Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
 Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 14 Update: libuser-0.56.18-3.fc14
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Friday 21st January 2011 23:06:23 UTC (over 6 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0316
2011-01-12 05:02:19
--------------------------------------------------------------------------------

Name        : libuser
Product     : Fedora 14
Version     : 0.56.18
Release     : 3.fc14
URL         : https://fedorahosted.org/libuser/
Summary     : A user and group account administration library
Description :
The libuser library implements a standardized interface for manipulating
and administering user and group accounts.  The library uses pluggable
back-ends to interface to its data sources.

Sample applications modeled after those included with the shadow password
suite are included.

--------------------------------------------------------------------------------
Update Information:

Fixes default userPassword value on LDAP; note that this affects only
accounts for which the password was not changed later. In addition to
installing this update, maintainers of LDAP servers used for authentication
should review their LDAP directory for unexpected plaintext userPassword
values.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 10 2011 Miloslav Trmač  - 0.56.18-3
- Correctly mark the LDAP default password value as encrypted
(CVE-2011-0002)
  Resolves: #668534
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #643227 - CVE-2011-0002 libuser creates LDAP users with a
default password
        https://bugzilla.redhat.com/show_bug.cgi?id=643227
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libuser' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms