Site Navigation:
security myproxy-5.3-1.el5 security update
Status:stable
Release: Fedora EPEL 5
Update ID: FEDORA-EPEL-2011-0087
Builds: myproxy-5.3-1.el5 (logs)
Pushed: True
Date Submitted: 2011-01-18 16:24:50
Date Released: 2011-01-19 07:07:38
Submitter: stevetraylen
Karma: 1
Details

Release 5.3 fixes a myproxy-logon security bug in MyProxy versions 5.0-5.2 that disabled server identity verification:

The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not enforce the check that the myproxy-server's certificate contains the expected hostname or identity. The impacted MyProxy versions are included in Globus Toolkit releases 5.0.0-5.0.2. This issue is addressed in MyProxy 5.3.

Full details are available: http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt

Other changes in this release:

  • if myproxy-logon GSI mutual authentication with the myproxy-server fails, try again with client-side anonymous authentication, in case the client-side GSI credentials are unacceptable to the myproxy-server (for example, signed by an untrusted CA), but the myproxy-server would accept an anonymous client (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7103)
  • fix configure checks for globus_usage_stats_send, globus_usage_stats_send_array, and globus_gsi_proxy_handle_set_extensions when installing without existing Globus libraries in LD_LIBRARY_PATH (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7098)
  • in myproxy-server-setup, look in /sbin and /usr/sbin for chkconfig or update-rc.d in case they're not in PATH
  • add certificate_issuer_subca_certfile option in myproxy-server.config (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7119)
  • make all Globus Usage library errors non-fatal (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7111)
Feedback
bodhi - 2011-01-18 16:24:51
This update has been submitted for testing by stevetraylen.
bodhi - 2011-01-19 18:25:56
This update has been pushed to testing
abbot - 2011-01-21 21:02:41
Client and server both seem to work fine.
bodhi - 2011-02-02 21:52:36
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2011-02-02 21:59:01
This update has been submitted for stable by stevetraylen.
bodhi - 2011-02-03 17:58:04
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters