LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2011-0316 (libuser)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 14 Update: libuser-0.56.18-3.fc14 


Date:
    	      Fri, 21 Jan 2011 23:06:23 +0000


Message-ID:
    	      <20110121230623.B7EAC110856@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0316
2011-01-12 05:02:19
--------------------------------------------------------------------------------

Name        : libuser
Product     : Fedora 14
Version     : 0.56.18
Release     : 3.fc14
URL         : https://fedorahosted.org/libuser/
Summary     : A user and group account administration library
Description :
The libuser library implements a standardized interface for manipulating
and administering user and group accounts.  The library uses pluggable
back-ends to interface to its data sources.

Sample applications modeled after those included with the shadow password
suite are included.

--------------------------------------------------------------------------------
Update Information:

Fixes default userPassword value on LDAP; note that this affects only accounts for which the
password was not changed later. In addition to installing this update, maintainers of LDAP servers
used for authentication should review their LDAP directory for unexpected plaintext userPassword
values.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 10 2011 Miloslav Trma? <mitr@redhat.com> - 0.56.18-3
- Correctly mark the LDAP default password value as encrypted (CVE-2011-0002)
  Resolves: #668534
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #643227 - CVE-2011-0002 libuser creates LDAP users with a default password
        https://bugzilla.redhat.com/show_bug.cgi?id=643227
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libuser' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds