Stay Vigilant with Timely Linux Security Advisories

security advisoryred hatbug fix

Red Hat Enterprise Linux 8: RHSA-2019-3651-01 Low: SSSD Security Update

An update for sssd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: sssd security, bug fix, and enhancement update Advisory ID: RHSA-2019:3651-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3651 Issue date: 2019-11-05 CVE Names: CVE-2018-16838 ==================================================================== 1. Summary: An update for sssd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The following packages have been upgraded to a later upstream version: sssd (2.2.0). (BZ#1687281) Security Fix(es): * sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838) For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server 1598457 - Attributes not present in Global Catalog can be removed from the cache during GC lookups 1638295 - sssctl user-checks does not show custom IFP user_attributes 1640820 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions 1657665 - Error accessing files on samba share randomly 1660461 - responders chain requests that were issued before reconnection to sssd_be 1661182 - sss_cache prints spurious error messages when invoked from shadow-utils on package install 1665388 - SSSD netgroups do not honor entry_cache_nowait_percentage 1665867 - proxy provider is not working with enumerate=true when trying to fetch all groups 1667045 - Missing sssd-files in last section(SEE ALSO) of sssd man pages 1667252 - crash when requesting extra attributes 1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8 1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration 1676385 - pam_sss with smartcard auth does not create gnome keyring 1677994 - sssd config-check reports an error for a valid configuration option 1681279 - AD user not found after establishing trust and restarting sssd 1686154 - sudorule matching when no host or hostcat set 1687281 - Rebase sssd in RHEL-8.1 to the latest upstream release 1695575 - sssd service is starting before network service 1695581 - Extendcached_auth_timeout to cover subdomains / trusts 1695582 - [RFE] return multiple server addresses to the Kerberos locator plugin 1702658 - TPS tests fail for sssd-common in RHEL 8 (rpm -V sssd-common) 1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant 1712875 - Old kerberos credentials active instead of valid new ones (kcm) 1725168 - sssd-proxy crashes resolving groups with no members 1726945 - negative cache does not use values from 'filter_users' config option for known domains 1729055 - sssd does not pass correct rules to sudo 1733372 - permission denied on logs when running sssd as non-root user 1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided 1736483 - Sudo prompt for smart card authentication is missing the trailing colon 1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access 1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: sssd-2.2.0-19.el8.src.rpm aarch64: libipa_hbac-2.2.0-19.el8.aarch64.rpm libipa_hbac-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_autofs-2.2.0-19.el8.aarch64.rpm libsss_autofs-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_certmap-2.2.0-19.el8.aarch64.rpm libsss_certmap-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_idmap-2.2.0-19.el8.aarch64.rpm libsss_idmap-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_nss_idmap-2.2.0-19.el8.aarch64.rpm libsss_nss_idmap-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_simpleifp-2.2.0-19.el8.aarch64.rpm libsss_simpleifp-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_sudo-2.2.0-19.el8.aarch64.rpm libsss_sudo-debuginfo-2.2.0-19.el8.aarch64.rpm python3-libipa_hbac-2.2.0-19.el8.aarch64.rpm python3-libipa_hbac-debuginfo-2.2.0-19.el8.aarch64.rpm python3-libsss_nss_idmap-2.2.0-19.el8.aarch64.rpm python3-libsss_nss_idmap-debuginfo-2.2.0-19.el8.aarch64.rpm python3-sss-2.2.0-19.el8.aarch64.rpm python3-sss-debuginfo-2.2.0-19.el8.aarch64.rpm python3-sss-murmur-2.2.0-19.el8.aarch64.rpm python3-sss-murmur-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-2.2.0-19.el8.aarch64.rpm sssd-ad-2.2.0-19.el8.aarch64.rpm sssd-ad-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-client-2.2.0-19.el8.aarch64.rpm sssd-client-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-common-2.2.0-19.el8.aarch64.rpm sssd-common-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-common-pac-2.2.0-19.el8.aarch64.rpm sssd-common-pac-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-dbus-2.2.0-19.el8.aarch64.rpm sssd-dbus-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-debugsource-2.2.0-19.el8.aarch64.rpm sssd-ipa-2.2.0-19.el8.aarch64.rpm sssd-ipa-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-kcm-2.2.0-19.el8.aarch64.rpm sssd-kcm-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-krb5-2.2.0-19.el8.aarch64.rpm sssd-krb5-common-2.2.0-19.el8.aarch64.rpm sssd-krb5-common-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-krb5-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-ldap-2.2.0-19.el8.aarch64.rpm sssd-ldap-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-libwbclient-2.2.0-19.el8.aarch64.rpm sssd-libwbclient-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-nfs-idmap-2.2.0-19.el8.aarch64.rpm sssd-nfs-idmap-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-polkit-rules-2.2.0-19.el8.aarch64.rpm sssd-proxy-2.2.0-19.el8.aarch64.rpm sssd-proxy-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-tools-2.2.0-19.el8.aarch64.rpm sssd-tools-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-winbind-idmap-2.2.0-19.el8.aarch64.rpm sssd-winbind-idmap-debuginfo-2.2.0-19.el8.aarch64.rpm noarch: python3-sssdconfig-2.2.0-19.el8.noarch.rpm ppc64le: libipa_hbac-2.2.0-19.el8.ppc64le.rpm libipa_hbac-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_autofs-2.2.0-19.el8.ppc64le.rpm libsss_autofs-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_certmap-2.2.0-19.el8.ppc64le.rpm libsss_certmap-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_idmap-2.2.0-19.el8.ppc64le.rpm libsss_idmap-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_nss_idmap-2.2.0-19.el8.ppc64le.rpm libsss_nss_idmap-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_simpleifp-2.2.0-19.el8.ppc64le.rpm libsss_simpleifp-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_sudo-2.2.0-19.el8.ppc64le.rpm libsss_sudo-debuginfo-2.2.0-19.el8.ppc64le.rpm python3-libipa_hbac-2.2.0-19.el8.ppc64le.rpm python3-libipa_hbac-debuginfo-2.2.0-19.el8.ppc64le.rpm python3-libsss_nss_idmap-2.2.0-19.el8.ppc64le.rpm python3-libsss_nss_idmap-debuginfo-2.2.0-19.el8.ppc64le.rpm python3-sss-2.2.0-19.el8.ppc64le.rpm python3-sss-debuginfo-2.2.0-19.el8.ppc64le.rpm python3-sss-murmur-2.2.0-19.el8.ppc64le.rpm python3-sss-murmur-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-2.2.0-19.el8.ppc64le.rpm sssd-ad-2.2.0-19.el8.ppc64le.rpm sssd-ad-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-client-2.2.0-19.el8.ppc64le.rpm sssd-client-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-common-2.2.0-19.el8.ppc64le.rpm sssd-common-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-common-pac-2.2.0-19.el8.ppc64le.rpm sssd-common-pac-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-dbus-2.2.0-19.el8.ppc64le.rpm sssd-dbus-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-debugsource-2.2.0-19.el8.ppc64le.rpm sssd-ipa-2.2.0-19.el8.ppc64le.rpm sssd-ipa-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-kcm-2.2.0-19.el8.ppc64le.rpm sssd-kcm-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-krb5-2.2.0-19.el8.ppc64le.rpm sssd-krb5-common-2.2.0-19.el8.ppc64le.rpm sssd-krb5-common-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-krb5-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-ldap-2.2.0-19.el8.ppc64le.rpm sssd-ldap-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-libwbclient-2.2.0-19.el8.ppc64le.rpm sssd-libwbclient-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-nfs-idmap-2.2.0-19.el8.ppc64le.rpm sssd-nfs-idmap-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-polkit-rules-2.2.0-19.el8.ppc64le.rpm sssd-proxy-2.2.0-19.el8.ppc64le.rpm sssd-proxy-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-tools-2.2.0-19.el8.ppc64le.rpm sssd-tools-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-winbind-idmap-2.2.0-19.el8.ppc64le.rpm sssd-winbind-idmap-debuginfo-2.2.0-19.el8.ppc64le.rpm s390x: libipa_hbac-2.2.0-19.el8.s390x.rpm libipa_hbac-debuginfo-2.2.0-19.el8.s390x.rpm libsss_autofs-2.2.0-19.el8.s390x.rpm libsss_autofs-debuginfo-2.2.0-19.el8.s390x.rpm libsss_certmap-2.2.0-19.el8.s390x.rpm libsss_certmap-debuginfo-2.2.0-19.el8.s390x.rpm libsss_idmap-2.2.0-19.el8.s390x.rpm libsss_idmap-debuginfo-2.2.0-19.el8.s390x.rpm libsss_nss_idmap-2.2.0-19.el8.s390x.rpm libsss_nss_idmap-debuginfo-2.2.0-19.el8.s390x.rpm libsss_simpleifp-2.2.0-19.el8.s390x.rpm libsss_simpleifp-debuginfo-2.2.0-19.el8.s390x.rpm libsss_sudo-2.2.0-19.el8.s390x.rpm libsss_sudo-debuginfo-2.2.0-19.el8.s390x.rpm python3-libipa_hbac-2.2.0-19.el8.s390x.rpm python3-libipa_hbac-debuginfo-2.2.0-19.el8.s390x.rpm python3-libsss_nss_idmap-2.2.0-19.el8.s390x.rpm python3-libsss_nss_idmap-debuginfo-2.2.0-19.el8.s390x.rpm python3-sss-2.2.0-19.el8.s390x.rpm python3-sss-debuginfo-2.2.0-19.el8.s390x.rpm python3-sss-murmur-2.2.0-19.el8.s390x.rpm python3-sss-murmur-debuginfo-2.2.0-19.el8.s390x.rpm sssd-2.2.0-19.el8.s390x.rpm sssd-ad-2.2.0-19.el8.s390x.rpm sssd-ad-debuginfo-2.2.0-19.el8.s390x.rpm sssd-client-2.2.0-19.el8.s390x.rpm sssd-client-debuginfo-2.2.0-19.el8.s390x.rpm sssd-common-2.2.0-19.el8.s390x.rpm sssd-common-debuginfo-2.2.0-19.el8.s390x.rpm sssd-common-pac-2.2.0-19.el8.s390x.rpm sssd-common-pac-debuginfo-2.2.0-19.el8.s390x.rpm sssd-dbus-2.2.0-19.el8.s390x.rpm sssd-dbus-debuginfo-2.2.0-19.el8.s390x.rpm sssd-debuginfo-2.2.0-19.el8.s390x.rpm sssd-debugsource-2.2.0-19.el8.s390x.rpm sssd-ipa-2.2.0-19.el8.s390x.rpm sssd-ipa-debuginfo-2.2.0-19.el8.s390x.rpm sssd-kcm-2.2.0-19.el8.s390x.rpm sssd-kcm-debuginfo-2.2.0-19.el8.s390x.rpm sssd-krb5-2.2.0-19.el8.s390x.rpm sssd-krb5-common-2.2.0-19.el8.s390x.rpm sssd-krb5-common-debuginfo-2.2.0-19.el8.s390x.rpm sssd-krb5-debuginfo-2.2.0-19.el8.s390x.rpm sssd-ldap-2.2.0-19.el8.s390x.rpm sssd-ldap-debuginfo-2.2.0-19.el8.s390x.rpm sssd-libwbclient-2.2.0-19.el8.s390x.rpm sssd-libwbclient-debuginfo-2.2.0-19.el8.s390x.rpm sssd-nfs-idmap-2.2.0-19.el8.s390x.rpm sssd-nfs-idmap-debuginfo-2.2.0-19.el8.s390x.rpm sssd-proxy-2.2.0-19.el8.s390x.rpm sssd-proxy-debuginfo-2.2.0-19.el8.s390x.rpm sssd-tools-2.2.0-19.el8.s390x.rpm sssd-tools-debuginfo-2.2.0-19.el8.s390x.rpm sssd-winbind-idmap-2.2.0-19.el8.s390x.rpm sssd-winbind-idmap-debuginfo-2.2.0-19.el8.s390x.rpm x86_64: libipa_hbac-2.2.0-19.el8.i686.rpm libipa_hbac-2.2.0-19.el8.x86_64.rpm libipa_hbac-debuginfo-2.2.0-19.el8.i686.rpm libipa_hbac-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_autofs-2.2.0-19.el8.x86_64.rpm libsss_autofs-debuginfo-2.2.0-19.el8.i686.rpm libsss_autofs-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_certmap-2.2.0-19.el8.i686.rpm libsss_certmap-2.2.0-19.el8.x86_64.rpm libsss_certmap-debuginfo-2.2.0-19.el8.i686.rpm libsss_certmap-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_idmap-2.2.0-19.el8.i686.rpm libsss_idmap-2.2.0-19.el8.x86_64.rpm libsss_idmap-debuginfo-2.2.0-19.el8.i686.rpm libsss_idmap-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_nss_idmap-2.2.0-19.el8.i686.rpm libsss_nss_idmap-2.2.0-19.el8.x86_64.rpm libsss_nss_idmap-debuginfo-2.2.0-19.el8.i686.rpm libsss_nss_idmap-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_simpleifp-2.2.0-19.el8.i686.rpm libsss_simpleifp-2.2.0-19.el8.x86_64.rpm libsss_simpleifp-debuginfo-2.2.0-19.el8.i686.rpm libsss_simpleifp-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_sudo-2.2.0-19.el8.x86_64.rpm libsss_sudo-debuginfo-2.2.0-19.el8.i686.rpm libsss_sudo-debuginfo-2.2.0-19.el8.x86_64.rpm python3-libipa_hbac-2.2.0-19.el8.x86_64.rpm python3-libipa_hbac-debuginfo-2.2.0-19.el8.i686.rpm python3-libipa_hbac-debuginfo-2.2.0-19.el8.x86_64.rpm python3-libsss_nss_idmap-2.2.0-19.el8.x86_64.rpm python3-libsss_nss_idmap-debuginfo-2.2.0-19.el8.i686.rpm python3-libsss_nss_idmap-debuginfo-2.2.0-19.el8.x86_64.rpm python3-sss-2.2.0-19.el8.x86_64.rpm python3-sss-debuginfo-2.2.0-19.el8.i686.rpm python3-sss-debuginfo-2.2.0-19.el8.x86_64.rpm python3-sss-murmur-2.2.0-19.el8.x86_64.rpm python3-sss-murmur-debuginfo-2.2.0-19.el8.i686.rpm python3-sss-murmur-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-2.2.0-19.el8.x86_64.rpm sssd-ad-2.2.0-19.el8.x86_64.rpm sssd-ad-debuginfo-2.2.0-19.el8.i686.rpm sssd-ad-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-client-2.2.0-19.el8.i686.rpm sssd-client-2.2.0-19.el8.x86_64.rpm sssd-client-debuginfo-2.2.0-19.el8.i686.rpm sssd-client-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-common-2.2.0-19.el8.x86_64.rpm sssd-common-debuginfo-2.2.0-19.el8.i686.rpm sssd-common-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-common-pac-2.2.0-19.el8.x86_64.rpm sssd-common-pac-debuginfo-2.2.0-19.el8.i686.rpm sssd-common-pac-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-dbus-2.2.0-19.el8.x86_64.rpm sssd-dbus-debuginfo-2.2.0-19.el8.i686.rpm sssd-dbus-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-debuginfo-2.2.0-19.el8.i686.rpm sssd-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-debugsource-2.2.0-19.el8.i686.rpm sssd-debugsource-2.2.0-19.el8.x86_64.rpm sssd-ipa-2.2.0-19.el8.x86_64.rpm sssd-ipa-debuginfo-2.2.0-19.el8.i686.rpm sssd-ipa-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-kcm-2.2.0-19.el8.x86_64.rpm sssd-kcm-debuginfo-2.2.0-19.el8.i686.rpm sssd-kcm-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-krb5-2.2.0-19.el8.x86_64.rpm sssd-krb5-common-2.2.0-19.el8.x86_64.rpm sssd-krb5-common-debuginfo-2.2.0-19.el8.i686.rpm sssd-krb5-common-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-krb5-debuginfo-2.2.0-19.el8.i686.rpm sssd-krb5-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-ldap-2.2.0-19.el8.x86_64.rpm sssd-ldap-debuginfo-2.2.0-19.el8.i686.rpm sssd-ldap-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-libwbclient-2.2.0-19.el8.x86_64.rpm sssd-libwbclient-debuginfo-2.2.0-19.el8.i686.rpm sssd-libwbclient-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-nfs-idmap-2.2.0-19.el8.x86_64.rpm sssd-nfs-idmap-debuginfo-2.2.0-19.el8.i686.rpm sssd-nfs-idmap-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-polkit-rules-2.2.0-19.el8.x86_64.rpm sssd-proxy-2.2.0-19.el8.x86_64.rpm sssd-proxy-debuginfo-2.2.0-19.el8.i686.rpm sssd-proxy-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-tools-2.2.0-19.el8.x86_64.rpm sssd-tools-debuginfo-2.2.0-19.el8.i686.rpm sssd-tools-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-winbind-idmap-2.2.0-19.el8.x86_64.rpm sssd-winbind-idmap-debuginfo-2.2.0-19.el8.i686.rpm sssd-winbind-idmap-debuginfo-2.2.0-19.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: libipa_hbac-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_autofs-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_certmap-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_idmap-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_nss_idmap-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_nss_idmap-devel-2.2.0-19.el8.aarch64.rpm libsss_simpleifp-debuginfo-2.2.0-19.el8.aarch64.rpm libsss_sudo-debuginfo-2.2.0-19.el8.aarch64.rpm python3-libipa_hbac-debuginfo-2.2.0-19.el8.aarch64.rpm python3-libsss_nss_idmap-debuginfo-2.2.0-19.el8.aarch64.rpm python3-sss-debuginfo-2.2.0-19.el8.aarch64.rpm python3-sss-murmur-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-ad-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-client-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-common-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-common-pac-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-dbus-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-debugsource-2.2.0-19.el8.aarch64.rpm sssd-ipa-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-kcm-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-krb5-common-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-krb5-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-ldap-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-libwbclient-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-nfs-idmap-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-proxy-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-tools-debuginfo-2.2.0-19.el8.aarch64.rpm sssd-winbind-idmap-debuginfo-2.2.0-19.el8.aarch64.rpm ppc64le: libipa_hbac-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_autofs-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_certmap-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_idmap-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_nss_idmap-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_nss_idmap-devel-2.2.0-19.el8.ppc64le.rpm libsss_simpleifp-debuginfo-2.2.0-19.el8.ppc64le.rpm libsss_sudo-debuginfo-2.2.0-19.el8.ppc64le.rpm python3-libipa_hbac-debuginfo-2.2.0-19.el8.ppc64le.rpm python3-libsss_nss_idmap-debuginfo-2.2.0-19.el8.ppc64le.rpm python3-sss-debuginfo-2.2.0-19.el8.ppc64le.rpm python3-sss-murmur-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-ad-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-client-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-common-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-common-pac-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-dbus-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-debugsource-2.2.0-19.el8.ppc64le.rpm sssd-ipa-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-kcm-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-krb5-common-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-krb5-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-ldap-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-libwbclient-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-nfs-idmap-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-proxy-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-tools-debuginfo-2.2.0-19.el8.ppc64le.rpm sssd-winbind-idmap-debuginfo-2.2.0-19.el8.ppc64le.rpm s390x: libipa_hbac-debuginfo-2.2.0-19.el8.s390x.rpm libsss_autofs-debuginfo-2.2.0-19.el8.s390x.rpm libsss_certmap-debuginfo-2.2.0-19.el8.s390x.rpm libsss_idmap-debuginfo-2.2.0-19.el8.s390x.rpm libsss_nss_idmap-debuginfo-2.2.0-19.el8.s390x.rpm libsss_nss_idmap-devel-2.2.0-19.el8.s390x.rpm libsss_simpleifp-debuginfo-2.2.0-19.el8.s390x.rpm libsss_sudo-debuginfo-2.2.0-19.el8.s390x.rpm python3-libipa_hbac-debuginfo-2.2.0-19.el8.s390x.rpm python3-libsss_nss_idmap-debuginfo-2.2.0-19.el8.s390x.rpm python3-sss-debuginfo-2.2.0-19.el8.s390x.rpm python3-sss-murmur-debuginfo-2.2.0-19.el8.s390x.rpm sssd-ad-debuginfo-2.2.0-19.el8.s390x.rpm sssd-client-debuginfo-2.2.0-19.el8.s390x.rpm sssd-common-debuginfo-2.2.0-19.el8.s390x.rpm sssd-common-pac-debuginfo-2.2.0-19.el8.s390x.rpm sssd-dbus-debuginfo-2.2.0-19.el8.s390x.rpm sssd-debuginfo-2.2.0-19.el8.s390x.rpm sssd-debugsource-2.2.0-19.el8.s390x.rpm sssd-ipa-debuginfo-2.2.0-19.el8.s390x.rpm sssd-kcm-debuginfo-2.2.0-19.el8.s390x.rpm sssd-krb5-common-debuginfo-2.2.0-19.el8.s390x.rpm sssd-krb5-debuginfo-2.2.0-19.el8.s390x.rpm sssd-ldap-debuginfo-2.2.0-19.el8.s390x.rpm sssd-libwbclient-debuginfo-2.2.0-19.el8.s390x.rpm sssd-nfs-idmap-debuginfo-2.2.0-19.el8.s390x.rpm sssd-proxy-debuginfo-2.2.0-19.el8.s390x.rpm sssd-tools-debuginfo-2.2.0-19.el8.s390x.rpm sssd-winbind-idmap-debuginfo-2.2.0-19.el8.s390x.rpm x86_64: libipa_hbac-debuginfo-2.2.0-19.el8.i686.rpm libipa_hbac-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_autofs-debuginfo-2.2.0-19.el8.i686.rpm libsss_autofs-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_certmap-debuginfo-2.2.0-19.el8.i686.rpm libsss_certmap-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_idmap-debuginfo-2.2.0-19.el8.i686.rpm libsss_idmap-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_nss_idmap-debuginfo-2.2.0-19.el8.i686.rpm libsss_nss_idmap-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_nss_idmap-devel-2.2.0-19.el8.i686.rpm libsss_nss_idmap-devel-2.2.0-19.el8.x86_64.rpm libsss_simpleifp-debuginfo-2.2.0-19.el8.i686.rpm libsss_simpleifp-debuginfo-2.2.0-19.el8.x86_64.rpm libsss_sudo-debuginfo-2.2.0-19.el8.i686.rpm libsss_sudo-debuginfo-2.2.0-19.el8.x86_64.rpm python3-libipa_hbac-debuginfo-2.2.0-19.el8.i686.rpm python3-libipa_hbac-debuginfo-2.2.0-19.el8.x86_64.rpm python3-libsss_nss_idmap-debuginfo-2.2.0-19.el8.i686.rpm python3-libsss_nss_idmap-debuginfo-2.2.0-19.el8.x86_64.rpm python3-sss-debuginfo-2.2.0-19.el8.i686.rpm python3-sss-debuginfo-2.2.0-19.el8.x86_64.rpm python3-sss-murmur-debuginfo-2.2.0-19.el8.i686.rpm python3-sss-murmur-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-ad-debuginfo-2.2.0-19.el8.i686.rpm sssd-ad-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-client-debuginfo-2.2.0-19.el8.i686.rpm sssd-client-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-common-debuginfo-2.2.0-19.el8.i686.rpm sssd-common-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-common-pac-debuginfo-2.2.0-19.el8.i686.rpm sssd-common-pac-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-dbus-debuginfo-2.2.0-19.el8.i686.rpm sssd-dbus-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-debuginfo-2.2.0-19.el8.i686.rpm sssd-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-debugsource-2.2.0-19.el8.i686.rpm sssd-debugsource-2.2.0-19.el8.x86_64.rpm sssd-ipa-debuginfo-2.2.0-19.el8.i686.rpm sssd-ipa-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-kcm-debuginfo-2.2.0-19.el8.i686.rpm sssd-kcm-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-krb5-common-debuginfo-2.2.0-19.el8.i686.rpm sssd-krb5-common-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-krb5-debuginfo-2.2.0-19.el8.i686.rpm sssd-krb5-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-ldap-debuginfo-2.2.0-19.el8.i686.rpm sssd-ldap-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-libwbclient-debuginfo-2.2.0-19.el8.i686.rpm sssd-libwbclient-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-nfs-idmap-debuginfo-2.2.0-19.el8.i686.rpm sssd-nfs-idmap-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-proxy-debuginfo-2.2.0-19.el8.i686.rpm sssd-proxy-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-tools-debuginfo-2.2.0-19.el8.i686.rpm sssd-tools-debuginfo-2.2.0-19.el8.x86_64.rpm sssd-winbind-idmap-debuginfo-2.2.0-19.el8.i686.rpm sssd-winbind-idmap-debuginfo-2.2.0-19.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-16838 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE-----Version: GnuPGv1 iQIVAwUBXcHqz9zjgjWX9erEAQio/g//ZBiq052lBnbWwvlGTzRGWnQUIl+Ky/+O hEpK0Qny46qF06YeHv+ujbIk2b5zkCzX/YAhtpdLkaKhIq6CB52MURdXeaJEyBnj 222ovPfSoL0jGuEvOuxtvVgkLCS5mGlmm6ED7xpeYxxR+ItDGv3taS8zToTF7JU7 cwOcpjguiSTYM0r1H3I+ovA57C0WWbGfiYaroRTcSa+sGtPY+pELNZHSlf/u6/ID aY1wIVfN/j5QuK+T1CSMrdKrMZUSd0MjTnvpmC2FPiBn6QxUcYAGddWpA00CvaRu yAlowlCcw3nUkwHZS/AZshBmj7TWte2FYqdavMjWbv1WsUWE5ZCo+BTtJ8ugYG3t I9qJpkUI+0cSQNKKRFc1BUtuKmUMIY5uyCmY7FlJqUz76Z2SiNX7hgIjWADUhzDg jbVCwi0j/cez1fWdJuIaexjEXN3HINWT5FURYDoKDSBONj93yIMDXIqM10BBvvTQ 6HzPgoodwg4XSZC5sOnPQQZWDhFZncxIiIPuwSuH6bdH2TSQ9mE7sQtkchFrihrT ieObTsyFtKHO9PikKjbVGkma4WH2uKmN9xerwK+ovBEdV01CbY8B6XMuBVsj96zJ Lo2QtBhwAG0l6/JOkioAeQpZXRjIt0Caghcyyr907QRDovejD+oN7CbT4T2uBBQ8 AAEB8b/pS68=0lHD -----END PGP SIGNATURE-------RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Uncover the crucial news regarding Red Hat's SSSD, assessed with minor severity impacting identity management solutions.. sssd update, red hat, security advisory, bug fix, authentication. . Severity: Low. LinuxSecurity.com Team

Nov 05, 2019 •Low Red Hat

security advisoryRed Hatbug fix

Red Hat Enterprise Linux 7: RHSA-2015-2355-01 Low: sssd Memory Leak

Updated sssd packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: sssd security, bug fix, and enhancement update Advisory ID: RHSA-2015:2355-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:2355.html Issue date: 2015-11-19 CVE Names: CVE-2015-5292 ==================================================================== 1. Summary: Updated sssd packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amountof memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) The sssd packages have been upgraded to upstream version 1.13.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#1205554) Several enhancements are described in the Red Hat Enterprise Linux 7.2 Release Notes, linked to in the References section: * SSSD smart card support (BZ#854396) * Cache authentication in SSSD (BZ#910187) * SSSD supports overriding automatically discovered AD site (BZ#1163806) * SSSD can now deny SSH access to locked accounts (BZ#1175760) * SSSD enables UID and GID mapping on individual clients (BZ#1183747) * Background refresh of cached entries (BZ#1199533) * Multi-step prompting for one-time and long-term passwords (BZ#1200873) * Caching for initgroups operations (BZ#1206575) Bugs fixed: * When the SELinux user content on an IdM server was set to an empty string, the SSSD SELinux evaluation utility returned an error. (BZ#1192314) * If the ldap_child process failed to initialize credentials and exited with an error multiple times, operations that create files in some cases started failing due to an insufficient amount of i-nodes. (BZ#1198477) * The SRV queries used a hard coded TTL timeout, and environments that wanted the SRV queries to be valid for a certain time only were blocked. Now, SSSD parses the TTL value out of the DNS packet. (BZ#1199541) * Previously, initgroups operation took an excessive amount of time. Now, logins and ID processing are faster for setups with AD back end and disabled ID mapping. (BZ#1201840) * When an IdM client with Red Hat Enterprise Linux 7.1 or later was connecting to a server with Red Hat Enterprise Linux 7.0 or earlier, authentication with an AD trusted domain caused the sssd_be process to terminate unexpectedly. (BZ#1202170) * Ifreplication conflict entries appeared during HBAC processing, the user was denied access. Now, the replication conflict entries are skipped and users are permitted access. (BZ#1202245) * The array of SIDs no longer contains an uninitialized value and SSSD no longer crashes. (BZ#1204203) * SSSD supports GPOs from different domain controllers and no longer crashes when processing GPOs from different domain controllers. (BZ#1205852) * SSSD could not refresh sudo rules that contained groups with special characters, such as parentheses, in their name. (BZ#1208507) * The IPA names are not qualified on the client side if the server already qualified them, and IdM group members resolve even if default_domain_suffix is used on the server side. (BZ#1211830) * The internal cache cleanup task has been disabled by default to improve performance of the sssd_be process. (BZ#1212489) * Now, default_domain_suffix is not considered anymore for autofs maps. (BZ#1216285) * The user can set subdomain_inherit=ignore_group-members to disable fetching group members for trusted domains. (BZ#1217350) * The group resolution failed with an error message: "Error: 14 (Bad address)". The binary GUID handling has been fixed. (BZ#1226119) Enhancements added: * The description of default_domain_suffix has been improved in the manual pages. (BZ#1185536) * With the new "%0" template option, users on SSSD IdM clients can now use home directories set on AD. (BZ#1187103) All sssd users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 854396 - [RFE] Support for smart cards 1007968 - sssd does not create AAAA record in AD 1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using thisoption 1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD 1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain 1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u 1199445 - Does sssd-ad use the most suitable attribute for group name? 1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA 1201840 - SSSD downloads too much information when fetching information about groups 1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries 1202724 - [RFE] Add a way to lookup users based on CAC identity certificates 1203642 - GPO access control looks for computer object in user's domain only 1205144 - RFE: Support one-way trusts for IPA 1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab 1205554 - Rebase SSSD to 1.13.x 1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys 1206565 - [RFE] Add dualstack and multihomed support 1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain 1206571 - [RFE] Expose D-BUS interface 1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf 1214337 - Overrides with --login work in second attempt 1214716 - idoverridegroup for ipa group with --group-name does not work 1214718 - Overridde with --login fails trusted adusers group membership resolution 1214719 - Group resolution is inconsistent with group overrides 1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set 1217127 - Override for IPA users with login does not list user all groups 1217559 - [RFE] Support GPOs from different domain controllers1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust 1234722 - sssd ad provider fails to start inrhel7.2 1242942 - well-known SID check is broken for NetBIOS prefixes 1244949 - getgrgid for user's UID on a trust client prevents getpw* 1246489 - sss_obfuscate fails with "ImportError: No module named pysss" 1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled 1250135 - Detect re-established trusts in the IPA subdomain code 1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True' 1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help 1254518 - Fix crash in nss responder 1259512 - sss_override : The local override user is not found 1261155 - nsupdate exits on first GSSAPI error instead of processing other commands 1263587 - sss_override --name doesn't work with RFC2307 and ghost users1263735 - Could not resolve AD user from root domain 1266107 - AD: Conditional jump or move depends on uninitialised value 1267176 - Memory leak / possible DoS with krb auth. [rhel 7.2] 1267580 - CVE-2015-5292 sssd: memory leak in the sssd_pac_plugin 1267836 - PAM responder crashed if user was not set 1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step 1270827 - local overrides: don't contact server with overridden name/id 6. Package List: Red Hat Enterprise Linux Client (v.7): Source: sssd-1.13.0-40.el7.src.rpm noarch: python-sssdconfig-1.13.0-40.el7.noarch.rpm x86_64: libipa_hbac-1.13.0-40.el7.i686.rpm libipa_hbac-1.13.0-40.el7.x86_64.rpm libsss_idmap-1.13.0-40.el7.i686.rpm libsss_idmap-1.13.0-40.el7.x86_64.rpm libsss_nss_idmap-1.13.0-40.el7.i686.rpm libsss_nss_idmap-1.13.0-40.el7.x86_64.rpm python-libipa_hbac-1.13.0-40.el7.x86_64.rpm python-sss-1.13.0-40.el7.x86_64.rpm python-sss-murmur-1.13.0-40.el7.x86_64.rpm sssd-1.13.0-40.el7.x86_64.rpm sssd-ad-1.13.0-40.el7.x86_64.rpm sssd-client-1.13.0-40.el7.i686.rpm sssd-client-1.13.0-40.el7.x86_64.rpm sssd-common-1.13.0-40.el7.i686.rpm sssd-common-1.13.0-40.el7.x86_64.rpm sssd-common-pac-1.13.0-40.el7.x86_64.rpm sssd-dbus-1.13.0-40.el7.x86_64.rpm sssd-debuginfo-1.13.0-40.el7.i686.rpm sssd-debuginfo-1.13.0-40.el7.x86_64.rpm sssd-ipa-1.13.0-40.el7.x86_64.rpm sssd-krb5-1.13.0-40.el7.x86_64.rpm sssd-krb5-common-1.13.0-40.el7.i686.rpm sssd-krb5-common-1.13.0-40.el7.x86_64.rpm sssd-ldap-1.13.0-40.el7.x86_64.rpm sssd-libwbclient-1.13.0-40.el7.x86_64.rpm sssd-proxy-1.13.0-40.el7.x86_64.rpm sssd-tools-1.13.0-40.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libipa_hbac-devel-1.13.0-40.el7.i686.rpm libipa_hbac-devel-1.13.0-40.el7.x86_64.rpm libsss_idmap-devel-1.13.0-40.el7.i686.rpm libsss_idmap-devel-1.13.0-40.el7.x86_64.rpm libsss_nss_idmap-devel-1.13.0-40.el7.i686.rpm libsss_nss_idmap-devel-1.13.0-40.el7.x86_64.rpm libsss_simpleifp-1.13.0-40.el7.i686.rpm libsss_simpleifp-1.13.0-40.el7.x86_64.rpm libsss_simpleifp-devel-1.13.0-40.el7.i686.rpm libsss_simpleifp-devel-1.13.0-40.el7.x86_64.rpm python-libsss_nss_idmap-1.13.0-40.el7.x86_64.rpm sssd-debuginfo-1.13.0-40.el7.i686.rpm sssd-debuginfo-1.13.0-40.el7.x86_64.rpm sssd-libwbclient-devel-1.13.0-40.el7.i686.rpm sssd-libwbclient-devel-1.13.0-40.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v.7): Source: sssd-1.13.0-40.el7.src.rpm noarch: python-sssdconfig-1.13.0-40.el7.noarch.rpm x86_64: libipa_hbac-1.13.0-40.el7.i686.rpm libipa_hbac-1.13.0-40.el7.x86_64.rpm libsss_idmap-1.13.0-40.el7.i686.rpm libsss_idmap-1.13.0-40.el7.x86_64.rpm libsss_nss_idmap-1.13.0-40.el7.i686.rpm libsss_nss_idmap-1.13.0-40.el7.x86_64.rpm python-libipa_hbac-1.13.0-40.el7.x86_64.rpm python-sss-1.13.0-40.el7.x86_64.rpm python-sss-murmur-1.13.0-40.el7.x86_64.rpm sssd-1.13.0-40.el7.x86_64.rpm sssd-ad-1.13.0-40.el7.x86_64.rpm sssd-client-1.13.0-40.el7.i686.rpm sssd-client-1.13.0-40.el7.x86_64.rpm sssd-common-1.13.0-40.el7.i686.rpm sssd-common-1.13.0-40.el7.x86_64.rpm sssd-common-pac-1.13.0-40.el7.x86_64.rpm sssd-dbus-1.13.0-40.el7.x86_64.rpm sssd-debuginfo-1.13.0-40.el7.i686.rpm sssd-debuginfo-1.13.0-40.el7.x86_64.rpm sssd-ipa-1.13.0-40.el7.x86_64.rpm sssd-krb5-1.13.0-40.el7.x86_64.rpm sssd-krb5-common-1.13.0-40.el7.i686.rpm sssd-krb5-common-1.13.0-40.el7.x86_64.rpm sssd-ldap-1.13.0-40.el7.x86_64.rpm sssd-libwbclient-1.13.0-40.el7.x86_64.rpm sssd-proxy-1.13.0-40.el7.x86_64.rpm sssd-tools-1.13.0-40.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libipa_hbac-devel-1.13.0-40.el7.i686.rpm libipa_hbac-devel-1.13.0-40.el7.x86_64.rpm libsss_idmap-devel-1.13.0-40.el7.i686.rpm libsss_idmap-devel-1.13.0-40.el7.x86_64.rpm libsss_nss_idmap-devel-1.13.0-40.el7.i686.rpm libsss_nss_idmap-devel-1.13.0-40.el7.x86_64.rpm libsss_simpleifp-1.13.0-40.el7.i686.rpm libsss_simpleifp-1.13.0-40.el7.x86_64.rpm libsss_simpleifp-devel-1.13.0-40.el7.i686.rpm libsss_simpleifp-devel-1.13.0-40.el7.x86_64.rpm python-libsss_nss_idmap-1.13.0-40.el7.x86_64.rpm sssd-debuginfo-1.13.0-40.el7.i686.rpm sssd-debuginfo-1.13.0-40.el7.x86_64.rpm sssd-libwbclient-devel-1.13.0-40.el7.i686.rpm sssd-libwbclient-devel-1.13.0-40.