Red Hat Enterprise Linux 6: RHSA-2018:1877-01 Moderate: SSSD Input Issue

red hat

June 19, 2018

An update for sssd and ding-libs is now available for Red Hat Enterprise Linux 6

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.
The ding-libs packages contain a set of libraries used by the System Security Services Daemon (SSSD) as well as other projects, and provide functions to manipulate file system path names (libpath_utils), a hash table to manage storage and access time properties (libdhash), a data type to collect data in a hierarchical structure (libcollection), a dynamically growing, reference-counted array (libref_array), and a library to process configuration files in initialization format (INI) into a library collection data structure (libini_config).
Security Fix(es):
* sssd: unsanitized input when searching in local cache database (CVE-2017-12173)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Sumit Bose (Red Hat).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.

Topics Covered

security advisory Red Hat bug fix moderate severity Linux update sssd ding-libs

References

https://access.redhat.com/security/cve/CVE-2017-12173 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/6.10_release_notes/index.html https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/6.10_technical_notes/index.html

Package List

Red Hat Enterprise Linux Desktop (v. 6):
Source: ding-libs-0.4.0-13.el6.src.rpm sssd-1.13.3-60.el6.src.rpm
i386: ding-libs-debuginfo-0.4.0-13.el6.i686.rpm libbasicobjects-0.1.1-13.el6.i686.rpm libcollection-0.6.2-13.el6.i686.rpm libdhash-0.4.3-13.el6.i686.rpm libini_config-1.1.0-13.el6.i686.rpm libipa_hbac-1.13.3-60.el6.i686.rpm libpath_utils-0.2.1-13.el6.i686.rpm libref_array-0.1.4-13.el6.i686.rpm libsss_idmap-1.13.3-60.el6.i686.rpm python-libipa_hbac-1.13.3-60.el6.i686.rpm python-sss-murmur-1.13.3-60.el6.i686.rpm sssd-1.13.3-60.el6.i686.rpm sssd-ad-1.13.3-60.el6.i686.rpm sssd-client-1.13.3-60.el6.i686.rpm sssd-common-1.13.3-60.el6.i686.rpm sssd-common-pac-1.13.3-60.el6.i686.rpm sssd-dbus-1.13.3-60.el6.i686.rpm sssd-debuginfo-1.13.3-60.el6.i686.rpm sssd-ipa-1.13.3-60.el6.i686.rpm sssd-krb5-1.13.3-60.el6.i686.rpm sssd-krb5-common-1.13.3-60.el6.i686.rpm sssd-ldap-1.13.3-60.el6.i686.rpm sssd-proxy-1.13.3-60.el6.i686.rpm
noarch: python-sssdconfig-1.13.3-60.el6.noarch.rpm
x86_64: ding-libs-debuginfo-0.4.0-13.el6.i686.rpm ding-libs-debuginfo-0.4.0-13.el6.x86_64.rpm libbasicobjects-0.1.1-13.el6.i686.rpm libbasicobjects-0.1.1-13.el6.x86_64.rpm libcollection-0.6.2-13.el6.i686.rpm libcollection-0.6.2-13.el6.x86_64.rpm libdhash-0.4.3-13.el6.i686.rpm

Read the Full Advisory

Advisory ID: RHSA-2018:1877-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2018:1877

Issue date: 2018-06-19

Topic

An update for sssd and ding-libs is now available for Red Hat EnterpriseLinux 6.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics Covered

security advisory Red Hat bug fix moderate severity Linux update sssd ding-libs

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64

Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64

Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64

Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

Bugs Fixed

1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6

1438360 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues

1442703 - Smart Cards: Certificate in the ID View

1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins

1498173 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat Enterprise Linux 6: RHSA-2018:1877-01 Moderate: SSSD Input Issue

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat Enterprise Linux 6: RHSA-2018:1877-01 Moderate: SSSD Input Issue

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!