SUSE-SU-2017:2937-1

Опубликовано: 06 нояб. 2017

Источник: suse-cvrf

Описание

Security update for sssd

This update for sssd provides the following fixes:

Security issues fixed:

CVE-2017-12173: Fixed unsanitized input when searching in local cache database (bsc#1061832).

Non security issues fixed:

Fixed a segfault issue in ldap_rfc_2307_fallback_to_local_users. (bsc#1055123)
Install /var/lib/sss/mc directory to correct sssd cache invalidation behaviour. (bsc#1039567)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

libipa_hbac0-1.13.4-34.7.1

libsss_idmap0-1.13.4-34.7.1

libsss_sudo-1.13.4-34.7.1

python-sssd-config-1.13.4-34.7.1

sssd-1.13.4-34.7.1

sssd-32bit-1.13.4-34.7.1

sssd-ad-1.13.4-34.7.1

sssd-ipa-1.13.4-34.7.1

sssd-krb5-1.13.4-34.7.1

sssd-krb5-common-1.13.4-34.7.1

sssd-ldap-1.13.4-34.7.1

sssd-proxy-1.13.4-34.7.1

sssd-tools-1.13.4-34.7.1

SUSE Linux Enterprise Desktop 12 SP3

libipa_hbac0-1.13.4-34.7.1

libsss_idmap0-1.13.4-34.7.1

libsss_nss_idmap0-1.13.4-34.7.1

libsss_sudo-1.13.4-34.7.1

python-sssd-config-1.13.4-34.7.1

sssd-1.13.4-34.7.1

sssd-32bit-1.13.4-34.7.1

sssd-ad-1.13.4-34.7.1

sssd-ipa-1.13.4-34.7.1

sssd-krb5-1.13.4-34.7.1

sssd-krb5-common-1.13.4-34.7.1

sssd-ldap-1.13.4-34.7.1

sssd-proxy-1.13.4-34.7.1

sssd-tools-1.13.4-34.7.1

SUSE Linux Enterprise Server 12 SP2

libipa_hbac0-1.13.4-34.7.1

libsss_idmap0-1.13.4-34.7.1

libsss_sudo-1.13.4-34.7.1

python-sssd-config-1.13.4-34.7.1

sssd-1.13.4-34.7.1

sssd-32bit-1.13.4-34.7.1

sssd-ad-1.13.4-34.7.1

sssd-ipa-1.13.4-34.7.1

sssd-krb5-1.13.4-34.7.1

sssd-krb5-common-1.13.4-34.7.1

sssd-ldap-1.13.4-34.7.1

sssd-proxy-1.13.4-34.7.1

sssd-tools-1.13.4-34.7.1

SUSE Linux Enterprise Server 12 SP3

libipa_hbac0-1.13.4-34.7.1

libsss_idmap0-1.13.4-34.7.1

libsss_nss_idmap0-1.13.4-34.7.1

libsss_sudo-1.13.4-34.7.1

python-sssd-config-1.13.4-34.7.1

sssd-1.13.4-34.7.1

sssd-32bit-1.13.4-34.7.1

sssd-ad-1.13.4-34.7.1

sssd-ipa-1.13.4-34.7.1

sssd-krb5-1.13.4-34.7.1

sssd-krb5-common-1.13.4-34.7.1

sssd-ldap-1.13.4-34.7.1

sssd-proxy-1.13.4-34.7.1

sssd-tools-1.13.4-34.7.1

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

libipa_hbac0-1.13.4-34.7.1

libsss_idmap0-1.13.4-34.7.1

libsss_sudo-1.13.4-34.7.1

python-sssd-config-1.13.4-34.7.1

sssd-1.13.4-34.7.1

sssd-ad-1.13.4-34.7.1

sssd-ipa-1.13.4-34.7.1

sssd-krb5-1.13.4-34.7.1

sssd-krb5-common-1.13.4-34.7.1

sssd-ldap-1.13.4-34.7.1

sssd-proxy-1.13.4-34.7.1

sssd-tools-1.13.4-34.7.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

libipa_hbac0-1.13.4-34.7.1

libsss_idmap0-1.13.4-34.7.1

libsss_sudo-1.13.4-34.7.1

python-sssd-config-1.13.4-34.7.1

sssd-1.13.4-34.7.1

sssd-32bit-1.13.4-34.7.1

sssd-ad-1.13.4-34.7.1

sssd-ipa-1.13.4-34.7.1

sssd-krb5-1.13.4-34.7.1

sssd-krb5-common-1.13.4-34.7.1

sssd-ldap-1.13.4-34.7.1

sssd-proxy-1.13.4-34.7.1

sssd-tools-1.13.4-34.7.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libipa_hbac0-1.13.4-34.7.1

libsss_idmap0-1.13.4-34.7.1

libsss_nss_idmap0-1.13.4-34.7.1

libsss_sudo-1.13.4-34.7.1

python-sssd-config-1.13.4-34.7.1

sssd-1.13.4-34.7.1

sssd-32bit-1.13.4-34.7.1

sssd-ad-1.13.4-34.7.1

sssd-ipa-1.13.4-34.7.1

sssd-krb5-1.13.4-34.7.1

sssd-krb5-common-1.13.4-34.7.1

sssd-ldap-1.13.4-34.7.1

sssd-proxy-1.13.4-34.7.1

sssd-tools-1.13.4-34.7.1

SUSE Linux Enterprise Software Development Kit 12 SP2

libipa_hbac-devel-1.13.4-34.7.1

libsss_idmap-devel-1.13.4-34.7.1

libsss_nss_idmap-devel-1.13.4-34.7.1

libsss_nss_idmap0-1.13.4-34.7.1

SUSE Linux Enterprise Software Development Kit 12 SP3

libipa_hbac-devel-1.13.4-34.7.1

libsss_idmap-devel-1.13.4-34.7.1

libsss_nss_idmap-devel-1.13.4-34.7.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20172937-1/
Link for SUSE-SU-2017:2937-1
https://lists.suse.com/pipermail/sle-security-updates/2017-November/003377.html
E-Mail link for SUSE-SU-2017:2937-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1039567
SUSE Bug 1039567
https://bugzilla.suse.com/1055123
SUSE Bug 1055123
https://bugzilla.suse.com/1061832
SUSE Bug 1061832
https://www.suse.com/security/cve/CVE-2017-12173/
SUSE CVE CVE-2017-12173 page

Описание

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:libipa_hbac0-1.13.4-34.7.1

SUSE Linux Enterprise Desktop 12 SP2:libsss_idmap0-1.13.4-34.7.1

SUSE Linux Enterprise Desktop 12 SP2:libsss_sudo-1.13.4-34.7.1

SUSE Linux Enterprise Desktop 12 SP2:python-sssd-config-1.13.4-34.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-12173.html
CVE-2017-12173
https://bugzilla.suse.com/1061832
SUSE Bug 1061832

SUSE-SU-2017:2937-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Server 12 SP2

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP2

SUSE Linux Enterprise Software Development Kit 12 SP3

Ссылки

Уязвимость: CVE-2017-12173

Описание

Затронутые продукты

Ссылки