Oracle Linux Security Advisory ELSA-2021-3336

https://linux.oracle.com/errata/ELSA-2021-3336.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
libipa_hbac-1.16.5-10.0.1.el7_9.10.i686.rpm
libipa_hbac-1.16.5-10.0.1.el7_9.10.x86_64.rpm
libipa_hbac-devel-1.16.5-10.0.1.el7_9.10.i686.rpm
libipa_hbac-devel-1.16.5-10.0.1.el7_9.10.x86_64.rpm
libsss_autofs-1.16.5-10.0.1.el7_9.10.x86_64.rpm
libsss_certmap-1.16.5-10.0.1.el7_9.10.i686.rpm
libsss_certmap-1.16.5-10.0.1.el7_9.10.x86_64.rpm
libsss_certmap-devel-1.16.5-10.0.1.el7_9.10.i686.rpm
libsss_certmap-devel-1.16.5-10.0.1.el7_9.10.x86_64.rpm
libsss_idmap-1.16.5-10.0.1.el7_9.10.i686.rpm
libsss_idmap-1.16.5-10.0.1.el7_9.10.x86_64.rpm
libsss_idmap-devel-1.16.5-10.0.1.el7_9.10.i686.rpm
libsss_idmap-devel-1.16.5-10.0.1.el7_9.10.x86_64.rpm
libsss_nss_idmap-1.16.5-10.0.1.el7_9.10.i686.rpm
libsss_nss_idmap-1.16.5-10.0.1.el7_9.10.x86_64.rpm
libsss_nss_idmap-devel-1.16.5-10.0.1.el7_9.10.i686.rpm
libsss_nss_idmap-devel-1.16.5-10.0.1.el7_9.10.x86_64.rpm
libsss_simpleifp-1.16.5-10.0.1.el7_9.10.i686.rpm
libsss_simpleifp-1.16.5-10.0.1.el7_9.10.x86_64.rpm
libsss_simpleifp-devel-1.16.5-10.0.1.el7_9.10.i686.rpm
libsss_simpleifp-devel-1.16.5-10.0.1.el7_9.10.x86_64.rpm
libsss_sudo-1.16.5-10.0.1.el7_9.10.x86_64.rpm
python-libipa_hbac-1.16.5-10.0.1.el7_9.10.x86_64.rpm
python-libsss_nss_idmap-1.16.5-10.0.1.el7_9.10.x86_64.rpm
python-sss-1.16.5-10.0.1.el7_9.10.x86_64.rpm
python-sss-murmur-1.16.5-10.0.1.el7_9.10.x86_64.rpm
python-sssdconfig-1.16.5-10.0.1.el7_9.10.noarch.rpm
sssd-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-ad-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-client-1.16.5-10.0.1.el7_9.10.i686.rpm
sssd-client-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-common-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-common-pac-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-dbus-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-ipa-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-kcm-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-krb5-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-krb5-common-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-ldap-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-libwbclient-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-libwbclient-devel-1.16.5-10.0.1.el7_9.10.i686.rpm
sssd-libwbclient-devel-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-polkit-rules-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-proxy-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-tools-1.16.5-10.0.1.el7_9.10.x86_64.rpm
sssd-winbind-idmap-1.16.5-10.0.1.el7_9.10.x86_64.rpm


SRPMS:
https://oss.oracle.com/ol7/SRPMS-updates/sssd-1.16.5-10.0.1.el7_9.10.src.rpm

Related CVEs:

CVE-2021-3621




Description of changes:

[1.16.5-10.0.1]
- Revert Redhat's change of disallowing duplicated incomplete gid
  when "id_provider=ldap" is used, which caused regression in AD
  environment. [Orabug: 29286774] [Doc ID 2605732.1]

[1.16.5-10.10]
- Resolves: rhbz#1973796 - SSSD is NOT able to contact the Global Catalog when local site is down

[1.16.5-10.9]
- Resolves: rhbz#1988463 - Missing search index for `originalADgidNumber` [rhel-7.9.z]
- Resolves: rhbz#1968330 - id lookup is failing intermittently
- Resolves: rhbz#1964415 - Memory leak in the simple access provider
- Resolves: rhbz#1985457 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-7.9.z]


_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata