Fedora alert FEDORA-2011-0320 (libuser)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 13 Update: libuser-0.56.16-1.fc13.2 | |
| Date: | Sat, 22 Jan 2011 20:26:39 +0000 | |
| Message-ID: | <20110122202639.6E47A1105CA@bastion02.phx2.fedoraproject.org> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-0320 2011-01-12 05:02:31 -------------------------------------------------------------------------------- Name : libuser Product : Fedora 13 Version : 0.56.16 Release : 1.fc13.2 URL : https://fedorahosted.org/libuser/ Summary : A user and group account administration library Description : The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. -------------------------------------------------------------------------------- Update Information: Fixes default userPassword value on LDAP; note that this affects only accounts for which the password was not changed later. In addition to installing this update, maintainers of LDAP servers used for authentication should review their LDAP directory for unexpected plaintext userPassword values. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 10 2011 Miloslav Trma? <mitr@redhat.com> - 0.56.16-1.2 - Correctly mark the LDAP default password value as encrypted (CVE-2011-0002) Resolves: #668534 -------------------------------------------------------------------------------- References: [ 1 ] Bug #643227 - CVE-2011-0002 libuser creates LDAP users with a default password https://bugzilla.redhat.com/show_bug.cgi?id=643227 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libuser' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...