* 0110-Upload-CA-cert-in-the-directory-on-install.patch
0111-Update-plugin-to-upload-CA-certificate-to-LDAP.patch
0112-Do-SSL-CA-verification-and-hostname-validation.patch
0113-Use-secure-method-to-acquire-IPA-CA-certificate.patch:
- CVE-2012-5484 - The client in FreeIPA 2.x and 3.x before 3.1.2 does
not properly obtain the Certification Authority (CA) certificate
from the server, which allows man-in-the-middle attackers to spoof
a join procedure via a crafted certificate. (LP: #1104954)
* check-through-all-ldap-servers.patch: Check through all LDAP servers
in the domain during IPA discovery (ticket #1827). Patch from 2.2
to aid in porting patch 0113.
-- Timo Aaltonen <email address hidden> Mon, 11 Feb 2013 00:32:12 +0200
This bug was fixed in the package freeipa - 2.1.4-0ubuntu2
---------------
freeipa (2.1.4-0ubuntu2) raring; urgency=low
* 0110-Upload- CA-cert- in-the- directory- on-install. patch Update- plugin- to-upload- CA-certificate- to-LDAP. patch Do-SSL- CA-verification -and-hostname- validation. patch Use-secure- method- to-acquire- IPA-CA- certificate. patch: all-ldap- servers. patch: Check through all LDAP servers
0111-
0112-
0113-
- CVE-2012-5484 - The client in FreeIPA 2.x and 3.x before 3.1.2 does
not properly obtain the Certification Authority (CA) certificate
from the server, which allows man-in-the-middle attackers to spoof
a join procedure via a crafted certificate. (LP: #1104954)
* check-through-
in the domain during IPA discovery (ticket #1827). Patch from 2.2
to aid in porting patch 0113.
-- Timo Aaltonen <email address hidden> Mon, 11 Feb 2013 00:32:12 +0200