153916 2006-11-03 03:44 0000 sys-auth/pam_ldap < 183 Authentication Bypass (CVE-2006-5170) 2006-12-21 05:46:48 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://bugzilla.padl.com/show_bug.cgi?id=291 A4? [glsa] jaervosz P2 minor --- 1 aetius@gentoo.org security@gentoo.org dberkholz@gentoo.org mips@gentoo.org pam-bugs@gentoo.org aetius@gentoo.org 2006-11-03 03:44:02 0000 http://secunia.com/advisories/22682/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207286 An apparently new problem related to the same LDAP PasswordPolicyResponse message - allows locked users access with no password. Solution is to upgrade to version 183. jaervosz@gentoo.org 2006-11-20 22:44:38 0000 pam-bugs please advise. jaervosz@gentoo.org 2006-12-11 08:22:51 0000 pam-bugs please advise. robbat2@gentoo.org 2006-12-11 12:22:08 0000 in tree now. arches, please stabilize jaervosz@gentoo.org 2006-12-11 12:52:34 0000 Thx Robbat. dustin@v.igoro.us 2006-12-11 16:15:37 0000 All combinations of USE flags emerge on amd64. With all USE flags set, manages to authenticate against an LDAP server (whew! was that a lot of work to set up!): AT htdocs # getent passwd | grep 0:0 root:x:0:0:root:/root:/bin/bash root:x:0:0:root:/root:/bin/bash So I'd say amd64's ready to stable. Gentoo Base System version 1.12.5 Portage 2.1.1-r1 (default-linux/amd64/2006.1, gcc-4.1.1, glibc-2.4-r3, 2.6.15-gentoo-r72006040301 x86_64) ================================================================= System uname: 2.6.15-gentoo-r72006040301 x86_64 AMD Athlon(tm) 64 Processor 3700+ Last Sync: Mon, 11 Dec 2006 21:50:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig collision-protect confcache digest distlocks metadata-transfer multilib-strict sandbox sfperms strict test" GENTOO_MIRRORS="http://gentoo.chem.wisc.edu/gentoo/" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://209.59.138.21/gentoo-portage" USE="amd64 berkdb bitmap-fonts cli cracklib crypt cups dlloader dri elibc_glibc fortran gdbm gpm iconv input_devices_evdev input_devices_keyboard input_devices_mouse ipv6 isdnlog kernel_linux libg++ ncurses nls nptl nptlonly pam pcre perl ppds pppd python readline reflection session spl ssl tcpd truetype-fonts type1-fonts udev unicode userland_GNU video_cards_apm video_cards_ark video_cards_ati video_cards_chips video_cards_cirrus video_cards_cyrix video_cards_dummy video_cards_fbdev video_cards_glint video_cards_i128 video_cards_i810 video_cards_mga video_cards_neomagic video_cards_nv video_cards_rendition video_cards_s3 video_cards_s3virge video_cards_savage video_cards_siliconmotion video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo xorg zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS ranger@gentoo.org 2006-12-11 17:07:53 0000 ppc64 done fauli@gentoo.org 2006-12-11 21:45:15 0000 x86 done gustavoz@gentoo.org 2006-12-12 05:09:43 0000 sparc stable. welp@gentoo.org 2006-12-12 11:39:26 0000 AMD64 gone :) dertobi123@gentoo.org 2006-12-13 08:25:08 0000 ppc stable kloeri@gentoo.org 2006-12-13 10:48:21 0000 Stable on Alpha. falco@gentoo.org 2006-12-15 07:54:52 0000 i vote GLSA jaervosz@gentoo.org 2006-12-15 08:09:00 0000 I vote for a GLSA too, though last time I looked hppa was security supported:-) frilled@gentoo.org 2006-12-15 10:22:28 0000 definite yes here killerfox@gentoo.org 2006-12-17 13:55:10 0000 stable on hppa. Sorry for the delay. jaervosz@gentoo.org 2006-12-17 22:19:02 0000 This one is ready for GLSA. falco@gentoo.org 2006-12-21 05:46:48 0000 GLSA 200612-19 , thanks everybody!