Moderate: freeradius security update
Date: Tue, 2 Oct 2012 08:53:22 -0500
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: Updated Package zz_fermi_sshd_config for SLF6
MIME-Version: 1.0
The following ERRATA for SLF5.x, SLF6.x are now available from:
These rpm's will go out into the autoyum area tomorrow.
We have made this bugfix update for zz_fermi_sshd_config available as an
automatic update for SLF6. It was placed in testing on July 18th 2012.
There have been no bugs reported against it. It is believed that it
resolves all reported problems with the existing zz_fermi_sshd_config
for SLF6.
It contains no changes for SLF6.3. This update is already featured there.
It contains the following changes for SLF6.2:
* Switched to UsePAM=yes, Frank says this should fix non-interactive
aklog problems
It contains the following changes for SLF6.1:
* Switched to UsePAM=yes, Frank says this should fix non-interactive
aklog problems
* added restorecon on /root/.k5login to get selinux context right should
be krb5_home_t
* added xorg-x11-xauth dependency so X11 forwarding works out of the box
* added GSSAPIKeyExchange=yes to settings
* moved to augeas based configuration to preserve some user options
SLF6:
i386
zz_fermi_sshd_config-5.3-3.2.noarch.rpm
x86_64
zz_fermi_sshd_config-5.3-3.2.noarch.rpm
Date: Tue, 2 Oct 2012 08:53:23 -0500
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: Updated Package krb5-fermi-config and krb5-fermi-krb5.conf for
SLF5 and SLF6
MIME-Version: 1.0
The following ERRATA for SLF5.x, SLF6.x are now available from:
These rpm's will go out into the autoyum area tomorrow.
- Added Nova Far Detector KDC to the standard KDC search list
- Edit and re-format HowTo instruction for System Administrators on
setting up and saving local KDC search list
- Made so the krb5-fermi-config and krb4-fermi-krb5.conf packages
are mutually exclusive - only one can be installed on a system. The
expectation is that krb5-fermi-config is installed on Scientific
Linux Fermi (SLF)
systems. The krb5-fermi-krb5.conf package is for other distributions.
This update is being published as part of a Standard Change.
See CHG4780 within Service Now for further details.
SLF5:
i386
krb5-fermi-config-4.5-2.noarch.rpm
krb5-fermi-krb5.conf-4.5-1.noarch.rpm
x86_64
krb5-fermi-config-4.5-2.noarch.rpm
krb5-fermi-krb5.conf-4.5-1.noarch.rpm
SLF6:
i386
krb5-fermi-config-4.5-2.noarch.rpm
krb5-fermi-krb5.conf-4.5-1.noarch.rpm
x86_64
krb5-fermi-config-4.5-2.noarch.rpm
krb5-fermi-krb5.conf-4.5-1.noarch.rpm
Date: Tue, 2 Oct 2012 09:01:25 -0500
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: Re: Updated Package zz_fermi_sshd_config for SLF6
In-Reply-To: <506AF1D2.4090003@fnal.gov>
MIME-Version: 1.0
Wrong list. Please ignore
On 10/02/2012 08:53 AM, Pat Riehecky wrote:
> The following ERRATA for SLF5.x, SLF6.x are now available from:
> > >
> These rpm's will go out into the autoyum area tomorrow.
>
> We have made this bugfix update for zz_fermi_sshd_config available as
> an automatic update for SLF6. It was placed in testing on July 18th
> 2012. There have been no bugs reported against it. It is believed
> that it resolves all reported problems with the existing
> zz_fermi_sshd_config for SLF6.
>
> It contains no changes for SLF6.3. This update is already featured
> there.
>
> It contains the following changes for SLF6.2:
> * Switched to UsePAM=yes, Frank says this should fix non-interactive
> aklog problems
>
> It contains the following changes for SLF6.1:
> * Switched to UsePAM=yes, Frank says this should fix non-interactive
> aklog problems
> * added restorecon on /root/.k5login to get selinux context right
> should be krb5_home_t
> * added xorg-x11-xauth dependency so X11 forwarding works out of the box
> * added GSSAPIKeyExchange=yes to settings
> * moved to augeas based configuration to preserve some user options
>
>
> SLF6:
> i386
> zz_fermi_sshd_config-5.3-3.2.noarch.rpm
>
> x86_64
> zz_fermi_sshd_config-5.3-3.2.noarch.rpm
--
Pat Riehecky
Scientific Linux Developer
Date: Tue, 2 Oct 2012 09:01:46 -0500
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: Re: Updated Package krb5-fermi-config and krb5-fermi-krb5.conf
for SLF5 and SLF6
In-Reply-To: <506AF1D3.7030802@fnal.gov>
MIME-Version: 1.0
Wrong list. Please ignore.
On 10/02/2012 08:53 AM, Pat Riehecky wrote:
> The following ERRATA for SLF5.x, SLF6.x are now available from:
> >
>
> > >
> These rpm's will go out into the autoyum area tomorrow.
