ipa security and bug fix update

2015-07-28T00:00:00
ID ELSA-2015-1462
Type oraclelinux
Reporter Oracle
Modified 2015-07-28T00:00:00

Description

[3.0.0-47.el6] - Resolves: #1220788 - Some IPA schema files are not RFC 4512 compliant [3.0.0-46.el6] - Use tls version range in NSSHTTPS initialization - Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA client and server - Resolves: #1012224 - host certificate not issued to client during ipa-client-install [3.0.0-45.el6] - Resolves: #1205660 - ipa-client rpm should require keyutils [3.0.0-44.el6] - Release 3.0.0-44 - Resolves: #1201454 - ipa breaks sshd config [3.0.0-43.el6] - Release 3.0.0-43 - Resolves: #1191040 - ipa-client-automount: failing with error LDAP server returned UNWILLING_TO_PERFORM. This likely means that minssf is enabled. - Resolves: #1185207 - ipa-client dont end new line character in /etc/nsswitch.conf - Resolves: #1166241 - CVE-2010-5312 CVE-2012-6662 ipa: various flaws - Resolves: #1161722 - IDM client registration failure in a high load environment - Resolves: #1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA client and server - Resolves: #1146870 - ipa-client-install fails with 'KerbTransport instance has no attribute '__conn'' traceback - Resolves: #1132261 - ipa-client-install failing produces a traceback instead of useful error message - Resolves: #1131571 - Do not allow IdM server/replica/client installation in a FIPS-140 mode - Resolves: #1198160 - /usr/sbin/ipa-server-install --uninstall does not clean /var/lib/ipa/pki-ca - Resolves: #1198339 - ipa-client-install adds extra sss to sudoers in nsswitch.conf - Require: 389-ds-base >= 1.2.11.15-51 - Require: mod_nss >= 1.0.10 - Require: pki-ca >= 9.0.3-40 - Require: python-nss >= 0.16