[El-errata] ELSA-2015-1462 Moderate: Oracle Linux 6 ipa security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Jul 29 09:38:40 PDT 2015 

Oracle Linux Security Advisory ELSA-2015-1462

http://linux.oracle.com/errata/ELSA-2015-1462.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
ipa-admintools-3.0.0-47.el6.i686.rpm
ipa-client-3.0.0-47.el6.i686.rpm
ipa-python-3.0.0-47.el6.i686.rpm
ipa-server-3.0.0-47.el6.i686.rpm
ipa-server-selinux-3.0.0-47.el6.i686.rpm
ipa-server-trust-ad-3.0.0-47.el6.i686.rpm

x86_64:
ipa-admintools-3.0.0-47.el6.x86_64.rpm
ipa-client-3.0.0-47.el6.x86_64.rpm
ipa-python-3.0.0-47.el6.x86_64.rpm
ipa-server-3.0.0-47.el6.x86_64.rpm
ipa-server-selinux-3.0.0-47.el6.x86_64.rpm
ipa-server-trust-ad-3.0.0-47.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/ipa-3.0.0-47.el6.src.rpm



Description of changes:

[3.0.0-47.el6]
- Resolves: #1220788 - Some IPA schema files are not RFC 4512 compliant

[3.0.0-46.el6]
- Use tls version range in NSSHTTPS initialization
- Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA
                        client and server
- Resolves: #1012224 - host certificate not issued to client during
                        ipa-client-install

[3.0.0-45.el6]
- Resolves: #1205660 -  ipa-client rpm should require keyutils

[3.0.0-44.el6]
- Release 3.0.0-44
- Resolves: #1201454 - ipa breaks sshd config

[3.0.0-43.el6]
- Release 3.0.0-43
- Resolves: #1191040 - ipa-client-automount: failing with error LDAP server
                        returned UNWILLING_TO_PERFORM. This likely means 
that
                        minssf is enabled.
- Resolves: #1185207 - ipa-client dont end new line character in
                        /etc/nsswitch.conf
- Resolves: #1166241 - CVE-2010-5312 CVE-2012-6662 ipa: various flaws
- Resolves: #1161722 - IDM client registration failure in a high load
                        environment
- Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA
                        client and server
- Resolves: #1146870 - ipa-client-install fails with "KerbTransport instance
                        has no attribute '__conn'" traceback
- Resolves: #1132261 - ipa-client-install failing produces a traceback
                        instead of useful error message
- Resolves: #1131571 - Do not allow IdM server/replica/client installation
                        in a FIPS-140 mode
- Resolves: #1198160 - /usr/sbin/ipa-server-install --uninstall does not
                        clean /var/lib/ipa/pki-ca
- Resolves: #1198339 - ipa-client-install adds extra sss to sudoers in
                        nsswitch.conf
- Require: 389-ds-base >= 1.2.11.15-51
- Require: mod_nss >= 1.0.10
- Require: pki-ca >= 9.0.3-40
- Require: python-nss >= 0.16

More information about the El-errata mailing list