[SECURITY] Fedora 13 Update: sssd-1.3.0-40.fc13

updates at fedoraproject.org updates at fedoraproject.org
Fri Jan 21 22:55:50 UTC 2011


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0337
2011-01-13 17:40:22
--------------------------------------------------------------------------------

Name        : sssd
Product     : Fedora 13
Version     : 1.3.0
Release     : 40.fc13
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
Description :
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.

--------------------------------------------------------------------------------
Update Information:

Addresses low-priority CVE-2010-4341: DoS in sssd PAM responder can prevent logins
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 12 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.3.0-40
- Bump release to rebuild with patch in source-control
* Tue Jan 11 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.3.0-39
- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
* Thu Nov 18 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.3.0-38
- Solve a shutdown race-condition that sometimes left processes running
* Thu Nov 18 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.3.0-37
- Resolves: rhbz#606887 - SSSD stops on upgrade
* Wed Oct 27 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.3.0-36
- Fix segfault issue in the kerberos provider
* Mon Oct  4 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.3.0-35
- Fix pre and post script requirements
* Mon Oct  4 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.3.0-34
- Resolves: rhbz#606887 - sssd stops on upgrade
* Fri Oct  1 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.3.0-33
- Resolves: rhbz#626205 - Unable to unlock screen
* Tue Sep 28 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.3.0-32
- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but
-                         doesn't require it
* Thu Sep 16 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.3.0-31
- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib
* Tue Aug 24 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.3.0-30
- New upstream version 1.3.0
- Improved LDAP failover
- Synchronous sysdb API (provides performance enhancements)
- Better online reconnection detection
* Tue Aug 24 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.2-21
- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
-                           against LDAP
* Wed Aug  4 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.2-20
- Resolves: rhbz#621307 - Password changes are broken on LDAP
* Tue Aug  3 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.2-19
- Resolves: rhbz#606887 - sssd stops on upgrade
* Mon Aug  2 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.2-18
- New stable upstream version 1.2.2
- The LDAP provider no longer requires access to the LDAP RootDSE. If it is
- unavailable, we will continue on with our best guess
- The LDAP provider will now log issues with TLS and GSSAPI to the syslog
- Significant performance improvement when performing initgroups on users who
- are members of large groups in LDAP.
- The sss_client will now reconnect properly to the SSSD if the daemon is
- restarted.
* Mon Jun 21 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.1-15
- New stable upstream version 1.2.1
- Resolves: rhbz#595529 - spec file should eschew %define in favor of
-                         %global
- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service
-                         to fail while restart.
- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel
-                         keyring
- Resolves: rhbz#599724 - sssd is broken on Rawhide
* Thu Jun 17 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.1-13
- Eliminate tight loop when reconnecting to LDAP - rhbz#604961
* Mon May 24 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.0-12
- New stable upstream version 1.2.0
- Support ServiceGroups for FreeIPA v2 HBAC rules
- Fix long-standing issue with auth_provider = proxy
- Better logging for TLS issues in LDAP
* Tue May 18 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.1.92-11
- New LDAP access provider allows for filtering user access by LDAP attribute
- Reduced default timeout for detecting offline status with LDAP
- GSSAPI ticket lifetime made configurable
- Better offline->online transition support in Kerberos
* Fri May  7 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.1.91-10
- Release new upstream version 1.1.91
- Enhancements when using SSSD with FreeIPA v2
- Support for deferred kinit
- Support for DNS SRV records for failover
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins
        https://bugzilla.redhat.com/show_bug.cgi?id=661163
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update sssd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list