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: sssd-1.13.0-40.el7.src.rpm aarch64: libipa_hbac-1.13.0-40.el7.aarch64.rpm libsss_idmap-1.13.0-40.el7.aarch64.rpm libsss_nss_idmap-1.13.0-40.el7.aarch64.rpm libsss_simpleifp-1.13.0-40.el7.aarch64.rpm python-libipa_hbac-1.13.0-40.el7.aarch64.rpm python-sss-1.13.0-40.el7.aarch64.rpm python-sss-murmur-1.13.0-40.el7.aarch64.rpm sssd-1.13.0-40.el7.aarch64.rpm sssd-ad-1.13.0-40.el7.aarch64.rpm sssd-client-1.13.0-40.el7.aarch64.rpm sssd-common-1.13.0-40.el7.aarch64.rpm sssd-common-pac-1.13.0-40.el7.aarch64.rpm sssd-dbus-1.13.0-40.el7.aarch64.rpm sssd-debuginfo-1.13.0-40.el7.aarch64.rpm sssd-ipa-1.13.0-40.el7.aarch64.rpm sssd-krb5-1.13.0-40.el7.aarch64.rpm sssd-krb5-common-1.13.0-40.el7.aarch64.rpm sssd-ldap-1.13.0-40.el7.aarch64.rpm sssd-libwbclient-1.13.0-40.el7.aarch64.rpm sssd-proxy-1.13.0-40.el7.aarch64.rpm sssd-tools-1.13.0-40.el7.aarch64.rpm noarch: python-sssdconfig-1.13.0-40.el7.noarch.rpm ppc64: libipa_hbac-1.13.0-40.el7.ppc.rpm libipa_hbac-1.13.0-40.el7.ppc64.rpm libsss_idmap-1.13.0-40.el7.ppc.rpm libsss_idmap-1.13.0-40.el7.ppc64.rpm libsss_nss_idmap-1.13.0-40.el7.ppc.rpm libsss_nss_idmap-1.13.0-40.el7.ppc64.rpm libsss_simpleifp-1.13.0-40.el7.ppc.rpm libsss_simpleifp-1.13.0-40.el7.ppc64.rpm python-libipa_hbac-1.13.0-40.el7.ppc64.rpm python-sss-1.13.0-40.el7.ppc64.rpm python-sss-murmur-1.13.0-40.el7.ppc64.rpm sssd-1.13.0-40.el7.ppc64.rpm sssd-ad-1.13.0-40.el7.ppc64.rpm sssd-client-1.13.0-40.el7.ppc.rpm sssd-client-1.13.0-40.el7.ppc64.rpm sssd-common-1.13.0-40.el7.ppc.rpm sssd-common-1.13.0-40.el7.ppc64.rpm sssd-common-pac-1.13.0-40.el7.ppc64.rpm sssd-dbus-1.13.0-40.el7.ppc64.rpm sssd-debuginfo-1.13.0-40.el7.ppc.rpm sssd-debuginfo-1.13.0-40.el7.ppc64.rpm sssd-ipa-1.13.0-40.el7.ppc64.rpm sssd-krb5-1.13.0-40.el7.ppc64.rpm sssd-krb5-common-1.13.0-40.el7.ppc.rpm sssd-krb5-common-1.13.0-40.el7.ppc64.rpm sssd-ldap-1.13.0-40.el7.ppc64.rpm sssd-libwbclient-1.13.0-40.el7.ppc64.rpm sssd-proxy-1.13.0-40.el7.ppc64.rpm sssd-tools-1.13.0-40.el7.ppc64.rpm ppc64le: libipa_hbac-1.13.0-40.el7.ppc64le.rpm libsss_idmap-1.13.0-40.el7.ppc64le.rpm libsss_nss_idmap-1.13.0-40.el7.ppc64le.rpm libsss_simpleifp-1.13.0-40.el7.ppc64le.rpm python-libipa_hbac-1.13.0-40.el7.ppc64le.rpm python-sss-1.13.0-40.el7.ppc64le.rpm python-sss-murmur-1.13.0-40.el7.ppc64le.rpm sssd-1.13.0-40.el7.ppc64le.rpm sssd-ad-1.13.0-40.el7.ppc64le.rpm sssd-client-1.13.0-40.el7.ppc64le.rpm sssd-common-1.13.0-40.el7.ppc64le.rpm sssd-common-pac-1.13.0-40.el7.ppc64le.rpm sssd-dbus-1.13.0-40.el7.ppc64le.rpm sssd-debuginfo-1.13.0-40.el7.ppc64le.rpm sssd-ipa-1.13.0-40.el7.ppc64le.rpm sssd-krb5-1.13.0-40.el7.ppc64le.rpm sssd-krb5-common-1.13.0-40.el7.ppc64le.rpm sssd-ldap-1.13.0-40.el7.ppc64le.rpm sssd-libwbclient-1.13.0-40.el7.ppc64le.rpm sssd-proxy-1.13.0-40.el7.ppc64le.rpm sssd-tools-1.13.0-40.el7.ppc64le.rpm s390x: libipa_hbac-1.13.0-40.el7.s390.rpm libipa_hbac-1.13.0-40.el7.s390x.rpm libsss_idmap-1.13.0-40.el7.s390.rpm libsss_idmap-1.13.0-40.el7.s390x.rpm libsss_nss_idmap-1.13.0-40.el7.s390.rpm libsss_nss_idmap-1.13.0-40.el7.s390x.rpm libsss_simpleifp-1.13.0-40.el7.s390.rpm libsss_simpleifp-1.13.0-40.el7.s390x.rpm python-libipa_hbac-1.13.0-40.el7.s390x.rpm python-sss-1.13.0-40.el7.s390x.rpm python-sss-murmur-1.13.0-40.el7.s390x.rpm sssd-1.13.0-40.el7.s390x.rpm sssd-ad-1.13.0-40.el7.s390x.rpm sssd-client-1.13.0-40.el7.s390.rpm sssd-client-1.13.0-40.el7.s390x.rpm sssd-common-1.13.0-40.el7.s390.rpm sssd-common-1.13.0-40.el7.s390x.rpm sssd-common-pac-1.13.0-40.el7.s390x.rpm sssd-dbus-1.13.0-40.el7.s390x.rpm sssd-debuginfo-1.13.0-40.el7.s390.rpm sssd-debuginfo-1.13.0-40.el7.s390x.rpm sssd-ipa-1.13.0-40.el7.s390x.rpm sssd-krb5-1.13.0-40.el7.s390x.rpm sssd-krb5-common-1.13.0-40.el7.s390.rpm sssd-krb5-common-1.13.0-40.el7.s390x.rpm sssd-ldap-1.13.0-40.el7.s390x.rpm sssd-libwbclient-1.13.0-40.el7.s390x.rpm sssd-proxy-1.13.0-40.el7.s390x.rpm sssd-tools-1.13.0-40.el7.s390x.rpm x86_64: libipa_hbac-1.13.0-40.el7.i686.rpm libipa_hbac-1.13.0-40.el7.x86_64.rpm libsss_idmap-1.13.0-40.el7.i686.rpm libsss_idmap-1.13.0-40.el7.x86_64.rpm libsss_nss_idmap-1.13.0-40.el7.i686.rpm libsss_nss_idmap-1.13.0-40.el7.x86_64.rpm libsss_simpleifp-1.13.0-40.el7.i686.rpm libsss_simpleifp-1.13.0-40.el7.x86_64.rpm python-libipa_hbac-1.13.0-40.el7.x86_64.rpm python-libsss_nss_idmap-1.13.0-40.el7.x86_64.rpm python-sss-1.13.0-40.el7.x86_64.rpm python-sss-murmur-1.13.0-40.el7.x86_64.rpm sssd-1.13.0-40.el7.x86_64.rpm sssd-ad-1.13.0-40.el7.x86_64.rpm sssd-client-1.13.0-40.el7.i686.rpm sssd-client-1.13.0-40.el7.x86_64.rpm sssd-common-1.13.0-40.el7.i686.rpm sssd-common-1.13.0-40.el7.x86_64.rpm sssd-common-pac-1.13.0-40.el7.x86_64.rpm sssd-dbus-1.13.0-40.el7.x86_64.rpm sssd-debuginfo-1.13.0-40.el7.i686.rpm sssd-debuginfo-1.13.0-40.el7.x86_64.rpm sssd-ipa-1.13.0-40.el7.x86_64.rpm sssd-krb5-1.13.0-40.el7.x86_64.rpm sssd-krb5-common-1.13.0-40.el7.i686.rpm sssd-krb5-common-1.13.0-40.el7.x86_64.rpm sssd-ldap-1.13.0-40.el7.x86_64.rpm sssd-libwbclient-1.13.0-40.el7.x86_64.rpm sssd-proxy-1.13.0-40.el7.x86_64.rpm sssd-tools-1.13.0-40.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): aarch64: libipa_hbac-devel-1.13.0-40.el7.aarch64.rpm libsss_idmap-devel-1.13.0-40.el7.aarch64.rpm libsss_nss_idmap-devel-1.13.0-40.el7.aarch64.rpm libsss_simpleifp-devel-1.13.0-40.el7.aarch64.rpm python-libsss_nss_idmap-1.13.0-40.el7.aarch64.rpm sssd-debuginfo-1.13.0-40.el7.aarch64.rpm sssd-libwbclient-devel-1.13.0-40.el7.aarch64.rpm ppc64: libipa_hbac-devel-1.13.0-40.el7.ppc.rpm libipa_hbac-devel-1.13.0-40.el7.ppc64.rpm libsss_idmap-devel-1.13.0-40.el7.ppc.rpm libsss_idmap-devel-1.13.0-40.el7.ppc64.rpm libsss_nss_idmap-devel-1.13.0-40.el7.ppc.rpm libsss_nss_idmap-devel-1.13.0-40.el7.ppc64.rpm libsss_simpleifp-devel-1.13.0-40.el7.ppc.rpm libsss_simpleifp-devel-1.13.0-40.el7.ppc64.rpm python-libsss_nss_idmap-1.13.0-40.el7.ppc64.rpm sssd-debuginfo-1.13.0-40.el7.ppc.rpm sssd-debuginfo-1.13.0-40.el7.ppc64.rpm sssd-libwbclient-devel-1.13.0-40.el7.ppc.rpm sssd-libwbclient-devel-1.13.0-40.el7.ppc64.rpm ppc64le: libipa_hbac-devel-1.13.0-40.el7.ppc64le.rpm libsss_idmap-devel-1.13.0-40.el7.ppc64le.rpm libsss_nss_idmap-devel-1.13.0-40.el7.ppc64le.rpm libsss_simpleifp-devel-1.13.0-40.el7.ppc64le.rpm python-libsss_nss_idmap-1.13.0-40.el7.ppc64le.rpm sssd-debuginfo-1.13.0-40.el7.ppc64le.rpm sssd-libwbclient-devel-1.13.0-40.el7.ppc64le.rpm s390x: libipa_hbac-devel-1.13.0-40.el7.s390.rpm libipa_hbac-devel-1.13.0-40.el7.s390x.rpm libsss_idmap-devel-1.13.0-40.el7.s390.rpm libsss_idmap-devel-1.13.0-40.el7.s390x.rpm libsss_nss_idmap-devel-1.13.0-40.el7.s390.rpm libsss_nss_idmap-devel-1.13.0-40.el7.s390x.rpm libsss_simpleifp-devel-1.13.0-40.el7.s390.rpm libsss_simpleifp-devel-1.13.0-40.el7.s390x.rpm python-libsss_nss_idmap-1.13.0-40.el7.s390x.rpm sssd-debuginfo-1.13.0-40.el7.s390.rpm sssd-debuginfo-1.13.0-40.el7.s390x.rpm sssd-libwbclient-devel-1.13.0-40.el7.s390.rpm sssd-libwbclient-devel-1.13.0-40.el7.s390x.rpm x86_64: libipa_hbac-devel-1.13.0-40.el7.i686.rpm libipa_hbac-devel-1.13.0-40.el7.x86_64.rpm libsss_idmap-devel-1.13.0-40.el7.i686.rpm libsss_idmap-devel-1.13.0-40.el7.x86_64.rpm libsss_nss_idmap-devel-1.13.0-40.el7.i686.rpm libsss_nss_idmap-devel-1.13.0-40.el7.x86_64.rpm libsss_simpleifp-devel-1.13.0-40.el7.i686.rpm libsss_simpleifp-devel-1.13.0-40.el7.x86_64.rpm sssd-debuginfo-1.13.0-40.el7.i686.rpm sssd-debuginfo-1.13.0-40.el7.x86_64.rpm sssd-libwbclient-devel-1.13.0-40.el7.i686.rpm sssd-libwbclient-devel-1.13.0-40.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: sssd-1.13.0-40.el7.src.rpm noarch: python-sssdconfig-1.13.0-40.el7.noarch.rpm x86_64: libipa_hbac-1.13.0-40.el7.i686.rpm libipa_hbac-1.13.0-40.el7.x86_64.rpm libsss_idmap-1.13.0-40.el7.i686.rpm libsss_idmap-1.13.0-40.el7.x86_64.rpm libsss_nss_idmap-1.13.0-40.el7.i686.rpm libsss_nss_idmap-1.13.0-40.el7.x86_64.rpm python-libipa_hbac-1.13.0-40.el7.x86_64.rpm python-libsss_nss_idmap-1.13.0-40.el7.x86_64.rpm python-sss-1.13.0-40.el7.x86_64.rpm python-sss-murmur-1.13.0-40.el7.x86_64.rpm sssd-1.13.0-40.el7.x86_64.rpm sssd-ad-1.13.0-40.el7.x86_64.rpm sssd-client-1.13.0-40.el7.i686.rpm sssd-client-1.13.0-40.el7.x86_64.rpm sssd-common-1.13.0-40.el7.i686.rpm sssd-common-1.13.0-40.el7.x86_64.rpm sssd-common-pac-1.13.0-40.el7.x86_64.rpm sssd-dbus-1.13.0-40.el7.x86_64.rpm sssd-debuginfo-1.13.0-40.el7.i686.rpm sssd-debuginfo-1.13.0-40.el7.x86_64.rpm sssd-ipa-1.13.0-40.el7.x86_64.rpm sssd-krb5-1.13.0-40.el7.x86_64.rpm sssd-krb5-common-1.13.0-40.el7.i686.rpm sssd-krb5-common-1.13.0-40.el7.x86_64.rpm sssd-ldap-1.13.0-40.el7.x86_64.rpm sssd-libwbclient-1.13.0-40.el7.x86_64.rpm sssd-proxy-1.13.0-40.el7.x86_64.rpm sssd-tools-1.13.0-40.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.7): x86_64: libipa_hbac-devel-1.13.0-40.el7.i686.rpm libipa_hbac-devel-1.13.0-40.el7.x86_64.rpm libsss_idmap-devel-1.13.0-40.el7.i686.rpm libsss_idmap-devel-1.13.0-40.el7.x86_64.rpm libsss_nss_idmap-devel-1.13.0-40.el7.i686.rpm libsss_nss_idmap-devel-1.13.0-40.el7.x86_64.rpm libsss_simpleifp-1.13.0-40.el7.i686.rpm libsss_simpleifp-1.13.0-40.el7.x86_64.rpm libsss_simpleifp-devel-1.13.0-40.el7.i686.rpm libsss_simpleifp-devel-1.13.0-40.el7.x86_64.rpm sssd-debuginfo-1.13.0-40.el7.i686.rpm sssd-debuginfo-1.13.0-40.el7.x86_64.rpm sssd-libwbclient-devel-1.13.0-40.el7.i686.rpm sssd-libwbclient-devel-1.13.0-40.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5292 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWTkIwXlSAg2UNWIIRAnINAKDBmatLRvKwJPaSwuYki3fC/SD7XACfbUYi 8kOYYPRD0XDmFgAHtGvq2XU=v0PG -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Newly released sssd updates are now accessible for Red Hat Enterprise Linux 7, addressing minor security vulnerabilities and bugs.. sssd security fix, red hat enterprise linux, low impact advisory. . Severity: Low. LinuxSecurity.com Team

Nov 19, 2015 •Low Red Hat

security advisoryaccess controlbug fix

Moderate SSSD Security Advisory RHSA-2013:0663-01 for RHEL 6 Released

Updated sssd packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: sssd security and bug fix update Advisory ID: RHSA-2013:0663-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0663.html Issue date: 2013-03-19 CVE Names: CVE-2013-0287 ==================================================================== 1. Summary: Updated sssd packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: SSSD (System Security Services Daemon) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS (Name Service Switch) and PAM (Pluggable Authentication Modules) interfaces toward the system and a pluggable back end system to connect to multiple different account sources. When SSSD was configured as a Microsoft Active Directory client by using the new Active Directory provider (introduced inRHSA-2013:0508), the Simple Access Provider ("access_provider = simple" in "/etc/sssd/sssd.conf") did not handle access control correctly. If any groups were specified with the "simple_deny_groups" option (in sssd.conf), all users were permitted access. (CVE-2013-0287) The CVE-2013-0287 issue was discovered by Kaushik Banerjee of Red Hat. This update also fixes the following bugs: * If a group contained a member whose Distinguished Name (DN) pointed out of any of the configured search bases, the search request that was processing this particular group never ran to completion. To the user, this bug manifested as a long timeout between requesting the group data and receiving the result. A patch has been provided to address this bug and SSSD now processes group search requests without delays. (BZ#907362) * The pwd_expiration_warning should have been set for seven days, but instead it was set to zero for Kerberos. This incorrect zero setting returned the "always display warning if the server sends one" error message and users experienced problems in environments like IPA or Active Directory. Currently, the value setting for Kerberos is modified and this issue no longer occurs. (BZ#914671) All users of sssd are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 910938 - CVE-2013-0287 sssd: simple access provider flaw prevents intended ACL use when client to an AD provider 914671 - pwd_expiration_warning has wrong default for Kerberos 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: i386: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-python-1.9.2-82.4.el6_4.i686.rpm libsss_autofs-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-1.9.2-82.4.el6_4.i686.rpm sssd-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm x86_64: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-1.9.2-82.4.el6_4.x86_64.rpm libipa_hbac-python-1.9.2-82.4.el6_4.x86_64.rpm libsss_autofs-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-1.9.2-82.4.el6_4.x86_64.rpm sssd-1.9.2-82.4.el6_4.x86_64.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-tools-1.9.2-82.4.el6_4.i686.rpm x86_64: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm sssd-tools-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-1.9.2-82.4.el6_4.x86_64.rpm libipa_hbac-python-1.9.2-82.4.el6_4.x86_64.rpm libsss_autofs-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-1.9.2-82.4.el6_4.x86_64.rpm sssd-1.9.2-82.4.el6_4.x86_64.rpm sssd-client-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v.6): Source: x86_64: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.x86_64.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm sssd-tools-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-python-1.9.2-82.4.el6_4.i686.rpm libsss_autofs-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-1.9.2-82.4.el6_4.i686.rpm sssd-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm ppc64: libipa_hbac-1.9.2-82.4.el6_4.ppc.rpm libipa_hbac-1.9.2-82.4.el6_4.ppc64.rpm libipa_hbac-python-1.9.2-82.4.el6_4.ppc64.rpm libsss_autofs-1.9.2-82.4.el6_4.ppc64.rpm libsss_idmap-1.9.2-82.4.el6_4.ppc64.rpm libsss_sudo-1.9.2-82.4.el6_4.ppc64.rpm sssd-1.9.2-82.4.el6_4.ppc64.rpm sssd-client-1.9.2-82.4.el6_4.ppc.rpm sssd-client-1.9.2-82.4.el6_4.ppc64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.ppc.rpm sssd-debuginfo-1.9.2-82.4.el6_4.ppc64.rpm s390x: libipa_hbac-1.9.2-82.4.el6_4.s390.rpm libipa_hbac-1.9.2-82.4.el6_4.s390x.rpm libipa_hbac-python-1.9.2-82.4.el6_4.s390x.rpm libsss_autofs-1.9.2-82.4.el6_4.s390x.rpm libsss_idmap-1.9.2-82.4.el6_4.s390x.rpm libsss_sudo-1.9.2-82.4.el6_4.s390x.rpm sssd-1.9.2-82.4.el6_4.s390x.rpm sssd-client-1.9.2-82.4.el6_4.s390.rpm sssd-client-1.9.2-82.4.el6_4.s390x.rpm sssd-debuginfo-1.9.2-82.4.el6_4.s390.rpm sssd-debuginfo-1.9.2-82.4.el6_4.s390x.rpm x86_64: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-1.9.2-82.4.el6_4.x86_64.rpm libipa_hbac-python-1.9.2-82.4.el6_4.x86_64.rpm libsss_autofs-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-1.9.2-82.4.el6_4.x86_64.rpm sssd-1.9.2-82.4.el6_4.x86_64.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): Source: i386: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-tools-1.9.2-82.4.el6_4.i686.rpm ppc64: libipa_hbac-devel-1.9.2-82.4.el6_4.ppc.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.ppc64.rpm libsss_idmap-1.9.2-82.4.el6_4.ppc.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.ppc.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.ppc64.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.ppc.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.ppc64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.ppc.rpm sssd-debuginfo-1.9.2-82.4.el6_4.ppc64.rpm sssd-tools-1.9.2-82.4.el6_4.ppc64.rpm s390x: libipa_hbac-devel-1.9.2-82.4.el6_4.s390.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.s390x.rpm libsss_idmap-1.9.2-82.4.el6_4.s390.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.s390.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.s390x.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.s390.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.s390x.rpm sssd-debuginfo-1.9.2-82.4.el6_4.s390.rpm sssd-debuginfo-1.9.2-82.4.el6_4.s390x.rpm sssd-tools-1.9.2-82.4.el6_4.s390x.rpm x86_64: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm sssd-tools-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-python-1.9.2-82.4.el6_4.i686.rpm libsss_autofs-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-1.9.2-82.4.el6_4.i686.rpm sssd-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm x86_64: libipa_hbac-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-1.9.2-82.4.el6_4.x86_64.rpm libipa_hbac-python-1.9.2-82.4.el6_4.x86_64.rpm libsss_autofs-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-1.9.2-82.4.el6_4.x86_64.rpm sssd-1.9.2-82.4.el6_4.x86_64.rpm sssd-client-1.9.2-82.4.el6_4.i686.rpm sssd-client-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-tools-1.9.2-82.4.el6_4.i686.rpm x86_64: libipa_hbac-devel-1.9.2-82.4.el6_4.i686.rpm libipa_hbac-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.4.el6_4.x86_64.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.4.el6_4.x86_64.rpm sssd-debuginfo-1.9.2-82.4.el6_4.i686.rpm sssd-debuginfo-1.9.2-82.4.el6_4.x86_64.rpm sssd-tools-1.9.2-82.4.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-0287 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/errata/RHSA-2013:0508.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. . Canonicalreleases a new version of landscape for Ubuntu 20.04, fixing a critical vulnerability and improving system monitoring capabilities.. RHEL 6 Security, SSSD Update, Red Hat Advisory, Access Control Fix, Moderate Impact. . LinuxSecurity.com Team

Mar 19, 2013 Red Hat

security advisorydenial of servicesecurity issue

Red Hat Enterprise Linux 6 RHSA-2013-0508-02 Low: sssd Security Issues

Updated sssd packages that fix two security issues, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: sssd security, bug fix and enhancement update Advisory ID: RHSA-2013:0508-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0508.html Issue date: 2013-02-21 CVE Names: CVE-2013-0219 CVE-2013-0220 ==================================================================== 1. Summary: Updated sssd packages that fix two security issues, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect tomultiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A race condition was found in the way SSSD copied and removed user home directories. A local attacker who is able to write into the home directory of a different user who is being removed could use this flaw to perform symbolic link attacks, possibly allowing them to modify and delete arbitrary files with the privileges of the root user. (CVE-2013-0219) Multiple out-of-bounds memory read flaws were found in the way the autofs and SSH service responders parsed certain SSSD packets. An attacker could spend a specially-crafted packet that, when processed by the autofs or SSH service responders, would cause SSSD to crash. This issue only caused a temporary denial of service, as SSSD was automatically restarted by the monitor process after the crash. (CVE-2013-0220) The CVE-2013-0219 and CVE-2013-0220 issues were discovered by Florian Weimer of the Red Hat Product Security Team. These updated sssd packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All SSSD users are advised to upgrade to these updated packages, which upgrade SSSD to upstream version 1.9 to correct these issues, fix these bugs and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 743505 - [RFE] Implement "AD friendly" schema mapping 761573 - [RFE] Integrate with SUDO utility 766000 - [RFE]Add support for central management of the SELinux user mappings 768165 -[RFE] Support range retrievals 768168 - [RFE] Allow Constructing uid from Active Directory objectSid 789470 - [RFE] Introduce the concept of a Primary Server in SSSD 789507 - [RFE] SSSD should provide fast in memory cache to provide similar functionality as NSCD currently provides 790105 - Filter out inappropriate IP addresses from IPA dynamic DNS update 790107 - Document sss_tools better 799009 - Warn to syslog when dereference requests fail 799928 - [RFE] Hash the hostname/port information in the known_hosts file. 801431 - [RFE] sudo: send username and uid while requesting default options 801719 - "Error looking up public keys" while ssh to replica using IP address. 802718 - Unable to lookup user aliases with proxy provider. 805920 - [RFE] Introduce concept of Ghost User instead of using Fake User 805921 - Document the expectations about ghost users showing in the lookups 808307 - No info in sssd manpages for "ldap_sasl_minssf" 811987 - autofs: maximum key name must be PATH_MAX 813327 - [RFE] support looking up autofs maps via SSSD 814249 - [RFE] for faster SSSD startup 822404 - sssd does not provide maps for automounter when custom schema is being used 824244 - sssd does not warn into sssd.log for broken configurations 827036 - Add support for terminating idle connections in sssd_nss 829740 - Init script reports complete before sssd is actually working 832103 - [RFE] Optimize memberOf search criteria with AD 832120 - [RFE] Add AD provider 845251 - sssd does not try another server when unable to resolve hostname 845253 - Fail over does not work correctly when IPA server is establishing a GSSAPI-encrypted LDAP connection 848547 - [TECH PREVIEW] Support DIR: credential caches for multiple TGT support 852948 - ldap_chpass_update_last_change is not included in the manual page 854619 - SSSD cannot cope with empty naming context coming from Novell eDirectory 854997 - Add details about TGT validation to sssd-krb5 man page 857047 - [abrt] sssd-1.8.4-13.fc16: __GI_exit: Process /usr/libexec/sssd/sssd_pam was killed bysignal 6 (SIGABRT) 860667 - [man sssd-ldap] 'ldap_access_filter' description needs to be updated 861075 - SSSD_NSS failure to gracefully restart after sbus failure 861076 - Flip the default value of ldap_initgroups_use_matching_rule_in_chain 861079 - Collect Krb5 Trace on High Debug Levels 861082 - Manpage has ldap_autofs_search_base as experimental feature 861091 - pam_sss report System Error on wrong password 863131 - sssd_nss process hangs, stuck in loop; "self restart" does recover, but old process hangs around using 100% CPU 866542 - sssd_be crashes while looking up users867932 - Selinuxusermap rule is not honoured 867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running 869013 - Sudo smart refresh doesn't occur on time 869071 - Password authentication for users from trusted domains does not work 869150 - ldap_child crashes on using invalid keytab during gssapi connection 869443 - The sssd_nss process grows the memory consumption over time 869678 - sssd not granting access for AD trusted user in HBAC rule 870039 - sss_cache says 'Wrong DB version' 870045 - always reread the master map from LDAP 870060 - SSH host keys are not being removed from the cache 870238 - IPA client cannot change AD Trusted User password 870278 - ipa client setup should configure host properly in a trust is in place 870280 - ipa reconfigure functionality needed for fixing clients to support trusts 870505 - sss_cache: Multiple domains not handled properly 871160 - sudo failing for ad trusted user in IPA environment 871576 - sssd does not resolve group names from AD 871843 - Nested groups are not retrieved appropriately from cache 872110 - User appears twice on looking up a nested group 872180 - subdomains: Invalid sub-domain request type. 872324 - pam: fd leak when writing the selinux login file in the pam responder 872683 - sssd_be segfaults with enumeration enabled and anonymous LDAP access disabled 873032 - Move sss_cache to the main subpackage 873988 - Man page issue to list 'force_timeout' as anoption for the [sssd] section 874579 - sssd caching not working as expected for selinux usermap contexts 874616 - Silence the DEBUG messages when ID mapping code skips a built-in group 874618 - sss_cache: fqdn not accepted 874673 - user id lookup fails using proxy provider 875677 - password expiry warning message doesn't appear during auth 875738 - offline authentication failure always returns System Error 875740 - "defaults" entry ignored 875851 - sysdb upgrade failed converting db to 0.11 876531 - sss_cache does not work for automount maps 877126 - subdomains code does not save the proper user/group name 877130 - LDAP provider fails to save empty groups 877354 - ldap_connection_expire_timeout doesn't expire ldap connections 877972 - ldap_sasl_authid no longer accepts full principal 877974 - updating top-level group does not reflect ghost members correctly 878262 - ipa password auth failing for user principal name when shorter than IPA Realm name 878419 - sss_userdel doesn't remove entries from in-memory cache 878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set 878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent 880140 - sssd hangs at startup with broken configurations 880159 - delete operation is not implemented for ghost users880176 - memberUid required for primary groups to match sudo rule 880546 - krb5_kpasswd failover doesn't work 880956 - Primary server status is not always reset after failover to backup server happened 881773 - mmap cache needs update after db changes 882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update 882221 - Offline sudo denies access with expired entry_cache_timeout 882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds 882923 - Negative cache timeout is not working for proxy provider 883336 - sssd crashes during start if id_provider is not mentioned 883408 - Make it clear that ldap_sudo_include_regexp can only handle wildcards 884254 -CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees 884480 - user is not removed from group membership during initgroups 884600 - ldap_chpass_uri failover fails on using same hostname 884601 - CVE-2013-0220 sssd: Out-of-bounds read flaws in autofs and ssh services responders884666 - sudo: if first full refresh fails, schedule another first full refresh 885078 - sssd_nss crashes during enumeration if the enumeration is taking too long 885105 - sudo denies access with disabled ldap_sudo_use_host_filter 886038 - sssd components seem to mishandle sighup 886091 - Disallow root SSH public key authentication 886848 - user id lookup fails for case sensitive users using proxy provider 887961 - AD provider: getgrgid removes nested group memberships 888614 - Failure in memberof can lead to failed database update 888800 - MEmory leak in new memcache initgr cleanup function 889168 - krb5 ticket renewal does not read the renewable tickets from cache 889182 - crash in memory cache 890520 - Failover to krb5_backup_kpasswd doesn't work 891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP 892197 - Incorrect principal searched for in keytab 894302 - sssd fails to update to changes on autofs maps 894381 - memory cache is not updated after user is deleted from ldb cache 894428 - wrong filter for autofs maps in sss_cache 894738 - Failover to ldap_chpass_backup_uri doesn't work 894997 - sssd_be crashes looking up members with groups outside the nesting limit 895132 - Modifications using sss_usermod tool are not reflected in memory cache 895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform 896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute. 902436 - possible segfault when backend callback is removed 902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: i386: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-python-1.9.2-82.el6.i686.rpm libsss_autofs-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_sudo-1.9.2-82.el6.i686.rpm sssd-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-tools-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v.6): Source: x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-python-1.9.2-82.el6.i686.rpm libsss_autofs-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_sudo-1.9.2-82.el6.i686.rpm sssd-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm ppc64: libipa_hbac-1.9.2-82.el6.ppc.rpm libipa_hbac-1.9.2-82.el6.ppc64.rpm libipa_hbac-python-1.9.2-82.el6.ppc64.rpm libsss_autofs-1.9.2-82.el6.ppc64.rpm libsss_idmap-1.9.2-82.el6.ppc64.rpm libsss_sudo-1.9.2-82.el6.ppc64.rpm sssd-1.9.2-82.el6.ppc64.rpm sssd-client-1.9.2-82.el6.ppc.rpm sssd-client-1.9.2-82.el6.ppc64.rpm sssd-debuginfo-1.9.2-82.el6.ppc.rpm sssd-debuginfo-1.9.2-82.el6.ppc64.rpm s390x: libipa_hbac-1.9.2-82.el6.s390.rpm libipa_hbac-1.9.2-82.el6.s390x.rpm libipa_hbac-python-1.9.2-82.el6.s390x.rpm libsss_autofs-1.9.2-82.el6.s390x.rpm libsss_idmap-1.9.2-82.el6.s390x.rpm libsss_sudo-1.9.2-82.el6.s390x.rpm sssd-1.9.2-82.el6.s390x.rpm sssd-client-1.9.2-82.el6.s390.rpm sssd-client-1.9.2-82.el6.s390x.rpm sssd-debuginfo-1.9.2-82.el6.s390.rpm sssd-debuginfo-1.9.2-82.el6.s390x.rpm x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat EnterpriseLinux Server Optional (v. 6): Source: i386: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-tools-1.9.2-82.el6.i686.rpm ppc64: libipa_hbac-devel-1.9.2-82.el6.ppc.rpm libipa_hbac-devel-1.9.2-82.el6.ppc64.rpm libsss_idmap-1.9.2-82.el6.ppc.rpm libsss_idmap-devel-1.9.2-82.el6.ppc.rpm libsss_idmap-devel-1.9.2-82.el6.ppc64.rpm libsss_sudo-devel-1.9.2-82.el6.ppc.rpm libsss_sudo-devel-1.9.2-82.el6.ppc64.rpm sssd-debuginfo-1.9.2-82.el6.ppc.rpm sssd-debuginfo-1.9.2-82.el6.ppc64.rpm sssd-tools-1.9.2-82.el6.ppc64.rpm s390x: libipa_hbac-devel-1.9.2-82.el6.s390.rpm libipa_hbac-devel-1.9.2-82.el6.s390x.rpm libsss_idmap-1.9.2-82.el6.s390.rpm libsss_idmap-devel-1.9.2-82.el6.s390.rpm libsss_idmap-devel-1.9.2-82.el6.s390x.rpm libsss_sudo-devel-1.9.2-82.el6.s390.rpm libsss_sudo-devel-1.9.2-82.el6.s390x.rpm sssd-debuginfo-1.9.2-82.el6.s390.rpm sssd-debuginfo-1.9.2-82.el6.s390x.rpm sssd-tools-1.9.2-82.el6.s390x.rpm x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-python-1.9.2-82.el6.i686.rpm libsss_autofs-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_sudo-1.9.2-82.el6.i686.rpm sssd-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-1.9.2-82.el6.i686.rpm libipa_hbac-1.9.2-82.el6.x86_64.rpm libipa_hbac-python-1.9.2-82.el6.x86_64.rpm libsss_autofs-1.9.2-82.el6.x86_64.rpm libsss_idmap-1.9.2-82.el6.i686.rpm libsss_idmap-1.9.2-82.el6.x86_64.rpm libsss_sudo-1.9.2-82.el6.x86_64.rpm sssd-1.9.2-82.el6.x86_64.rpm sssd-client-1.9.2-82.el6.i686.rpm sssd-client-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-tools-1.9.2-82.el6.i686.rpm x86_64: libipa_hbac-devel-1.9.2-82.el6.i686.rpm libipa_hbac-devel-1.9.2-82.el6.x86_64.rpm libsss_idmap-devel-1.9.2-82.el6.i686.rpm libsss_idmap-devel-1.9.2-82.el6.x86_64.rpm libsss_sudo-devel-1.9.2-82.el6.i686.rpm libsss_sudo-devel-1.9.2-82.el6.x86_64.rpm sssd-debuginfo-1.9.2-82.el6.i686.rpm sssd-debuginfo-1.9.2-82.el6.x86_64.rpm sssd-tools-1.9.2-82.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2013-0219 https://access.redhat.com/security/cve/CVE-2013-0220 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4(GNU/Linux) iD8DBQFRJcDZXlSAg2UNWIIRAhnEAJ9XdwmO6Lj3pGoiRkr7pvnys8bNngCgjIdk YqzxidbE7UcfmsItAyPQUNY=+H1I -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Minor improvements in sssd functionality, enhancing security measures and resolving multiple bugs on Red Hat Enterprise Linux.. Red Hat SSSD Update, RHEL Security Fix, SSSD Bug Enhancements. . Severity: Low. LinuxSecurity.com Team

