ELSA-2011-1533

ELSA-2011-1533 - ipa security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2011-12-14

Description


[2.1.3-9.el6]
- Add current password prompt when changing own password in web UI (#751179)
- Remove extraneous trailing ' from netgroup patch (#749352)

[2.1.3-8.el6]
- Updated patch for CVE-2011-3636 to include CR in the HTTP headers.
xmlrpc-c in RHEL-6 doesn't suppose the dont_advertise option so that is
not set any more. Another fake header, X-Original-User_Agent, is added
so there is no more trailing junk after the Referer header. (#749870)

[2.1.3-7.el6]
- Require an HTTP Referer header to address CSRF attackes. CVE-2011-3636.
(#749870)

[2.1.3-6.el6]
- Users not showing up in nis netgroup triple (#749352)

[2.1.3-5.el6]
- Add update file to remove entitlement roles, privileges and
permissions (#739060)

[2.1.3-4.el6]
- Quote worker option in krb5kdc (#748754)

[2.1.3-3.el6]
- hbactest fails while you have svcgroup in hbacrule (#746227)
- Add Kerberos domain mapping for system hostname (#747443)
- Format certificates as PEM in browser (#701325)

[2.1.3-2.el6]
- ipa-client-install hangs if the discovered server is unresponsive (#745392)
- Fix minor problems in help system (#747028)
- Remove help fix from Disable automember patch (#746717)
- Update minimum version of sssd to 1.5.1-60 to pick up SELinux fix (#746265)

[2.1.3-1.el6]
- Update to upstream 2.1.3 release (#736170)
- Additional branding (#742264)
- Disable automember cli (#746717)
- ipa-client-install sometimes fails to start sssd properly (#736954)
- ipa-client-install adds duplicate information to krb5.conf (#714597)
- ipa-client-install should configure hostname (#714919)
- inconsistency in enabling 'delete' buttons (#730751)
- hbactest does not resolve canonical names during simulation (#740850)
- Default DNS Administration Role - Permissions missing (#742327)
- named fails to start after installing ipa server when short (#742875)
- Duplicate hostgroup and netgroup should not be allowed (#743253)
- named fails to start (#743680)
- Global password policy should not be able to be deleted (#744074)
- Client install fails when anonymous bind is disabled (#744101)
- Internal Server Error adding invalid reverse DNS zone (#744234)
- ipa hbactest does not evaluate indirect members from groups. (#744410)
- Leaks KDC password and master password via command line arguments (#744422)
- Traceback when upgrading from ipa-server-2.1.1-1 (#744798)
- IPA User's Primary GID is not being set to their UPG's GID (#745552)
- --forwarder option of ipa-dns-install allows invalid IP addr (#745698)
- UI does not grant access based on roles (#745957)
- Unable to add external user for RunAs User for Sudo (#746056)
- Typo in error message while adding invalid ptr record. (#746199)
- Don't use python 2.7-only syntax (#746229)
- Error when using ipa-client-install with --no-sssd option (#746276)
- Installation fails if sssd.conf exists and is already config (#746298)
- External hosts are not removed properly from sudorule (#709665)
- Competely remove entitlement support (#739060)
- Add winsync section to ipa-replica-manage man page (#744306)

[2.1.2-2.el6]
- Remove python-rhsm as a Requires (#739060)

[2.1.2-1.el6]
- Update to upstream 2.1.2 release (#736170)
- More completely disable entitlement support (#739060)
- Drop patch to ignore return value from restorecon (upstreamed)
- Set min version of 389-ds-base to 1.2.9.12-2
- Set min version of dogtag to 9.0.3-20
- Rebased hide-pkinit, ipa-RHEL-index and remove-persistent-search
patches (#700586)

[2.1.1-4.el6]
- Update RHEL patch (#740094)

[2.1.1-3.el6]
- Ignore return value from restorecon (#739604)
- Disable entitlement support (#739060, #739061)

[2.1.1-2.el6]
- Update minimum xmlrpc-c version (#736787)
- Fix package installation order causing SELinux problems (#737516)

[2.1.1-1.el6]
- Update to upstream 2.1.1 release (#732803)

[2.1.0-1.el6]
- Resolves: rhbz#708388 - Update to upstream 2.1.0 release

[2.0.0-25]
- Remove client debug logging patch (#705800)

[2.0.0-24]
- Wait for 389-ds tasks to complete (#698421)
- Set replica to restart ipa on boot (#705794)
- Improve client debug logging (#705800)
- Managed Entries not configured on replicas (#703869)
- Don't create bogus aRecord when creating new zone (#704012)


Related CVEs


CVE-2011-3636

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) ipa-2.1.3-9.el6.src.rpmb3da5b23583573385263cab726f91778ELBA-2019-4569
ipa-admintools-2.1.3-9.el6.i686.rpm4d9a6c1a70f42268634dc324aff02f82ELBA-2019-4569
ipa-client-2.1.3-9.el6.i686.rpmec5e7fd1f8f54361875c467ce608e773ELBA-2019-4569
ipa-python-2.1.3-9.el6.i686.rpm0478acb115b5608b0b9a13c7657784d3ELBA-2019-4569
ipa-server-2.1.3-9.el6.i686.rpm7d2b2665a0b32c943e778d7336f18dbfELBA-2019-4569
ipa-server-selinux-2.1.3-9.el6.i686.rpme6d2c76c1349e11de35e7f047b43295fELBA-2019-4569
Oracle Linux 6 (x86_64) ipa-2.1.3-9.el6.src.rpmb3da5b23583573385263cab726f91778ELBA-2019-4569
ipa-admintools-2.1.3-9.el6.x86_64.rpm2304a3ef29ff7f84e86fc1cf531ccf5bELBA-2019-4569
ipa-client-2.1.3-9.el6.x86_64.rpmddd1b023bc2bc172a04083893a563423ELBA-2019-4569
ipa-python-2.1.3-9.el6.x86_64.rpm596185d6185157ce64e2f0f273e82ca7ELBA-2019-4569
ipa-server-2.1.3-9.el6.x86_64.rpm2dbf8216e8a40c26b7fe6bf43a8c1a65ELBA-2019-4569
ipa-server-selinux-2.1.3-9.el6.x86_64.rpm804b793f39caf6c9229fb0d72842a55bELBA-2019-4569



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete