| Summary: | realmd new security issue CVE-2015-2704 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Colin Guthrie <mageia> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | mageia, mageia |
| Version: | 4 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/643698/ | ||
| Whiteboard: | |||
| Source RPM: | realmd-0.15.2-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-05-08 19:26:27 CEST
Patches checked into Cauldron SVN. Freeze push requested. Whiteboard:
(none) =>
MGA5TOO, MGA4TOO realmd-0.15.2-2.mga5 uploaded for Cauldron. Version:
Cauldron =>
4 > We may have to update it from the much older version it has if backporting the > patches proves to be difficult.
seeing how old is our version i think it would be simpler to updateCC:
(none) =>
mageia It's certainly not patchable based on the patches used in F21. The code being patched isn't present in any recognizable form in 0.7 (version in Mageia 4). That may mean that it's not vulnerable. I'm not familiar enough with this package to know if the older version works as described for the two security issues. I'm also not sure if this package even works at all, given that it was written for Fedora/RedHat. Colin, I'm assigning it to you as cockpit seems to be the only package that requires it. If it doesn't get updated/patched I'll drop both packages :) Assignee:
bugsquad =>
mageia Our cockpit package is really outdated too. Of course it's relatively young software so it's moving quickly upstream. Cockpit sounds neat, but I wonder if either of these packages really work since they'd need some adaptations for Mageia I'd think. I guess it's more likely that Colin's done what was needed for cockpit than anyone has for realmd. It would be nice to have a working realmd since it's supposed to simplify authentication setups that can be really complicated. Of course, I prefer to know what the tool is doing and what the actual needed configurations are :o) realmd and cockpit moved to obsolete. Hardware:
i586 =>
All OK, I'll revive them when I get a moment or three to update them. Will also update MGA5 (as I said to David on Friday). FWIW, Cockpit worked fine here when I last played with it. I was able to login remotely to systems in my office and manage/monitor services. Realmd seems easy enough to update (simple update of 0.16.0 worked fine here), but not sure about how well it works practically speaking - may indeed need some more work. I tried updating cockpit, but it requires pcp which itself is a massive package with further deps. Will likely not get around to it for a while so it can stay in obsolete. I'm happy to kill it on older versions too if you like. I suspect no-one is using it anyway. We can't kill it on older versions :/ That's why I moved it to obsolete on cauldron, so it wouldn't land in mga6 too if we haven't fixed it. But we can hope that it doesn't have too many users. Or if it has then maybe some of them are ready to package pcp :P
David Walser
2015-07-12 21:36:29 CEST
Version:
5 =>
4 With only a couple of weeks remaining in Mageia 4's lifetime, we don't have time to fix this and test it. This package has been dropped and no longer exists in Mageia as of Mageia 6 (assuming nobody reintroduces it before then). Closing this as OLD. Status:
NEW =>
RESOLVED |