This bug was fixed in the package freeipa - 2.1.4-0ubuntu2
---------------
freeipa (2.1.4-0ubuntu2) raring; urgency=low
* 0110-Upload-CA-cert-in-the-directory-on-install.patch
0111-Update-plugin-to-upload-CA-certificate-to-LDAP.patch
0112-Do-SSL-CA-verification-and-hostname-validation.patch
0113-Use-secure-method-to-acquire-IPA-CA-certificate.patch:
- CVE-2012-5484 - The client in FreeIPA 2.x and 3.x before 3.1.2 does
not properly obtain the Certification Authority (CA) certificate
from the server, which allows man-in-the-middle attackers to spoof
a join procedure via a crafted certificate. (LP: #1104954)
* check-through-all-ldap-servers.patch: Check through all LDAP servers
in the domain during IPA discovery (ticket #1827). Patch from 2.2
to aid in porting patch 0113.
-- Timo Aaltonen <[email protected]> Mon, 11 Feb 2013 00:32:12 +0200
** Changed in: freeipa (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1104954
Title:
CVE-2012-5484: ipa-client security vunerability
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1104954/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