Feb 21, 2013 •Low Red Hat

security advisorybug fixRed Hat Enterprise Linux

Red Hat Enterprise Linux 5 RHSA-2011:0975-01 Low: SSSD Update Management

Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: sssd security, bug fix, and enhancement update Advisory ID: RHSA-2011:0975-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0975.html Issue date: 2011-07-21 CVE Names: CVE-2010-4341 ==================================================================== 1. Summary: Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A flaw was found in the SSSD PAM responder that could allow a local attacker to force SSSD to enter an infinite loop via a carefully-crafted packet. With SSSD unresponsive, legitimate users could be denied the ability to log in to the system. (CVE-2010-4341) Red Hatwould like to thank Sebastian Krahmer for reporting this issue. These updated sssd packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about these changes: https://access.redhat.com/search/ nical_Notes/sssd.html#RHSA-2011-0975 All sssd users are advised to upgrade to these updated sssd packages, which upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the bugs and add the enhancements noted in the Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 640601 - sssd is not escaping correctly LDAP searches 661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins 675007 - sssd corrupts group cache 676027 - sssd segfault when first entry of ldap_uri is unreachable 678032 - Remove HBAC time rules from SSSD 678092 - SSSD in 5.6 can not locate HBAC rules from FreeIPAv2 678412 - name service caches names, so id command shows recently deleted users678606 - User information not updated on login for secondary domains 678615 - SSSD needs to look at IPA's compat tree for netgroups 678778 - IPA provider does not update removed group memberships on initgroups 678780 - sssd crashes at the next tgt renewals it tries. 679087 - SSSD IPA provider should honor the krb5_realm option 679097 - Does not read renewable ccache at startup. 682803 - sssd-be segmentation fault - ipa-client on ipa-server 682808 - sssd_nss core dumps with certain lookups 682853 - IPA provider should use realm instead of ipa_domain for base DN 683260 - sudo/ldap lookup via sssd gets stuck for 5min waiting on netgroup 688677 - Build SSSD in RHEL 5.7 againstopenldap24-libs 688694 - authconfig fails when access_provider is set as krb5 in sssd.conf. 688697 - sssd 1.5.1-9 breaks AD authentication 689887 - group memberships are not populated correctly during IPA provider initgroups 690093 - multiple problems with sssd + ldap (Active-Directory) and groups members. 690096 - SSSD should skip over groups with multiple names 690287 - Traceback messages seen while interrupting sss_obfuscate using ctrl+d. 690814 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 690867 - Groups with a zero-length memberuid attribute can cause SSSD to stop caching and responding to requests 691900 - SSSD needs to fall back to 'cn' for GECOS information (was: SSSD configuration problem when configured with MSAD) 692960 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 694149 - SSSD consumes GBs of RAM, possible memory leak 694853 - SSSD crashes during getent when anonymous bind is disabled. 695476 - Unable to resolve SRV record when called with _srv_, in ldap_uri 696979 - [REGRESSION] Filters not honoured against fully-qualified users. 701702 - sssd client libraries use select() but should use poll() instead 707340 - latest sssd fails if ldap_default_authtok_type is not mentioned 707574 - SSSD's async resolver only tries the first nameserver in /etc/resolv.conf 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: sssd-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-tools-1.5.1-37.el5.i386.rpm x86_64: sssd-1.5.1-37.el5.x86_64.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.x86_64.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.x86_64.rpm sssd-tools-1.5.1-37.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: sssd-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-tools-1.5.1-37.el5.i386.rpm ia64: sssd-1.5.1-37.el5.ia64.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.ia64.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.ia64.rpm sssd-tools-1.5.1-37.el5.ia64.rpm ppc: sssd-1.5.1-37.el5.ppc.rpm sssd-client-1.5.1-37.el5.ppc.rpm sssd-client-1.5.1-37.el5.ppc64.rpm sssd-debuginfo-1.5.1-37.el5.ppc.rpm sssd-debuginfo-1.5.1-37.el5.ppc64.rpm sssd-tools-1.5.1-37.el5.ppc.rpm s390x: sssd-1.5.1-37.el5.s390x.rpm sssd-client-1.5.1-37.el5.s390.rpm sssd-client-1.5.1-37.el5.s390x.rpm sssd-debuginfo-1.5.1-37.el5.s390.rpm sssd-debuginfo-1.5.1-37.el5.s390x.rpm sssd-tools-1.5.1-37.el5.s390x.rpm x86_64: sssd-1.5.1-37.el5.x86_64.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.x86_64.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.x86_64.rpm sssd-tools-1.5.1-37.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-4341 https://access.redhat.com/security/updates/classification#low https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement https://access.redhat.com/search/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOKCjwXlSAg2UNWIIRAp1QAJ48+Zo46ncYENnEBVbZIzUvJIL+WgCgpSjL 85yR3jufQeBeq/Pqee04GX8=dZbV -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Minimal sssd upgrade for Red Hat Enterprise Linux addresses security issues alongside multiple bug corrections and enhancements.. sssd update, Red Hat security, enhancement update. . Severity: Low.LinuxSecurity.com Team

Jul 21, 2011 •Low Red Hat

security advisoryRed HatDoS issue

Red Hat 5: RHSA-2011:0975-01 Low Severity: SSSD Denial of Service Issue Fix

Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: sssd security, bug fix, and enhancement update Advisory ID: RHSA-2011:0975-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0975.html Issue date: 2011-07-21 CVE Names: CVE-2010-4341 ==================================================================== 1. Summary: Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A flaw was found in the SSSD PAM responder that could allow a local attacker to force SSSD to enter an infinite loop via a carefully-crafted packet. With SSSD unresponsive, legitimate users could be denied the ability to log in to the system. (CVE-2010-4341) Red Hat would like to thank Sebastian Krahmer for reporting this issue. These updated sssd packages include a number ofbug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about these changes: https://access.redhat.com/search/ nical_Notes/sssd.html#RHSA-2011-0975 All sssd users are advised to upgrade to these updated sssd packages, which upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the bugs and add the enhancements noted in the Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 640601 - sssd is not escaping correctly LDAP searches 661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins 675007 - sssd corrupts group cache 676027 - sssd segfault when first entry of ldap_uri is unreachable 678032 - Remove HBAC time rules from SSSD 678092 - SSSD in 5.6 can not locate HBAC rules from FreeIPAv2 678412 - name service caches names, so id command shows recently deleted users678606 - User information not updated on login for secondary domains 678615 - SSSD needs to look at IPA's compat tree for netgroups 678778 - IPA provider does not update removed group memberships on initgroups 678780 - sssd crashes at the next tgt renewals it tries. 679087 - SSSD IPA provider should honor the krb5_realm option 679097 - Does not read renewable ccache at startup. 682803 - sssd-be segmentation fault - ipa-client on ipa-server 682808 - sssd_nss core dumps with certain lookups 682853 - IPA provider should use realm instead of ipa_domain for base DN 683260 - sudo/ldap lookup via sssd gets stuck for 5min waiting on netgroup 688677 - Build SSSD in RHEL 5.7 against openldap24-libs 688694 - authconfig fails when access_provider is set as krb5 in sssd.conf. 688697 - sssd 1.5.1-9 breaks ADauthentication 689887 - group memberships are not populated correctly during IPA provider initgroups 690093 - multiple problems with sssd + ldap (Active-Directory) and groups members. 690096 - SSSD should skip over groups with multiple names 690287 - Traceback messages seen while interrupting sss_obfuscate using ctrl+d. 690814 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 690867 - Groups with a zero-length memberuid attribute can cause SSSD to stop caching and responding to requests 691900 - SSSD needs to fall back to 'cn' for GECOS information (was: SSSD configuration problem when configured with MSAD) 692960 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 694149 - SSSD consumes GBs of RAM, possible memory leak 694853 - SSSD crashes during getent when anonymous bind is disabled. 695476 - Unable to resolve SRV record when called with _srv_, in ldap_uri 696979 - [REGRESSION] Filters not honoured against fully-qualified users. 701702 - sssd client libraries use select() but should use poll() instead 707340 - latest sssd fails if ldap_default_authtok_type is not mentioned 707574 - SSSD's async resolver only tries the first nameserver in /etc/resolv.conf 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: sssd-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-tools-1.5.1-37.el5.i386.rpm x86_64: sssd-1.5.1-37.el5.x86_64.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.x86_64.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.x86_64.rpm sssd-tools-1.5.1-37.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: sssd-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-tools-1.5.1-37.el5.i386.rpm ia64: sssd-1.5.1-37.el5.ia64.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.ia64.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.ia64.rpm sssd-tools-1.5.1-37.el5.ia64.rpm ppc: sssd-1.5.1-37.el5.ppc.rpm sssd-client-1.5.1-37.el5.ppc.rpm sssd-client-1.5.1-37.el5.ppc64.rpm sssd-debuginfo-1.5.1-37.el5.ppc.rpm sssd-debuginfo-1.5.1-37.el5.ppc64.rpm sssd-tools-1.5.1-37.el5.ppc.rpm s390x: sssd-1.5.1-37.el5.s390x.rpm sssd-client-1.5.1-37.el5.s390.rpm sssd-client-1.5.1-37.el5.s390x.rpm sssd-debuginfo-1.5.1-37.el5.s390.rpm sssd-debuginfo-1.5.1-37.el5.s390x.rpm sssd-tools-1.5.1-37.el5.s390x.rpm x86_64: sssd-1.5.1-37.el5.x86_64.rpm sssd-client-1.5.1-37.el5.i386.rpm sssd-client-1.5.1-37.el5.x86_64.rpm sssd-debuginfo-1.5.1-37.el5.i386.rpm sssd-debuginfo-1.5.1-37.el5.x86_64.rpm sssd-tools-1.5.1-37.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-4341 https://access.redhat.com/security/updates/classification#low https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement https://access.redhat.com/search/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. . Recent sssd updates mitigate minor security vulnerabilities and fix bugs for Red Hat Enterprise Linux.. sssd update, Red Hat security, DoS mitigation. . Severity: Low. LinuxSecurity.com Team

