devel-3.14.0.0-12.el6.i686.rpm
     nss-pkcs11-devel-3.14.0.0-12.el6.x86_64.rpm
     nss-sysinit-3.14.0.0-12.el6.x86_64.rpm
     nss-tools-3.14.0.0-12.el6.x86_64.rpm
     nss-util-3.14.0.0-2.el6.i686.rpm
     nss-util-3.14.0.0-2.el6.x86_64.rpm
     nss-util-devel-3.14.0.0-2.el6.i686.rpm
     nss-util-devel-3.14.0.0-2.el6.x86_64.rpm
     policycoreutils-2.0.83-19.24.el6.x86_64.rpm
     policycoreutils-gui-2.0.83-19.24.el6.x86_64.rpm
     policycoreutils-newrole-2.0.83-19.24.el6.x86_64.rpm
     policycoreutils-python-2.0.83-19.24.el6.x86_64.rpm
     policycoreutils-sandbox-2.0.83-19.24.el6.x86_64.rpm

   i386
     certmonger-0.61-3.el6.i686.rpm
     mod_nss-1.0.8-18.el6.i686.rpm
     nss-3.14.0.0-12.el6.i686.rpm
     nss-devel-3.14.0.0-12.el6.i686.rpm
     nss-pkcs11-devel-3.14.0.0-12.el6.i686.rpm
     nss-sysinit-3.14.0.0-12.el6.i686.rpm
     nss-tools-3.14.0.0-12.el6.i686.rpm
     nss-util-3.14.0.0-2.el6.i686.rpm
     nss-util-devel-3.14.0.0-2.el6.i686.rpm
     policycoreutils-2.0.83-19.24.el6.i686.rpm
     policycoreutils-gui-2.0.83-19.24.el6.i686.rpm
     policycoreutils-newrole-2.0.83-19.24.el6.i686.rpm
     policycoreutils-python-2.0.83-19.24.el6.i686.rpm
     policycoreutils-sandbox-2.0.83-19.24.el6.i686.rpm


- Scientific Linux Development Team

ATOM RSS1 RSS2