Описание
ELSA-2017-3379: sssd security and bug fix update (MODERATE)
[1.15.2-50.8]
- Resolves: rhbz#1508972 - Accessing IdM kerberos ticket fails while id mapping is applied [rhel-7.4.z]
- Resolves: rhbz#1509177 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss [rhel-7.4.z]
[1.15.2-50.7]
- Resolves: rhbz#1506142 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) [rhel-7.4.z]
- Resolves: rhbz#1506682 - sssd_client: add mutex protected call to the PAC responder [rhel-7.4.z]
- Resolves: rhbz#1499658 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.4.z]
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
libipa_hbac
1.15.2-50.el7_4.8
libipa_hbac-devel
1.15.2-50.el7_4.8
libsss_autofs
1.15.2-50.el7_4.8
libsss_certmap
1.15.2-50.el7_4.8
libsss_certmap-devel
1.15.2-50.el7_4.8
libsss_idmap
1.15.2-50.el7_4.8
libsss_idmap-devel
1.15.2-50.el7_4.8
libsss_nss_idmap
1.15.2-50.el7_4.8
libsss_nss_idmap-devel
1.15.2-50.el7_4.8
libsss_simpleifp
1.15.2-50.el7_4.8
libsss_simpleifp-devel
1.15.2-50.el7_4.8
libsss_sudo
1.15.2-50.el7_4.8
python-libipa_hbac
1.15.2-50.el7_4.8
python-libsss_nss_idmap
1.15.2-50.el7_4.8
python-sss
1.15.2-50.el7_4.8
python-sss-murmur
1.15.2-50.el7_4.8
python-sssdconfig
1.15.2-50.el7_4.8
sssd
1.15.2-50.el7_4.8
sssd-ad
1.15.2-50.el7_4.8
sssd-client
1.15.2-50.el7_4.8
sssd-common
1.15.2-50.el7_4.8
sssd-common-pac
1.15.2-50.el7_4.8
sssd-dbus
1.15.2-50.el7_4.8
sssd-ipa
1.15.2-50.el7_4.8
sssd-kcm
1.15.2-50.el7_4.8
sssd-krb5
1.15.2-50.el7_4.8
sssd-krb5-common
1.15.2-50.el7_4.8
sssd-ldap
1.15.2-50.el7_4.8
sssd-libwbclient
1.15.2-50.el7_4.8
sssd-libwbclient-devel
1.15.2-50.el7_4.8
sssd-polkit-rules
1.15.2-50.el7_4.8
sssd-proxy
1.15.2-50.el7_4.8
sssd-tools
1.15.2-50.el7_4.8
sssd-winbind-idmap
1.15.2-50.el7_4.8
Oracle Linux x86_64
libipa_hbac
1.15.2-50.el7_4.8
libipa_hbac-devel
1.15.2-50.el7_4.8
libsss_autofs
1.15.2-50.el7_4.8
libsss_certmap
1.15.2-50.el7_4.8
libsss_certmap-devel
1.15.2-50.el7_4.8
libsss_idmap
1.15.2-50.el7_4.8
libsss_idmap-devel
1.15.2-50.el7_4.8
libsss_nss_idmap
1.15.2-50.el7_4.8
libsss_nss_idmap-devel
1.15.2-50.el7_4.8
libsss_simpleifp
1.15.2-50.el7_4.8
libsss_simpleifp-devel
1.15.2-50.el7_4.8
libsss_sudo
1.15.2-50.el7_4.8
python-libipa_hbac
1.15.2-50.el7_4.8
python-libsss_nss_idmap
1.15.2-50.el7_4.8
python-sss
1.15.2-50.el7_4.8
python-sss-murmur
1.15.2-50.el7_4.8
python-sssdconfig
1.15.2-50.el7_4.8
sssd
1.15.2-50.el7_4.8
sssd-ad
1.15.2-50.el7_4.8
sssd-client
1.15.2-50.el7_4.8
sssd-common
1.15.2-50.el7_4.8
sssd-common-pac
1.15.2-50.el7_4.8
sssd-dbus
1.15.2-50.el7_4.8
sssd-ipa
1.15.2-50.el7_4.8
sssd-kcm
1.15.2-50.el7_4.8
sssd-krb5
1.15.2-50.el7_4.8
sssd-krb5-common
1.15.2-50.el7_4.8
sssd-ldap
1.15.2-50.el7_4.8
sssd-libwbclient
1.15.2-50.el7_4.8
sssd-libwbclient-devel
1.15.2-50.el7_4.8
sssd-polkit-rules
1.15.2-50.el7_4.8
sssd-proxy
1.15.2-50.el7_4.8
sssd-tools
1.15.2-50.el7_4.8
sssd-winbind-idmap
1.15.2-50.el7_4.8
Связанные CVE
Связанные уязвимости
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
It was found that sssd's sysdb_search_user_by_upn_res() function befor ...
