ELSA-2011-0975

Опубликовано: 31 июл. 2011

Источник: oracle-oval

Платформа: Oracle Linux 5

Описание

ELSA-2011-0975: sssd security, bug fix, and enhancement update (LOW)

[1.5.1-37]

Reverts: rhbz#680443 - Dynamic DNS update fails if multiple servers are
given in ipa_server config option

[1.5.1-36]

Resolves: rhbz#709333 - sssd. should require sssd-client.

[1.5.1-35]

Resolves: rhbz#707340 - latest sssd fails if ldap_default_authtok_type is
not mentioned
Resolves: rhbz#707574 - SSSD's async resolver only tries the first
nameserver in /etc/resolv.conf

[1.5.1-34]

Resolves: rhbz#701702 - sssd client libraries use select() but should use
poll() instead

[1.5.1-33]

Related: rhbz#700858 - Automatic TGT renewal overwrites cached password
Fix segfault in TGT renewal

[1.5.1-32]

Resolves: rhbz#700858 - Automatic TGT renewal overwrites cached password

[1.5.1-30]

Resolves: rhbz#696979 - Filters not honoured against fully-qualified users

[1.5.1-29]

Resolves: rhbz#694149 - SSSD consumes GBs of RAM, possible memory leak

[1.5.1-28]

Related: rhbz#691900 - SSSD needs to fall back to 'cn' for GECOS
information

[1.5.1-27]

Related: rhbz#694853 - SSSD crashes during getent when anonymous bind is
disabled

[1.5.1-26]

Resolves: rhbz#695476 - Unable to resolve SRV record when called with [in ldap_uri]
Related: rhbz#694853 - SSSD crashes during getent when anonymous bind is
disabled

[1.5.1-25]

Resolves: rhbz#694853 - SSSD crashes during getent when anonymous bind is
disabled

[1.5.1-24]

Resolves: rhbz#692960 - Process /usr/libexec/sssd/sssd_be was killed by
signal 11 (SIGSEGV)
Fix is to not attempt to resolve nameless servers

[1.5.1-23]

Resolves: rhbz#691900 - SSSD needs to fall back to 'cn' for GECOS
information

[1.5.1-21]

Resolves: rhbz#690867 - Groups with a zero-length memberuid attribute can
cause SSSD to stop caching and responding to
requests

[1.5.1-20]

Resolves: rhbz#690287 - Traceback messages seen while interrupting
sss_obfuscate using ctrl+d
Resolves: rhbz#690814 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process
/usr/libexec/sssd/sssd_be was killed by signal 11
(SIGSEGV)

[1.5.1-19]

Related: rhbz#690096 - SSSD should skip over groups with multiple names

[1.5.1-18]

Resolves: rhbz#690093 - SSSD breaks on RDNs with a comma in them
Resolves: rhbz#690096 - SSSD should skip over groups with multiple names
Resolves: rhbz#689887 - group memberships are not populated correctly during
IPA provider initgroups
Resolves: rhbz#688697 - Skip users and groups that have incomplete contents
Resolves: rhbz#688694 - authconfig fails when access_provider is set as krb5
in sssd.conf

[1.5.1-17]

Resolves: rhbz#688677 - Build SSSD in RHEL 5.7 against openldap24-libs
Adds support for following LDAP referrals and using Mozilla NSS for crypto
support

[1.5.1-16]

Resolves: rhbz#683260 - sudo/ldap lookup via sssd gets stuck for 5min
waiting on netgroup
Resolves: rhbz#683585 - sssd consumes 100% CPU
Related: rhbz#680441 - sssd does not handle kerberos server IP change

[1.5.1-15]

Related: rhbz#680441 - sssd does not handle kerberos server IP change
SSSD was staying with the old server if it was still online

[1.5.1-14]

Resolves: rhbz#682853 - IPA provider should use realm instead of ipa_domain
for base DN

[1.5.1-13]

Resolves: rhbz#682803 - sssd-be segmentation fault - ipa-client on
ipa-server
Resolves: rhbz#680441 - sssd does not handle kerberos server IP change
Resolves: rhbz#680443 - Dynamic DNS update fails if multiple servers are
given in ipa_server config option
Resolves: rhbz#680933 - Do not delete sysdb memberOf if there is no memberOf
attribute on the server
Resolves: rhbz#682808 - sssd_nss core dumps with certain lookups

[1.5.1-12]

Related: rhbz#679087 - SSSD IPA provider should honor the krb5_realm option
Related: rhbz#678615 - SSSD needs to look at IPA's compat tree for netgroups

[1.5.1-11]

Resolves: rhbz#679087 - SSSD IPA provider should honor the krb5_realm option
Resolves: rhbz#679097 - Does not read renewable ccache at startup

[1.5.1-10]

Resolves: rhbz#678606 - User information not updated on login for secondary
domains
Resolves: rhbz#678778 - IPA provider does not update removed group
memberships on initgroups

[1.5.1-9]

Resolves: rhbz#678780 - sssd crashes at the next tgt renewals it tries
Resolves: rhbz#678412 - name service caches names, so id command shows
recently deleted users
Resolves: rhbz#678615 - SSSD needs to look at IPA's compat tree for
netgroups

[1.5.1-8]

Related: rhbz#665314 - Rebase SSSD to 1.5 in RHEL 5.7
Fix generation of translated manpages

[1.5.1-7]

Resolves: rhbz#665314 - Rebase SSSD to 1.5 in RHEL 5.7
Resolves: rhbz#676027 - sssd segfault when first entry of ldap_uri is
unreachable
Resolves: rhbz#678032 - Remove HBAC time rules from SSSD
Resolves: rhbz#675007 - sssd corrupts group cache
Resolves: rhbz#608864 - [RFE] Support obfuscated passwords in the SSSD
configuration

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

sssd

1.5.1-37.el5

sssd-client

1.5.1-37.el5

sssd-tools

1.5.1-37.el5

Oracle Linux x86_64

sssd

1.5.1-37.el5

sssd-client

1.5.1-37.el5

sssd-tools

1.5.1-37.el5

Oracle Linux i386

sssd

1.5.1-37.el5

sssd-client

1.5.1-37.el5

sssd-tools

1.5.1-37.el5

Связанные CVE

CVE-2010-4341

Ссылки на источники

Связанные уязвимости

CVE-2010-4341

ubuntu

больше 14 лет назад

The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.

CVE-2010-4341

redhat

больше 14 лет назад

CVE-2010-4341

nvd

больше 14 лет назад

CVE-2010-4341

debian

больше 14 лет назад

The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in ...

GHSA-qfqv-cr9x-27pg

github

около 3 лет назад