[Freeipa-devel] [PATCH] FreeIPA 4.1.4 release and fixes for CVE-2015-1827 and CVE-2015-0283
Petr Vobornik
pvoborni at redhat.com
Thu Mar 26 14:05:32 UTC 2015
On 03/26/2015 02:20 PM, Alexander Bokovoy wrote:
> Hi,
>
> I've released slapi-nis 0.54.2 this morning as a fix for CVE-2015-0283,
> packages are built for Fedora and RHEL7.1. However, to complete the
> cycle, we need to release FreeIPA 4.1.4 to fix CVE-2015-1827.
>
> Both CVEs are for processing of group membership when dealing with users
> from trusted AD domains. Fix in FreeIPA is in extdom plugin which is in
> use by sssd 1.12.x, while slapi-nis fix is for legacy clients.
>
> We need to commit attached patches to FreeIPA and make a release of
> FreeIPA 4.1.4 today. Then I can do Fedora builds and a combined update
> push for slapi-nis+freeipa packages in Fedora.
>
> Patch 1 is actual CVE-2015-1827 fix.
>
> Patch 2 is to remove wrong values from Makefile.am files that actually
> prevent regenerating Makefiles in daemons/ subdirectory, causing
> non-working RHEL build. We fixed 4.1.0 base with this patch in RHEL and
> we just need to bring upstream in sync with downstream on this.
>
> Patch 3 raises requirement of slapi-nis to the fixed version.
>
These patches has been already tested while the CVE was embargoed.
pushed to
ipa-4-1:
* 447c5c7b0d76482dbb4273ea968a87cee2f4cddd fix Makefile.am for daemons
* fd8e796873f34c942b8ab28d486b5edfe1c27abd extdom: fix wrong realloc size
master:
* 704c79d91d58f87b80afe6e9331e8060116b5ec0 fix Makefile.am for daemons
* c1114ef82516002de08e004a930b5ba4a1791b25 extdom: fix wrong realloc size
ipa-4-1:
* 93302a8c28731625a0e38e647be50a9598bb49e7 slapi-nis: require 0.54.2 for
CVE-2015-0283 fixes
master:
* 1b781b777f534b12a178202afa0982afd2d9c1dd slapi-nis: require 0.54.2 for
CVE-2015-0283 fixes
I'm going to do the FreeIPA 4.1.4 release now.
--
Petr Vobornik
More information about the Freeipa-devel
mailing list