myproxy-5.3-1.el5 security update
|Release:||Fedora EPEL 5|
|Date Submitted:||2011-01-18 16:24:50|
|Date Released:||2011-01-19 07:07:38|
Release 5.3 fixes a myproxy-logon security bug in MyProxy versions 5.0-5.2 that disabled server identity verification:
The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not enforce the check that the myproxy-server's certificate contains the expected hostname or identity. The impacted MyProxy versions are included in Globus Toolkit releases 5.0.0-5.0.2. This issue is addressed in MyProxy 5.3.
Full details are available: http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt
Other changes in this release:
- if myproxy-logon GSI mutual authentication with the myproxy-server fails, try again with client-side anonymous authentication, in case the client-side GSI credentials are unacceptable to the myproxy-server (for example, signed by an untrusted CA), but the myproxy-server would accept an anonymous client (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7103)
- fix configure checks for globus_usage_stats_send, globus_usage_stats_send_array, and globus_gsi_proxy_handle_set_extensions when installing without existing Globus libraries in LD_LIBRARY_PATH (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7098)
- in myproxy-server-setup, look in /sbin and /usr/sbin for chkconfig or update-rc.d in case they're not in PATH
- add certificate_issuer_subca_certfile option in myproxy-server.config (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7119)
- make all Globus Usage library errors non-fatal (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7111)bodhi - 2011-01-18 16:24:51This update has been submitted for testing by stevetraylen.
bodhi - 2011-01-19 18:25:56This update has been pushed to testing
abbot - 2011-01-21 21:02:41Client and server both seem to work fine.
bodhi - 2011-02-02 21:52:36This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2011-02-02 21:59:01This update has been submitted for stable by stevetraylen.
bodhi - 2011-02-03 17:58:04This update has been pushed to stable