FEDORA-EPEL-2011-0087 created by stevetraylen 9 years ago for Fedora EPEL 5
stable

Release 5.3 fixes a myproxy-logon security bug in MyProxy versions 5.0-5.2 that disabled server identity verification:

The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not enforce the check that the myproxy-server's certificate contains the expected hostname or identity. The impacted MyProxy versions are included in Globus Toolkit releases 5.0.0-5.0.2. This issue is addressed in MyProxy 5.3.

Full details are available: http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt

Other changes in this release: if myproxy-logon GSI mutual authentication with the myproxy-server fails, try again with client-side anonymous authentication, in case the client-side GSI credentials are unacceptable to the myproxy-server (for example, signed by an untrusted CA), but the myproxy-server would accept an anonymous client (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7103) fix configure checks for globus_usage_stats_send, globus_usage_stats_send_array, and globus_gsi_proxy_handle_set_extensions when installing without existing Globus libraries in LD_LIBRARY_PATH (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7098) in myproxy-server-setup, look in /sbin and /usr/sbin for chkconfig or update-rc.d in case they're not in PATH add certificate_issuer_subca_certfile option in myproxy-server.config (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7119) * make all Globus Usage library errors non-fatal (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7111)

This update has been submitted for testing by stevetraylen.

9 years ago

This update has been pushed to testing

9 years ago
User Icon abbot commented & provided feedback 9 years ago
karma

Client and server both seem to work fine.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

9 years ago

This update has been submitted for stable by stevetraylen.

9 years ago

This update has been pushed to stable

9 years ago

Please login to add feedback.

Metadata
Type
security
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
9 years ago
in testing
9 years ago
in stable
9 years ago

Automated Test Results