[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] Add NEWS to warn administrators with possible local changes

Dominik George gitlab at salsa.debian.org
Thu Dec 19 11:11:43 GMT 2019 


Dominik George pushed to branch master at Debian Edu / debian-edu-config


Commits:
500e82f7 by Dominik George at 2019-12-19T11:11:19Z
Add NEWS to warn administrators with possible local changes

- - - - -


2 changed files:

- + debian/NEWS
- debian/changelog


Changes:

=====================================
debian/NEWS
=====================================
@@ -0,0 +1,12 @@
+debian-edu-config (2.11.11) unstable; urgency=high
+
+    The Kerberos kadm ACLs in /etc/krb5kdc/kadm5.acl contained an insecure
+    setting allowing all authenticated users in the network to change the
+    credentials of everyone else, thus impersonating other users and gaining
+    their privileges.
+
+    If you never changed these ACLs, the package update fixes the issue
+    automatically. If you did, please double-check that no unexpected
+    principal has the c ACL (lower-case!) set.
+
+ -- Dominik George <natureshadow at debian.org>  Mon, 16 Dec 2019 16:29:19 +0100


=====================================
debian/changelog
=====================================
@@ -2,6 +2,8 @@ debian-edu-config (2.11.11) UNRELEASED; urgency=medium
 
   * Amend last changelog entry with CVE
   * debian/control: Reference Debian Edu in binary package description
+  * Follow-up for CVE-2019-3467:
+    - Add NEWS to warn administrators with possible local changes.
 
  -- Dominik George <natureshadow at debian.org>  Wed, 18 Dec 2019 13:14:31 +0100
 



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/commit/500e82f752421443e6abd3deb84ad913e80af4e3

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/commit/500e82f752421443e6abd3deb84ad913e80af4e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20191219/54143728/attachment-0001.html>

More information about the debian-edu-commits mailing list