[SECURITY] Fedora 13 Update: libuser-0.56.16-1.fc13.2

updates at fedoraproject.org updates at fedoraproject.org
Sat Jan 22 20:26:39 UTC 2011


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0320
2011-01-12 05:02:31
--------------------------------------------------------------------------------

Name        : libuser
Product     : Fedora 13
Version     : 0.56.16
Release     : 1.fc13.2
URL         : https://fedorahosted.org/libuser/
Summary     : A user and group account administration library
Description :
The libuser library implements a standardized interface for manipulating
and administering user and group accounts.  The library uses pluggable
back-ends to interface to its data sources.

Sample applications modeled after those included with the shadow password
suite are included.

--------------------------------------------------------------------------------
Update Information:

Fixes default userPassword value on LDAP; note that this affects only accounts for which the password was not changed later.
In addition to installing this update, maintainers of LDAP servers used for authentication should review their LDAP directory for unexpected plaintext userPassword values.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 10 2011 Miloslav Trmač <mitr at redhat.com> - 0.56.16-1.2
- Correctly mark the LDAP default password value as encrypted (CVE-2011-0002)
  Resolves: #668534
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #643227 - CVE-2011-0002 libuser creates LDAP users with a default password
        https://bugzilla.redhat.com/show_bug.cgi?id=643227
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libuser' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list