Jul 21, 2011 •Low Red Hat

security advisorysecurity issuebug fix

Red Hat Enterprise Linux 6 RHSA-2011-0560-01 Low: SSSD DoS Threat

Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: sssd security, bug fix, and enhancement update Advisory ID: RHSA-2011:0560-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0560.html Issue date: 2011-05-19 CVE Names: CVE-2010-4341 ==================================================================== 1. Summary: Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A flaw wasfound in the SSSD PAM responder that could allow a local attacker to crash SSSD via a carefully-crafted packet. With SSSD unresponsive, legitimate users could be denied the ability to log in to the system. (CVE-2010-4341) Red Hat would like to thank Sebastian Krahmer for reporting this issue. This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. Users of SSSD should upgrade to these updated packages, which upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the bugs and add the enhancements noted in the Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 442680 - Better support for Kerberos ticket cache management 598501 - SSSD doesn't follow LDAP referrals when using non-anonymous bind 633406 - the krb5 locator plugin isn't packaged for multilib 633487 - SSSD initgroups does not behave as expected 640602 - sssd is not escaping correctly LDAP searches 644072 - Rebase SSSD to 1.5 645438 - NSS responder dies if DP dies during a request 645449 - 'getent passwd ' returns nothing if its uidNumber gt 2147483647. 647816 - Login screen freezes for more than 2mins when configured SSSD for proxy auth. 649286 - SSSD will sometimes lose groups from the cache 658158 - sssd stops on upgrade 659401 - SSSD shutdown sometimes hangs 660323 - Provide an option to specify DNS domain for service discovery 661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins 667059 - nss client blocks when enumerating local domain after restart. 667326 - '-s' option in sss_obfuscate command is a bit redundant. 667349 - Obfuscated passwordscan kill LDAP provider if OpenLDAP uses NSS. 670511 - SSSD and sftp-only jailed users with pubkey login 670763 - Missing primary group with simple access provider. 670804 - Nested groups are not unrolled during the first enumeration. 671478 - authconfig-tui/gtk removes "ldap_user_home_directory" from sssd.conf 674141 - Traceback call messages displayed while "sss_obfuscate" command is executed as a non-root user. 674164 - sss_obfuscate fails if there's no domain named "default". 674172 - Group members are not sanitized in nested group processing 674515 - -p option always uses empty string to obfuscate password. 675284 - "no matching rule" message logged on all successful requests. 676401 - Remove HBAC time rules from SSSD 676911 - SSSD attempts to use START_TLS over LDAPS for authentication 677318 - Does not read renewable ccache at startup. 677588 - sssd crashes at the next tgt renewals it tries. 678091 - SSSD in 6.0 can not locate HBAC rules from FreeIPAv2 678410 - name service caches names, so id command shows recently deleted users678593 - User information not updated on login for secondary domains 678614 - SSSD needs to look at IPA's compat tree for netgroups 678777 - IPA provider does not update removed group memberships on initgroups 679082 - SSSD IPA provider should honor the krb5_realm option 680367 - sssd not thread-safe 682340 - sssd-be segmentation fault - ipa-client on ipa-server 682807 - sssd_nss core dumps with certain lookups 682850 - IPA provider should use realm instead of ipa_domain for base DN 683158 - multiple problems with sssd + ldap (Active-Directory) and groups members. 683255 - sudo/ldap lookup via sssd gets stuck for 5min waiting on netgroup 683860 - sssd 1.5.1-9 breaks AD authentication 683885 - SSSD should skip over groups with multiple names 688491 - authconfig fails when access_provider is set as krb5 in sssd.conf. 689886 - group memberships are not populated correctly during IPA provider initgroups 690131 - Traceback messages seen while interrupting sss_obfuscate usingctrl+d. 690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 690866 - Groups with a zero-length memberuid attribute can cause SSSD to stop caching and responding to requests 691678 - SSSD needs to fall back to 'cn' for GECOS information (was: SSSD configuration problem when configured with MSAD) 692472 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 694146 - SSSD consumes GBs of RAM, possible memory leak 694444 - Unable to resolve SRV record when called with _srv_, in ldap_uri 694783 - SSSD crashes during getent when anonymous bind is disabled. 696972 - [REGRESSION] Filters not honoured against fully-qualified users. 701700 - sssd client libraries use select() but should use poll() instead 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: sssd-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm x86_64: sssd-1.5.1-34.el6.x86_64.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.x86_64.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-tools-1.5.1-34.el6.i686.rpm x86_64: sssd-debuginfo-1.5.1-34.el6.x86_64.rpm sssd-tools-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: sssd-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm ppc64: sssd-1.5.1-34.el6.ppc64.rpm sssd-client-1.5.1-34.el6.ppc.rpm sssd-client-1.5.1-34.el6.ppc64.rpm sssd-debuginfo-1.5.1-34.el6.ppc.rpm sssd-debuginfo-1.5.1-34.el6.ppc64.rpm s390x: sssd-1.5.1-34.el6.s390x.rpm sssd-client-1.5.1-34.el6.s390.rpm sssd-client-1.5.1-34.el6.s390x.rpm sssd-debuginfo-1.5.1-34.el6.s390.rpm sssd-debuginfo-1.5.1-34.el6.s390x.rpm x86_64: sssd-1.5.1-34.el6.x86_64.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.x86_64.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-tools-1.5.1-34.el6.i686.rpm ppc64: sssd-debuginfo-1.5.1-34.el6.ppc64.rpm sssd-tools-1.5.1-34.el6.ppc64.rpm s390x: sssd-debuginfo-1.5.1-34.el6.s390x.rpm sssd-tools-1.5.1-34.el6.s390x.rpm x86_64: sssd-debuginfo-1.5.1-34.el6.x86_64.rpm sssd-tools-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: sssd-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm x86_64: sssd-1.5.1-34.el6.x86_64.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.x86_64.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-tools-1.5.1-34.el6.i686.rpm x86_64: sssd-debuginfo-1.5.1-34.el6.x86_64.rpm sssd-tools-1.5.1-34.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2010-4341 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/search/ 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN1Qr+XlSAg2UNWIIRAitmAJ4/vnFA+RG6yosPlusnICXjY6ayygCfZRO7 +8USf94DNiwfiJq2wxiq3Rc=Onj8 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Newly rolled out updates improve the security framework and address various issues in the SSSD component of Red Hat Enterprise Linux 6, classified as low severity.. Red Hat Enterprise Linux, SSSD Update, Authentication Fixes, Bug Reports. . Severity: Low. LinuxSecurity.com Team

May 19, 2011 •Low Red Hat

security advisorylow severityaccess management

Red Hat: RHSA-2011:0560-01 Low Severity: SSSD Update and Fixes

Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: sssd security, bug fix, and enhancement update Advisory ID: RHSA-2011:0560-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0560.html Issue date: 2011-05-19 CVE Names: CVE-2010-4341 ==================================================================== 1. Summary: Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A flaw was found in the SSSD PAM responder that could allow a local attacker to crash SSSD via a carefully-crafted packet.With SSSD unresponsive, legitimate users could be denied the ability to log in to the system. (CVE-2010-4341) Red Hat would like to thank Sebastian Krahmer for reporting this issue. This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. Users of SSSD should upgrade to these updated packages, which upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the bugs and add the enhancements noted in the Technical Notes. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 442680 - Better support for Kerberos ticket cache management 598501 - SSSD doesn't follow LDAP referrals when using non-anonymous bind 633406 - the krb5 locator plugin isn't packaged for multilib 633487 - SSSD initgroups does not behave as expected 640602 - sssd is not escaping correctly LDAP searches 644072 - Rebase SSSD to 1.5 645438 - NSS responder dies if DP dies during a request 645449 - 'getent passwd ' returns nothing if its uidNumber gt 2147483647. 647816 - Login screen freezes for more than 2mins when configured SSSD for proxy auth. 649286 - SSSD will sometimes lose groups from the cache 658158 - sssd stops on upgrade 659401 - SSSD shutdown sometimes hangs 660323 - Provide an option to specify DNS domain for service discovery 661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins 667059 - nss client blocks when enumerating local domain after restart. 667326 - '-s' option in sss_obfuscate command is a bit redundant. 667349 - Obfuscated passwords can kill LDAP provider if OpenLDAP uses NSS. 670511 - SSSD and sftp-only jailed users with pubkey login 670763 -Missing primary group with simple access provider. 670804 - Nested groups are not unrolled during the first enumeration. 671478 - authconfig-tui/gtk removes "ldap_user_home_directory" from sssd.conf 674141 - Traceback call messages displayed while "sss_obfuscate" command is executed as a non-root user. 674164 - sss_obfuscate fails if there's no domain named "default". 674172 - Group members are not sanitized in nested group processing 674515 - -p option always uses empty string to obfuscate password. 675284 - "no matching rule" message logged on all successful requests. 676401 - Remove HBAC time rules from SSSD 676911 - SSSD attempts to use START_TLS over LDAPS for authentication 677318 - Does not read renewable ccache at startup. 677588 - sssd crashes at the next tgt renewals it tries. 678091 - SSSD in 6.0 can not locate HBAC rules from FreeIPAv2 678410 - name service caches names, so id command shows recently deleted users678593 - User information not updated on login for secondary domains 678614 - SSSD needs to look at IPA's compat tree for netgroups 678777 - IPA provider does not update removed group memberships on initgroups 679082 - SSSD IPA provider should honor the krb5_realm option 680367 - sssd not thread-safe 682340 - sssd-be segmentation fault - ipa-client on ipa-server 682807 - sssd_nss core dumps with certain lookups 682850 - IPA provider should use realm instead of ipa_domain for base DN 683158 - multiple problems with sssd + ldap (Active-Directory) and groups members. 683255 - sudo/ldap lookup via sssd gets stuck for 5min waiting on netgroup 683860 - sssd 1.5.1-9 breaks AD authentication 683885 - SSSD should skip over groups with multiple names 688491 - authconfig fails when access_provider is set as krb5 in sssd.conf. 689886 - group memberships are not populated correctly during IPA provider initgroups 690131 - Traceback messages seen while interrupting sss_obfuscate using ctrl+d. 690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process /usr/libexec/sssd/sssd_be was killed by signal 11(SIGSEGV) 690866 - Groups with a zero-length memberuid attribute can cause SSSD to stop caching and responding to requests 691678 - SSSD needs to fall back to 'cn' for GECOS information (was: SSSD configuration problem when configured with MSAD) 692472 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) 694146 - SSSD consumes GBs of RAM, possible memory leak 694444 - Unable to resolve SRV record when called with _srv_, in ldap_uri 694783 - SSSD crashes during getent when anonymous bind is disabled. 696972 - [REGRESSION] Filters not honoured against fully-qualified users. 701700 - sssd client libraries use select() but should use poll() instead 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: sssd-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm x86_64: sssd-1.5.1-34.el6.x86_64.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.x86_64.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-tools-1.5.1-34.el6.i686.rpm x86_64: sssd-debuginfo-1.5.1-34.el6.x86_64.rpm sssd-tools-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: sssd-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm ppc64: sssd-1.5.1-34.el6.ppc64.rpm sssd-client-1.5.1-34.el6.ppc.rpm sssd-client-1.5.1-34.el6.ppc64.rpm sssd-debuginfo-1.5.1-34.el6.ppc.rpm sssd-debuginfo-1.5.1-34.el6.ppc64.rpm s390x: sssd-1.5.1-34.el6.s390x.rpm sssd-client-1.5.1-34.el6.s390.rpm sssd-client-1.5.1-34.el6.s390x.rpm sssd-debuginfo-1.5.1-34.el6.s390.rpm sssd-debuginfo-1.5.1-34.el6.s390x.rpm x86_64: sssd-1.5.1-34.el6.x86_64.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.x86_64.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): Source: i386: sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-tools-1.5.1-34.el6.i686.rpm ppc64: sssd-debuginfo-1.5.1-34.el6.ppc64.rpm sssd-tools-1.5.1-34.el6.ppc64.rpm s390x: sssd-debuginfo-1.5.1-34.el6.s390x.rpm sssd-tools-1.5.1-34.el6.s390x.rpm x86_64: sssd-debuginfo-1.5.1-34.el6.x86_64.rpm sssd-tools-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: sssd-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm x86_64: sssd-1.5.1-34.el6.x86_64.rpm sssd-client-1.5.1-34.el6.i686.rpm sssd-client-1.5.1-34.el6.x86_64.rpm sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-debuginfo-1.5.1-34.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: sssd-debuginfo-1.5.1-34.el6.i686.rpm sssd-tools-1.5.1-34.el6.i686.rpm x86_64: sssd-debuginfo-1.5.1-34.el6.x86_64.rpm sssd-tools-1.5.1-34.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-4341 https://access.redhat.com/security/updates/classification#low https://access.redhat.com/search/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. . Investigate the most recent Red Hat security bulletin regarding updates in sssd, addressing minor vulnerabilities, alongside improvements for RHEL 6.. Red Hat Enterprise Linux, SSSD, Bug Fixes, Security Update, Authentication Enhancements. . Severity: Low. LinuxSecurity.com Team

May 19, 2011 •Low Red Hat

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

Fedora 44 libre 4.8.1 Critical Update Details for Real-Time Communication

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026-acefc1fe48

Fedora 44 Rust Sequoia Sop Low-Severity Fix Advisory 2026-5c5f4f40a4

Fedora 44 rust-sequoia-sq Low Threat Security Advisory 2026-5c5f4f40a4

Fedora 44 rust-sequoia-wot Low Severity Security Fix 2026-5c5f4f40a4

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Red Hat Enterprise Linux 8: RHSA-2019-3651-01 Low: SSSD Security Update

Red Hat Enterprise Linux 7: RHSA-2015-2355-01 Low: sssd Memory Leak

Moderate SSSD Security Advisory RHSA-2013:0663-01 for RHEL 6 Released

Red Hat Enterprise Linux 6 RHSA-2013-0508-02 Low: sssd Security Issues

Red Hat Enterprise Linux 5 RHSA-2011:0975-01 Low: SSSD Update Management

Red Hat 5: RHSA-2011:0975-01 Low Severity: SSSD Denial of Service Issue Fix

Red Hat Enterprise Linux 6 RHSA-2011-0560-01 Low: SSSD DoS Threat

Red Hat: RHSA-2011:0560-01 Low Severity: SSSD Update and Fixes

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

Fedora 44 libre 4.8.1 Critical Update Details for Real-Time Communication

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026-acefc1fe48

Fedora 44 Rust Sequoia Sop Low-Severity Fix Advisory 2026-5c5f4f40a4

Fedora 44 rust-sequoia-sq Low Threat Security Advisory 2026-5c5f4f40a4

Fedora 44 rust-sequoia-wot Low Severity Security Fix 2026-5c5f4f40a4

Refine advisories

severity

Topics

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!