Your message dated Sat, 21 Dec 2019 16:33:58 +0000 with message-id <E1iihhW-0006DW-Jn@fasolo.debian.org> and subject line Bug#946797: fixed in debian-edu-config 1.929+deb9u4 has caused the Debian Bug report #946797, regarding debian-edu-config: kadm5.acl should set proper rights for users to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 946797: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: debian-edu-config: kadm5.acl should set proper rights for users
- From: Wolfgang Schweer <w.schweer@gmx.de>
- Date: Mon, 16 Dec 2019 00:26:57 +0100
- Message-id: <[🔎] 20191215232657.GA11112@star>
Package: debian-edu-config Version: 1.812+deb8u1 Severity: important To improve security, settings in kadm5.acl should be adjusted. The needed fix is minimal: --- a/share/debian-edu-config/tools/kerberos-kdc-init +++ b/share/debian-edu-config/tools/kerberos-kdc-init @@ -187,7 +187,7 @@ EOF if [ ! -f /etc/krb5kdc/kadm5.acl ] ; then cat > /etc/krb5kdc/kadm5.acl <<EOF root/admin@INTERN * -*@INTERN cil +*@INTERN Cil */*@INTERN i EOF chmod 644 /etc/krb5kdc/kadm5.acl Thanks to Andreas B. Mundt for the hint. Also, /etc/krb5kdc/kadm5.acl should be fixed accordingly upon upgrades by adding something like this to debian-edu-config.postinst: [configure case] fi + + # Set proper rights for users. + if [ -f /etc/krb5kdc/kadm5.acl ] ; then + sed -i 's/cil/Cil/' /etc/krb5kdc/kadm5.acl + fi ;; esac WolfgangAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 946797-close@bugs.debian.org
- Subject: Bug#946797: fixed in debian-edu-config 1.929+deb9u4
- From: Dominik George <natureshadow@debian.org>
- Date: Sat, 21 Dec 2019 16:33:58 +0000
- Message-id: <E1iihhW-0006DW-Jn@fasolo.debian.org>
Source: debian-edu-config Source-Version: 1.929+deb9u4 We believe that the bug you reported is fixed in the latest version of debian-edu-config, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 946797@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dominik George <natureshadow@debian.org> (supplier of updated debian-edu-config package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 17 Dec 2019 18:38:50 +0100 Source: debian-edu-config Binary: debian-edu-config Architecture: source Version: 1.929+deb9u4 Distribution: stretch-security Urgency: high Maintainer: Debian Edu Developers <debian-edu@lists.debian.org> Changed-By: Dominik George <natureshadow@debian.org> Description: debian-edu-config - Configuration files for Skolelinux systems Closes: 946797 Changes: debian-edu-config (1.929+deb9u4) stretch-security; urgency=high . * Security fix for CVE-2019-3467 . [ Wolfgang Schweer ] * share/debian-edu-config/tools/kerberos-kdc-init: - Set proper rights for users in kadm5.acl file. (Closes: #946797) * Adjust debian/debian-edu-config.postinst to fix kadm5.acl upon upgrades. . [ Holger Levsen ] * Improve debian/debian-edu-config.postinst fix to only run once on upgrades. . [ Dominik George ] * Add NEWS to warn administrators with possible local changes. Checksums-Sha1: 8b729d7257d08386744143610020e874232f61fa 1940 debian-edu-config_1.929+deb9u4.dsc 6bfe3fab7764f30a92e8f05dbc0f0baad0436fc1 386320 debian-edu-config_1.929+deb9u4.tar.xz 8f529c0c287558fb84711bc1bd4f7fa88fbcc43c 6090 debian-edu-config_1.929+deb9u4_amd64.buildinfo Checksums-Sha256: 2ef1f0325d7d5fda92405fcb8d4fd27ca70d6fab87d4953dbbeaab1f35078a38 1940 debian-edu-config_1.929+deb9u4.dsc a9b8d47a36c52d9ddd4b5196dd50ebc4ce10401271589756bc15f369c101a84d 386320 debian-edu-config_1.929+deb9u4.tar.xz bb42c1eb191ad13315c3ee30da6d6f0e570cc4e5bff8f4860fde4b2d471603f1 6090 debian-edu-config_1.929+deb9u4_amd64.buildinfo Files: 034169c8ac0215a3d1911f664835fc39 1940 misc extra debian-edu-config_1.929+deb9u4.dsc da4b1c3cc66f240fa0afe60168c636d7 386320 misc extra debian-edu-config_1.929+deb9u4.tar.xz 1d6246d480b8641ddea6b6dd4faa666b 6090 misc extra debian-edu-config_1.929+deb9u4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJlBAEBCgBPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAl3589cxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW oMTyliVqD/9gftFKEPsLrkqgnkie2d5y/J763Pajao2iHCQnWuvVPgOy3Jkj8Mlg jTbkVpaqkM4lMR5+3xtNViKizsGdRbE3qae/Aij+iEkOQaS97fWjDKjPY9mwHnL9 nHBkEzl3V3aGuIU/eWidsHTQQSNyqulDLKFWAsKvDBJEknR2l/nyVcEdQZcZAP/t LyXrbLY8gEO2hFYPVICLFwkjsty5Guk2LnKsRVbdLRPTQoU89kblhOBAy7Z9JmxB 8E9JzgXYtGjGDUkCGQQohya696ImDL/4vA+gkZZax4i6p46CeLWfPRPmhz755aUD P1PMUVizggigHRtfCWtf1V1xOP5x1zXjIYOWT2XVH6gUiDdMvX05hiGmqq1FkIi7 8tq99IQ+PsJ3WxRA1oKMoWTkfPJBs4aFQtJ0rAfcxcFFESDVPl7tPW8lnz9M647n h73ddyjuzfvRBS3DnPmfs/bKVA1QPK91QBRTlkVnViABLGeGV9DKA9GWyLd89oI8 9WGpXENUnNOY9ppIGjZlRZnkOmlbIVp0C4NwPhuNBtZNX9YtLtxl+86xShDDW06+ VpbaxLaFMDAEUfhW6Q6epfrNX7608oADR15pLBOoHUZcOJD7ycYvt3aCx2/IQElP SKQ3UYUCmuWm+L02tKol7MJBI70B+88AxOyg+GOICEJnWrN8NceMXA== =tMNo -----END PGP SIGNATURE-----
--- End Message ---