[SECURITY] Fedora 13 Update: sssd-1.2.2-21.fc13

updates at fedoraproject.org updates at fedoraproject.org
Thu Sep 2 20:44:45 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-13549
2010-08-26 00:26:28
--------------------------------------------------------------------------------

Name        : sssd
Product     : Fedora 13
Version     : 1.2.2
Release     : 21.fc13
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
Description :
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.

--------------------------------------------------------------------------------
Update Information:

 * CVE-2010-2940 - SSSD allows null password entry to authenticate against LDAP
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 24 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.2-21
- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
-                           against LDAP
* Wed Aug  4 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.2-20
- Resolves: rhbz#621307 - Password changes are broken on LDAP
* Tue Aug  3 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.2-19
- Resolves: rhbz#606887 - sssd stops on upgrade
* Mon Aug  2 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.2-18
- New stable upstream version 1.2.2
- The LDAP provider no longer requires access to the LDAP RootDSE. If it is
- unavailable, we will continue on with our best guess
- The LDAP provider will now log issues with TLS and GSSAPI to the syslog
- Significant performance improvement when performing initgroups on users who
- are members of large groups in LDAP.
- The sss_client will now reconnect properly to the SSSD if the daemon is
- restarted.
* Mon Jun 21 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.1-15
- New stable upstream version 1.2.1
- Resolves: rhbz#595529 - spec file should eschew %define in favor of
-                         %global
- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service
-                         to fail while restart.
- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel
-                         keyring
- Resolves: rhbz#599724 - sssd is broken on Rawhide
* Thu Jun 17 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.1-13
- Eliminate tight loop when reconnecting to LDAP - rhbz#604961
* Mon May 24 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.0-12
- New stable upstream version 1.2.0
- Support ServiceGroups for FreeIPA v2 HBAC rules
- Fix long-standing issue with auth_provider = proxy
- Better logging for TLS issues in LDAP
* Tue May 18 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.1.92-11
- New LDAP access provider allows for filtering user access by LDAP attribute
- Reduced default timeout for detecting offline status with LDAP
- GSSAPI ticket lifetime made configurable
- Better offline->online transition support in Kerberos
* Fri May  7 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.1.91-10
- Release new upstream version 1.1.91
- Enhancements when using SSSD with FreeIPA v2
- Support for deferred kinit
- Support for DNS SRV records for failover
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #625189 - CVE-2010-2940 sssd: allows null password entry to authenticate against LDAP
        https://bugzilla.redhat.com/show_bug.cgi?id=625189
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update sssd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list