Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-2177

Опубликовано: 13 авг. 2019
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2019-2177: sssd security, bug fix, and enhancement update (MODERATE)

[1.16.4-21]

  • Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization
  • Rebuild japanese gmo file explicitly

[1.16.4-20]

  • Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization

[1.16.4-19]

  • Resolves: rhbz#1707959 - sssd does not properly check GSS-SPNEGO

[1.16.4-18]

  • Resolves: rhbz#1710286 - The server error message is not returned if password change fails

[1.16.4-17]

  • Resolves: rhbz#1711832 - The files provider does not handle resetOffline properly

[1.16.4-16]

  • Resolves: rhbz#1707759 - Error accessing files on samba share randomly

[1.16.4-15]

  • Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains /trusts

[1.16.4-14]

  • Resolves: rhbz#1684979 - The HBAC code requires dereference to be enabled and fails otherwise

[1.16.4-12]

  • Resolves: rhbz#1576524 - RHEL STIG pointing sssd Packaging issue - This was partially fixed by the rebase, but one spec file change was missing.

[1.16.4-12]

  • Resolves: rhbz#1524566 - FIPS mode breaks using pysss.so (sss_obfuscate)

[1.16.4-11]

  • Resolves: rhbz#1350012 - kinit / sssd kerberos fail over
  • Resolves: rhbz#720688 - [RFE] return multiple server addresses to the Kerberos locator plugin

[1.16.4-10]

  • Resolves: rhbz#1402056 - [RFE] Make 2FA prompting configurable

[1.16.4-9]

  • Resolves: rhbz#1666819 - SSSD can trigger a NSS lookup when parsing the filter_users/groups lists on startup, this can block the startup

[1.16.4-8]

  • Resolves: rhbz#1645461 - Slow ldb search causes blocking during startup which might cause the registration to time out

[1.16.4-7]

  • Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains / trusts

[1.16.4-6]

  • Resolves: rhbz#1671138 - User is unable to perform sudo as a user on IPA Server, even though 'sudo -l' shows permissions to do so

[1.16.4-5]

  • Resolves: rhbz#1657806 - [RFE]: Optionally disable generating auto private groups for subdomains of an AD provider

[1.16.4-4]

  • Resolves: rhbz#1641131 - [RFE] Need an option in SSSD so that it will skip GPOs that have groupPolicyContainers, unreadable by SSSD.
  • Resolves: rhbz#1660874 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions [rhel-7]

[1.16.4-3]

  • Resolves: rhbz#1631656 - KCM: kinit: Matching credential not found while getting default ccache

[1.16.4-2]

  • Resolves: rhbz#1406678 - sssd service is starting before network service
  • Resolves: rhbz#1616853 - SSSD always boots in Offline mode

[1.16.4-1]

  • Resolves: rhbz#1658994 - Rebase SSSD to 1.16.x

[1.16.2-17]

  • Resolves: rhbz#1603311 - Enable generating user private groups only for users with uid == gid where gid does not correspond to a real LDAP group

[1.16.2-16]

  • Resolves: rhbz#1602172 - SSSDs LDAP authentication provider does not work if ID provider is authenticated with GSSAPI

[1.16.2-15]

  • Resolves: rhbz#1622109 - SSSD not fetching all sudo rules from AD

[1.16.2-14]

  • Resolves: rhbz#1619706 - sssd only sets the SELinux login context if it differs from the default

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

libipa_hbac

1.16.4-21.el7

libipa_hbac-devel

1.16.4-21.el7

libsss_autofs

1.16.4-21.el7

libsss_certmap

1.16.4-21.el7

libsss_certmap-devel

1.16.4-21.el7

libsss_idmap

1.16.4-21.el7

libsss_idmap-devel

1.16.4-21.el7

libsss_nss_idmap

1.16.4-21.el7

libsss_nss_idmap-devel

1.16.4-21.el7

libsss_simpleifp

1.16.4-21.el7

libsss_simpleifp-devel

1.16.4-21.el7

libsss_sudo

1.16.4-21.el7

python-libipa_hbac

1.16.4-21.el7

python-libsss_nss_idmap

1.16.4-21.el7

python-sss

1.16.4-21.el7

python-sss-murmur

1.16.4-21.el7

python-sssdconfig

1.16.4-21.el7

sssd

1.16.4-21.el7

sssd-ad

1.16.4-21.el7

sssd-client

1.16.4-21.el7

sssd-common

1.16.4-21.el7

sssd-common-pac

1.16.4-21.el7

sssd-dbus

1.16.4-21.el7

sssd-ipa

1.16.4-21.el7

sssd-kcm

1.16.4-21.el7

sssd-krb5

1.16.4-21.el7

sssd-krb5-common

1.16.4-21.el7

sssd-ldap

1.16.4-21.el7

sssd-libwbclient

1.16.4-21.el7

sssd-libwbclient-devel

1.16.4-21.el7

sssd-polkit-rules

1.16.4-21.el7

sssd-proxy

1.16.4-21.el7

sssd-tools

1.16.4-21.el7

sssd-winbind-idmap

1.16.4-21.el7

Oracle Linux x86_64

libipa_hbac

1.16.4-21.el7

libipa_hbac-devel

1.16.4-21.el7

libsss_autofs

1.16.4-21.el7

libsss_certmap

1.16.4-21.el7

libsss_certmap-devel

1.16.4-21.el7

libsss_idmap

1.16.4-21.el7

libsss_idmap-devel

1.16.4-21.el7

libsss_nss_idmap

1.16.4-21.el7

libsss_nss_idmap-devel

1.16.4-21.el7

libsss_simpleifp

1.16.4-21.el7

libsss_simpleifp-devel

1.16.4-21.el7

libsss_sudo

1.16.4-21.el7

python-libipa_hbac

1.16.4-21.el7

python-libsss_nss_idmap

1.16.4-21.el7

python-sss

1.16.4-21.el7

python-sss-murmur

1.16.4-21.el7

python-sssdconfig

1.16.4-21.el7

sssd

1.16.4-21.el7

sssd-ad

1.16.4-21.el7

sssd-client

1.16.4-21.el7

sssd-common

1.16.4-21.el7

sssd-common-pac

1.16.4-21.el7

sssd-dbus

1.16.4-21.el7

sssd-ipa

1.16.4-21.el7

sssd-kcm

1.16.4-21.el7

sssd-krb5

1.16.4-21.el7

sssd-krb5-common

1.16.4-21.el7

sssd-ldap

1.16.4-21.el7

sssd-libwbclient

1.16.4-21.el7

sssd-libwbclient-devel

1.16.4-21.el7

sssd-polkit-rules

1.16.4-21.el7

sssd-proxy

1.16.4-21.el7

sssd-tools

1.16.4-21.el7

sssd-winbind-idmap

1.16.4-21.el7

Связанные CVE

CVE-2018-16838
CVE-2019-3811

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2019-3811

CVSS3: 5.2
ubuntu
около 7 лет назад

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

redhat логотип

CVE-2019-3811

CVSS3: 4.1
redhat
около 7 лет назад

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

nvd логотип

CVE-2019-3811

CVSS3: 5.2
nvd
около 7 лет назад

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

debian логотип

CVE-2019-3811

CVSS3: 5.2
debian
около 7 лет назад

A vulnerability was found in sssd. If a user was configured with no ho ...

ubuntu логотип

CVE-2018-16838

CVSS3: 5.4
ubuntu
почти 7 лет назад

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.