>
>
> - Added Nova Far Detector KDC to the standard KDC search list
> - Edit and re-format HowTo instruction for System Administrators on
> setting up and saving local KDC search list
> - Made so the krb5-fermi-config and krb4-fermi-krb5.conf packages
> are mutually exclusive - only one can be installed on a system. The
> expectation is that krb5-fermi-config is installed on Scientific
> Linux Fermi (SLF)
> systems. The krb5-fermi-krb5.conf package is for other distributions.
>
>
> This update is being published as part of a Standard Change.
> See CHG4780 within Service Now for further details.
>
>
> SLF5:
> i386
> krb5-fermi-config-4.5-2.noarch.rpm
> krb5-fermi-krb5.conf-4.5-1.noarch.rpm
> x86_64
> krb5-fermi-config-4.5-2.noarch.rpm
> krb5-fermi-krb5.conf-4.5-1.noarch.rpm
>
> SLF6:
> i386
> krb5-fermi-config-4.5-2.noarch.rpm
> krb5-fermi-krb5.conf-4.5-1.noarch.rpm
> x86_64
> krb5-fermi-config-4.5-2.noarch.rpm
> krb5-fermi-krb5.conf-4.5-1.noarch.rpm
--
Pat Riehecky
Scientific Linux Developer
Date: Tue, 2 Oct 2012 09:27:15 -0500
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0
The following FASTBUGS have been uploaded to
i386:
gnome-terminal-2.31.3-8.el6.i686.rpm
lm_sensors-3.1.1-17.el6.i686.rpm
lm_sensors-devel-3.1.1-17.el6.i686.rpm
lm_sensors-libs-3.1.1-17.el6.i686.rpm
lm_sensors-sensord-3.1.1-17.el6.i686.rpm
rpmdevtools-7.5-2.el6.noarch.rpm
telnet-0.17-47.el6_3.1.i686.rpm
telnet-server-0.17-47.el6_3.1.i686.rpm
x86_64:
gnome-terminal-2.31.3-8.el6.x86_64.rpm
lm_sensors-3.1.1-17.el6.x86_64.rpm
lm_sensors-devel-3.1.1-17.el6.i686.rpm
lm_sensors-devel-3.1.1-17.el6.x86_64.rpm
lm_sensors-libs-3.1.1-17.el6.i686.rpm
lm_sensors-libs-3.1.1-17.el6.x86_64.rpm
lm_sensors-sensord-3.1.1-17.el6.x86_64.rpm
rpmdevtools-7.5-2.el6.noarch.rpm
telnet-0.17-47.el6_3.1.x86_64.rpm
telnet-server-0.17-47.el6_3.1.x86_64.rpm
Date: Tue, 2 Oct 2012 15:06:01 -0500
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0
The following FASTBUGS have been uploaded to
i386:
python-Updateinfo-0.1.4-1.sl6.noarch.rpm
yum-conf-sl-other-6-3.noarch.rpm
x86_64:
python-Updateinfo-0.1.4-1.sl6.noarch.rpm
yum-conf-sl-other-6-3.noarch.rpm
Date: Wed, 3 Oct 2012 09:55:15 -0500
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: Security ERRATA Moderate: freeradius on SL6.x i386/x86_64
MIME-Version: 1.0
Synopsis: Moderate: freeradius security update
Issue Date: 2012-10-02
CVE Numbers: CVE-2012-3547
--
FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.
A buffer overflow flaw was discovered in the way radiusd handled the
expiration date field in X.509 client certificates. A remote attacker could
possibly use this flaw to crash radiusd if it were configured to use the
certificate or TLS tunnelled authentication methods (such as EAP-TLS,
EAP-TTLS, and PEAP). (CVE-2012-3547)
Users of FreeRADIUS are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, radiusd will be restarted automatically.
--
SL6
x86_64
freeradius-2.1.12-4.el6_3.x86_64.rpm
freeradius-krb5-2.1.12-4.el6_3.x86_64.rpm
freeradius-ldap-2.1.12-4.el6_3.x86_64.rpm
freeradius-mysql-2.1.12-4.el6_3.x86_64.rpm
freeradius-perl-2.1.12-4.el6_3.x86_64.rpm
freeradius-postgresql-2.1.12-4.el6_3.x86_64.rpm
freeradius-python-2.1.12-4.el6_3.x86_64.rpm
freeradius-unixODBC-2.1.12-4.el6_3.x86_64.rpm
freeradius-utils-2.1.12-4.el6_3.x86_64.rpm
i386
freeradius-2.1.12-4.el6_3.i686.rpm
freeradius-krb5-2.1.12-4.el6_3.i686.rpm
freeradius-ldap-2.1.12-4.el6_3.i686.rpm
freeradius-mysql-2.1.12-4.el6_3.i686.rpm
freeradius-perl-2.1.12-4.el6_3.i686.rpm
freeradius-postgresql-2.1.12-4.el6_3.i686.rpm
freeradius-python-2.1.12-4.el6_3.i686.rpm
freeradius-unixODBC-2.1.12-4.el6_3.i686.rpm
freeradius-utils-2.1.12-4.el6_3.i686.rpm
- Scientific Linux Development Team