Your message dated Sat, 21 Dec 2019 16:32:44 +0000 with message-id <E1iihgK-0005p3-Md@fasolo.debian.org> and subject line Bug#946797: fixed in debian-edu-config 2.10.65+deb10u3 has caused the Debian Bug report #946797, regarding debian-edu-config: kadm5.acl should set proper rights for users to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 946797: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: debian-edu-config: kadm5.acl should set proper rights for users
- From: Wolfgang Schweer <w.schweer@gmx.de>
- Date: Mon, 16 Dec 2019 00:26:57 +0100
- Message-id: <[🔎] 20191215232657.GA11112@star>
Package: debian-edu-config Version: 1.812+deb8u1 Severity: important To improve security, settings in kadm5.acl should be adjusted. The needed fix is minimal: --- a/share/debian-edu-config/tools/kerberos-kdc-init +++ b/share/debian-edu-config/tools/kerberos-kdc-init @@ -187,7 +187,7 @@ EOF if [ ! -f /etc/krb5kdc/kadm5.acl ] ; then cat > /etc/krb5kdc/kadm5.acl <<EOF root/admin@INTERN * -*@INTERN cil +*@INTERN Cil */*@INTERN i EOF chmod 644 /etc/krb5kdc/kadm5.acl Thanks to Andreas B. Mundt for the hint. Also, /etc/krb5kdc/kadm5.acl should be fixed accordingly upon upgrades by adding something like this to debian-edu-config.postinst: [configure case] fi + + # Set proper rights for users. + if [ -f /etc/krb5kdc/kadm5.acl ] ; then + sed -i 's/cil/Cil/' /etc/krb5kdc/kadm5.acl + fi ;; esac WolfgangAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 946797-close@bugs.debian.org
- Subject: Bug#946797: fixed in debian-edu-config 2.10.65+deb10u3
- From: Dominik George <natureshadow@debian.org>
- Date: Sat, 21 Dec 2019 16:32:44 +0000
- Message-id: <E1iihgK-0005p3-Md@fasolo.debian.org>
Source: debian-edu-config Source-Version: 2.10.65+deb10u3 We believe that the bug you reported is fixed in the latest version of debian-edu-config, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 946797@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dominik George <natureshadow@debian.org> (supplier of updated debian-edu-config package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Dec 2019 16:29:19 +0100 Source: debian-edu-config Architecture: source Version: 2.10.65+deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian Edu Developers <debian-edu@lists.debian.org> Changed-By: Dominik George <natureshadow@debian.org> Closes: 946797 Changes: debian-edu-config (2.10.65+deb10u3) buster-security; urgency=high . * Security fix for CVE-2019-3467 . [ Wolfgang Schweer ] * share/debian-edu-config/tools/kerberos-kdc-init: - Set proper rights for users in kadm5.acl file. (Closes: #946797) * Adjust debian/debian-edu-config.postinst to fix kadm5.acl upon upgrades. . [ Holger Levsen ] * Improve debian/debian-edu-config.postinst fix to only run once on upgrades. . [ Dominik George ] * Add NEWS to warn administrators with possible local changes. Checksums-Sha1: c8d1697ca57aa596b5a9be450c5bb01621c6417a 2019 debian-edu-config_2.10.65+deb10u3.dsc fdc366af82ac76bc960faa079885297b52f9d891 345320 debian-edu-config_2.10.65+deb10u3.tar.xz bbba6e68d16e31013ccd37a7faa1c2efe12e11b1 5824 debian-edu-config_2.10.65+deb10u3_amd64.buildinfo Checksums-Sha256: 9993c2b690261ef72409bee9674ec187ad58f41583a0b0a256aa5cc64e8aaf86 2019 debian-edu-config_2.10.65+deb10u3.dsc aaf5a4130d2a032d5e56eac5aa63629d5f9ed08366e6df4f0f95eb8e923aa4ed 345320 debian-edu-config_2.10.65+deb10u3.tar.xz 311b91ce88fd4a26b45f9bb7752257a0de26e03c582c5088039374c867605ec4 5824 debian-edu-config_2.10.65+deb10u3_amd64.buildinfo Files: 0bbc77ad3bfa657431b7216d4c2996cd 2019 misc optional debian-edu-config_2.10.65+deb10u3.dsc d38c7dd2f8ee6f4804f5e177bcbb74cd 345320 misc optional debian-edu-config_2.10.65+deb10u3.tar.xz da0f8ddd45485c45f287201756165264 5824 misc optional debian-edu-config_2.10.65+deb10u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl35Dx8xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTylim4D/9Nt1XbDfCh3QLu4IFHH87WKqmeJvR/zPWf7Qz3u4jV26TC7KwPwPSA /EInc9VGafb0qPjCv80iVqygLHp5YVKC1K2h4Q7xxNUJz/WktyGM52IJJY83PrfK PWNPCNrJ8WFDR8o2OJhNbchAX8nGvbw/mD7n2Vf4jcTEQrZE8o7ZLeGo2iluPXMf BxPsQtna2tFF0pYgqcNe28hzWqDQurfwKYMRANxWNKbfetqDXgnKqJ6QBokKDGoS VwSMepogM4RqQxPcH1E9/lXPzKYZY1EXqFR+lOWPF9X4LC38oTHQvgwVIAz3Vt93 b0ABi4IwxFKdYWcN/9oaWAyEr0rE3e6Ckpo/dAGBnCXti/homGT/+/XdBS85Vi37 3u5TDqRd3RJmkIQjFvo6bzE5XdNR+CVnh5+ioNsSKmaxsSKBjVAkqCDfowmWZL1B FNKmRpX99cUdsJhGJ2ASyEl148pRxwU9tR8nVU72rx9L1oq3gWGsptYsPoi8LTwM aS+v1qz3eYOrrkpqKv2YL3oSIVnUlxHZnnSzDbj5b7nQjqGnBh2SryXgnlxWfPGw fmlZB8LxtoFxTejb45yz45ciyRNBYeYJX2CHsCx0Vfql/ZMVL9aXfyYgwuCpusuG 2DagMRMNBGV7a/lLVULqoQyyukUfiGNxPTUuM5M3uqPBtox2EQUNww== =/iWq -----END PGP SIGNATURE-----
--- End Message ---