Site Navigation:
security myproxy-5.3-1.el5 security update
Release: Fedora EPEL 5
Update ID: FEDORA-EPEL-2011-0087
Builds: myproxy-5.3-1.el5 (logs)
Pushed: True
Date Submitted: 2011-01-18 16:24:50
Date Released: 2011-01-19 07:07:38
Submitter: stevetraylen
Karma: 1

Release 5.3 fixes a myproxy-logon security bug in MyProxy versions 5.0-5.2 that disabled server identity verification:

The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not enforce the check that the myproxy-server's certificate contains the expected hostname or identity. The impacted MyProxy versions are included in Globus Toolkit releases 5.0.0-5.0.2. This issue is addressed in MyProxy 5.3.

Full details are available:

Other changes in this release:

  • if myproxy-logon GSI mutual authentication with the myproxy-server fails, try again with client-side anonymous authentication, in case the client-side GSI credentials are unacceptable to the myproxy-server (for example, signed by an untrusted CA), but the myproxy-server would accept an anonymous client (
  • fix configure checks for globus_usage_stats_send, globus_usage_stats_send_array, and globus_gsi_proxy_handle_set_extensions when installing without existing Globus libraries in LD_LIBRARY_PATH (
  • in myproxy-server-setup, look in /sbin and /usr/sbin for chkconfig or update-rc.d in case they're not in PATH
  • add certificate_issuer_subca_certfile option in myproxy-server.config (
  • make all Globus Usage library errors non-fatal (
bodhi - 2011-01-18 16:24:51
This update has been submitted for testing by stevetraylen.
bodhi - 2011-01-19 18:25:56
This update has been pushed to testing
abbot - 2011-01-21 21:02:41
Client and server both seem to work fine.
bodhi - 2011-02-02 21:52:36
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2011-02-02 21:59:01
This update has been submitted for stable by stevetraylen.
bodhi - 2011-02-03 17:58:04
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters