LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Scientific Linux alert SL-ipa-20130304 (ipa)



From:
    	      Pat Riehecky <riehecky@fnal.gov> 


To:
    	      "SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV"
	<SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV> 


Subject:
    	      Security ERRATA Low: ipa on SL6.x i386/x86_64 


Date:
    	      Mon, 4 Mar 2013 13:09:53 -0600


Message-ID:
    	      <5134F181.5060303@fnal.gov>


Archive-link:
    	      Article, Thread
              


Synopsis:          Low: ipa security, bug fix and enhancement update
Issue Date:        2013-02-21
CVE Numbers:       CVE-2012-4546
--

It was found that the current default configuration of IPA servers did not
publish correct CRLs (Certificate Revocation Lists). The default 
configuration
specifies that every replica is to generate its own CRL; however, this can
result in inconsistencies in the CRL contents provided to clients from
different Identity Management replicas. More specifically, if a 
certificate is
revoked on one Identity Management replica, it will not show up on another
Identity Management replica. (CVE-2012-4546)
--

SL6
   x86_64
     ipa-client-3.0.0-25.el6.x86_64.rpm
     ipa-debuginfo-3.0.0-25.el6.x86_64.rpm
     ipa-python-3.0.0-25.el6.x86_64.rpm
     ipa-admintools-3.0.0-25.el6.x86_64.rpm
     ipa-server-3.0.0-25.el6.x86_64.rpm
     ipa-server-selinux-3.0.0-25.el6.x86_64.rpm
     ipa-server-trust-ad-3.0.0-25.el6.x86_64.rpm
   i386
     ipa-client-3.0.0-25.el6.i686.rpm
     ipa-debuginfo-3.0.0-25.el6.i686.rpm
     ipa-python-3.0.0-25.el6.i686.rpm
     ipa-admintools-3.0.0-25.el6.i686.rpm
     ipa-server-3.0.0-25.el6.i686.rpm
     ipa-server-selinux-3.0.0-25.el6.i686.rpm
     ipa-server-trust-ad-3.0.0-25.el6.i686.rpm

The following packages were added for dependency resolution
SL6
   x86_64
     certmonger-0.61-3.el6.x86_64.rpm
     mod_nss-1.0.8-18.el6.x86_64.rpm
     nss-3.14.0.0-12.el6.i686.rpm
     nss-3.14.0.0-12.el6.x86_64.rpm
     nss-devel-3.14.0.0-12.el6.i686.rpm
     nss-devel-3.14.0.0-12.el6.x86_64.rpm
     nss-pkcs11-devel-3.14.0.0-12.el6.i686.rpm
     nss-pkcs11-devel-3.14.0.0-12.el6.x86_64.rpm
     nss-sysinit-3.14.0.0-12.el6.x86_64.rpm
     nss-tools-3.14.0.0-12.el6.x86_64.rpm
     nss-util-3.14.0.0-2.el6.i686.rpm
     nss-util-3.14.0.0-2.el6.x86_64.rpm
     nss-util-devel-3.14.0.0-2.el6.i686.rpm
     nss-util-devel-3.14.0.0-2.el6.x86_64.rpm
     policycoreutils-2.0.83-19.24.el6.x86_64.rpm
     policycoreutils-gui-2.0.83-19.24.el6.x86_64.rpm
     policycoreutils-newrole-2.0.83-19.24.el6.x86_64.rpm
     policycoreutils-python-2.0.83-19.24.el6.x86_64.rpm
     policycoreutils-sandbox-2.0.83-19.24.el6.x86_64.rpm

   i386
     certmonger-0.61-3.el6.i686.rpm
     mod_nss-1.0.8-18.el6.i686.rpm
     nss-3.14.0.0-12.el6.i686.rpm
     nss-devel-3.14.0.0-12.el6.i686.rpm
     nss-pkcs11-devel-3.14.0.0-12.el6.i686.rpm
     nss-sysinit-3.14.0.0-12.el6.i686.rpm
     nss-tools-3.14.0.0-12.el6.i686.rpm
     nss-util-3.14.0.0-2.el6.i686.rpm
     nss-util-devel-3.14.0.0-2.el6.i686.rpm
     policycoreutils-2.0.83-19.24.el6.i686.rpm
     policycoreutils-gui-2.0.83-19.24.el6.i686.rpm
     policycoreutils-newrole-2.0.83-19.24.el6.i686.rpm
     policycoreutils-python-2.0.83-19.24.el6.i686.rpm
     policycoreutils-sandbox-2.0.83-19.24.el6.i686.rpm


- Scientific Linux Development Team
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds