Subject: pkg/17434: URGENT: maintainer update port net/ipa 1.2.5 -> 1.2.7
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 06/29/2002 16:30:31
>Synopsis: URGENT: maintainer update port net/ipa 1.2.5 -> 1.2.7
>Arrival-Date: Sat Jun 29 16:48:00 PDT 2002
>Originator: Andrey Simonenko
>Release: NetBSD/i386 1.5.1
Please update port sysutils/ipa 1.2.5 -> 1.2.7 as quickly as possible.
I broked some functionality of IPA, but removed security problem from IPA (strange that nobody reported me about security problem with ipastat(8)).
1.2.7 30/06/2002 released
- SECURITY PROBLEM: I removed SUID bit from ipastat(8) due to security
problems, and don't even try to set it back.
Admins who use the "db_owner" parameter *and* use some safe
user/group, *and* din't forget to set the same safe user/group for
the ipastat(8) program, as it was said in the SECURITY NOTE on the
ipastat(8) manual page, should not worry a lot. Admins, who ignored
that SECURITY NOTE, should double
check security of their systems and change all passwords, secrets
eys, etc., if you think that somebody cracked your systems by
I'm sorry about this sad program mistake.
I haven't NetBSD box right now, and can't give a diff for IPA's port, but I've just send update to FreeBSD, everything what should be updated is version number and checksums.