Fedora 26: authconfig Security Update
Summary
Authconfig is a command line utility which can configure a workstation
to use shadow (more secure) passwords. Authconfig can also configure a
system to be a client for certain networked user information and
authentication schemes.
New release fixing moderate (information leak) issue with PAM configuration when
authentication to remote services via SSSD is enabled. To fix the incorrect
configuration run: authconfig --updateall
[ 1 ] Bug #1441604 - CVE-2017-7488 authconfig: Information leak when SSSD is used for authentication against remote server
https://bugzilla.redhat.com/show_bug.cgi?id=1441604
su -c 'dnf upgrade authconfig' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
FEDORA-2017-1fe6f25af9 2017-06-09 18:48:36.533330 Product : Fedora 26 Version : 7.0.1 Release : 1.fc26 URL : https://pagure.io/authconfig Summary : Command line tool for setting up authentication from network services Description : Authconfig is a command line utility which can configure a workstation to use shadow (more secure) passwords. Authconfig can also configure a system to be a client for certain networked user information and authentication schemes. New release fixing moderate (information leak) issue with PAM configuration when authentication to remote services via SSSD is enabled. To fix the incorrect configuration run: authconfig --updateall [ 1 ] Bug #1441604 - CVE-2017-7488 authconfig: Information leak when SSSD is used for authentication against remote server https://bugzilla.redhat.com/show_bug.cgi?id=1441604 su -c 'dnf upgrade authconfig' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References