rpms/sssd/F-11 sssd-0.4.1-cve-2009-2410.patch, NONE, 1.1 sssd.spec, 1.20, 1.21
Jakub Hrozek
jhrozek at fedoraproject.org
Wed Jul 29 11:27:20 UTC 2009
- Previous message (by thread): rpms/geanyvc/devel dead.package, NONE, 1.1 Makefile, 1.1, NONE geanyvc.spec, 1.4, NONE import.log, 1.1, NONE sources, 1.2, NONE
- Next message (by thread): [pkgdb] xz had acl change status
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jhrozek
Update of /cvs/extras/rpms/sssd/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30036
Modified Files:
sssd.spec
Added Files:
sssd-0.4.1-cve-2009-2410.patch
Log Message:
Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
without a password. (Patch by Stephen Gallagher)
sssd-0.4.1-cve-2009-2410.patch:
pam_LOCAL_domain.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- NEW FILE sssd-0.4.1-cve-2009-2410.patch ---
>From 52ef221f3f5fc65c96d35ecaa7eb8a7a67ce6e4b Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh at redhat.com>
Date: Tue, 28 Jul 2009 09:43:57 -0400
Subject: [PATCH] Address CVE-2009-2410
Fix incorrect error code return in local_handler_callback
---
server/responder/pam/pam_LOCAL_domain.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c
index 010bd8d..48a4a81 100644
--- a/server/responder/pam/pam_LOCAL_domain.c
+++ b/server/responder/pam/pam_LOCAL_domain.c
@@ -327,7 +327,7 @@ static void local_handler_callback(void *pvt, int ldb_status,
password = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
NULL_CHECK_OR_JUMP(password, ("No password stored.\n"),
- lreq->error, ret, done);
+ lreq->error, LDB_ERR_NO_SUCH_ATTRIBUTE, done);
DEBUG(4, ("user: [%s], password hash: [%s]\n", username, password));
ret = s3crypt_sha512(lreq, authtok, password, &new_hash);
--
1.6.2.5
Index: sssd.spec
===================================================================
RCS file: /cvs/extras/rpms/sssd/F-11/sssd.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -p -r1.20 -r1.21
--- sssd.spec 22 Jun 2009 14:47:06 -0000 1.20
+++ sssd.spec 29 Jul 2009 11:27:19 -0000 1.21
@@ -1,6 +1,6 @@
Name: sssd
Version: 0.4.1
-Release: 2%{?dist}
+Release: 3%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
@@ -16,6 +16,7 @@ Patch010: sssd-0.4.1-debug_fn.patch
Patch011: sssd-0.4.1-conf_check.patch
Patch012: sssd-0.4.1-reload_conf.patch
Patch013: sssd-0.4.1-reload_conf_2.patch
+Patch014: sssd-0.4.1-cve-2009-2410.patch
### Dependencies ###
@@ -62,6 +63,7 @@ services for projects like FreeIPA.
%patch011 -p1 -b .conf_check
%patch012 -p1 -b .reload_conf
%patch013 -p1 -b .reload_conf_2
+%patch014 -p1 -b .cve-2009-2410
%build
%configure \
@@ -135,6 +137,10 @@ if [ $1 -ge 1 ] ; then
fi
%changelog
+* Wed Jul 29 2009 Jakub Hrozek <jhrozek at redhat.com> - 0.4.1-3
+- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
+ without a password. (Patch by Stephen Gallagher)
+
* Mon Jun 22 2009 Simo Sorce <ssorce at redhat.com> - 0.4.1-2
- Fix a couple of segfaults that may happen on reload
- Previous message (by thread): rpms/geanyvc/devel dead.package, NONE, 1.1 Makefile, 1.1, NONE geanyvc.spec, 1.4, NONE import.log, 1.1, NONE sources, 1.2, NONE
- Next message (by thread): [pkgdb] xz had acl change status
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list