Описание
Security update for sssd
This update for sssd provides the following fixes:
This security issue was fixed:
- CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users (bsc#1098377)
These non-security issues were fixed:
- Fix a segmentation fault in sss_cache command. (bsc#1072728)
- Fix a failure in autofs initialisation sequence upon system boot. (bsc#1010700)
- Fix race condition on boot between SSSD and autofs. (bsc#1010700)
- Fix a bug where file descriptors were not closed (bsc#1080156)
- Fix an issue where sssd logs were not rotated properly (bsc#1080156)
- Remove whitespaces from netgroup entries (bsc#1087320)
- Remove misleading log messages (bsc#1101877)
- exit() the forked process if exec()-ing a child process fails (bsc#1110299)
- Do not schedule the machine renewal task if adcli is not executable (bsc#1110299)
Список пакетов
SUSE Enterprise Storage 4
libipa_hbac0-1.13.4-34.23.1
libsss_idmap0-1.13.4-34.23.1
libsss_sudo-1.13.4-34.23.1
python-sssd-config-1.13.4-34.23.1
sssd-1.13.4-34.23.1
sssd-32bit-1.13.4-34.23.1
sssd-ad-1.13.4-34.23.1
sssd-ipa-1.13.4-34.23.1
sssd-krb5-1.13.4-34.23.1
sssd-krb5-common-1.13.4-34.23.1
sssd-ldap-1.13.4-34.23.1
sssd-proxy-1.13.4-34.23.1
sssd-tools-1.13.4-34.23.1
SUSE Linux Enterprise Desktop 12 SP3
libipa_hbac0-1.13.4-34.23.1
libsss_idmap0-1.13.4-34.23.1
libsss_nss_idmap0-1.13.4-34.23.1
libsss_sudo-1.13.4-34.23.1
python-sssd-config-1.13.4-34.23.1
sssd-1.13.4-34.23.1
sssd-32bit-1.13.4-34.23.1
sssd-ad-1.13.4-34.23.1
sssd-ipa-1.13.4-34.23.1
sssd-krb5-1.13.4-34.23.1
sssd-krb5-common-1.13.4-34.23.1
sssd-ldap-1.13.4-34.23.1
sssd-proxy-1.13.4-34.23.1
sssd-tools-1.13.4-34.23.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libipa_hbac0-1.13.4-34.23.1
libsss_idmap0-1.13.4-34.23.1
libsss_sudo-1.13.4-34.23.1
python-sssd-config-1.13.4-34.23.1
sssd-1.13.4-34.23.1
sssd-32bit-1.13.4-34.23.1
sssd-ad-1.13.4-34.23.1
sssd-ipa-1.13.4-34.23.1
sssd-krb5-1.13.4-34.23.1
sssd-krb5-common-1.13.4-34.23.1
sssd-ldap-1.13.4-34.23.1
sssd-proxy-1.13.4-34.23.1
sssd-tools-1.13.4-34.23.1
SUSE Linux Enterprise Server 12 SP3
libipa_hbac0-1.13.4-34.23.1
libsss_idmap0-1.13.4-34.23.1
libsss_nss_idmap0-1.13.4-34.23.1
libsss_sudo-1.13.4-34.23.1
python-sssd-config-1.13.4-34.23.1
sssd-1.13.4-34.23.1
sssd-32bit-1.13.4-34.23.1
sssd-ad-1.13.4-34.23.1
sssd-ipa-1.13.4-34.23.1
sssd-krb5-1.13.4-34.23.1
sssd-krb5-common-1.13.4-34.23.1
sssd-ldap-1.13.4-34.23.1
sssd-proxy-1.13.4-34.23.1
sssd-tools-1.13.4-34.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libipa_hbac0-1.13.4-34.23.1
libsss_idmap0-1.13.4-34.23.1
libsss_sudo-1.13.4-34.23.1
python-sssd-config-1.13.4-34.23.1
sssd-1.13.4-34.23.1
sssd-32bit-1.13.4-34.23.1
sssd-ad-1.13.4-34.23.1
sssd-ipa-1.13.4-34.23.1
sssd-krb5-1.13.4-34.23.1
sssd-krb5-common-1.13.4-34.23.1
sssd-ldap-1.13.4-34.23.1
sssd-proxy-1.13.4-34.23.1
sssd-tools-1.13.4-34.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libipa_hbac0-1.13.4-34.23.1
libsss_idmap0-1.13.4-34.23.1
libsss_nss_idmap0-1.13.4-34.23.1
libsss_sudo-1.13.4-34.23.1
python-sssd-config-1.13.4-34.23.1
sssd-1.13.4-34.23.1
sssd-32bit-1.13.4-34.23.1
sssd-ad-1.13.4-34.23.1
sssd-ipa-1.13.4-34.23.1
sssd-krb5-1.13.4-34.23.1
sssd-krb5-common-1.13.4-34.23.1
sssd-ldap-1.13.4-34.23.1
sssd-proxy-1.13.4-34.23.1
sssd-tools-1.13.4-34.23.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libipa_hbac-devel-1.13.4-34.23.1
libsss_idmap-devel-1.13.4-34.23.1
libsss_nss_idmap-devel-1.13.4-34.23.1
SUSE OpenStack Cloud 7
libipa_hbac0-1.13.4-34.23.1
libsss_idmap0-1.13.4-34.23.1
libsss_sudo-1.13.4-34.23.1
python-sssd-config-1.13.4-34.23.1
sssd-1.13.4-34.23.1
sssd-32bit-1.13.4-34.23.1
sssd-ad-1.13.4-34.23.1
sssd-ipa-1.13.4-34.23.1
sssd-krb5-1.13.4-34.23.1
sssd-krb5-common-1.13.4-34.23.1
sssd-ldap-1.13.4-34.23.1
sssd-proxy-1.13.4-34.23.1
sssd-tools-1.13.4-34.23.1
Ссылки
- Link for SUSE-SU-2019:0081-1
- E-Mail link for SUSE-SU-2019:0081-1
- SUSE Security Ratings
- SUSE Bug 1010700
- SUSE Bug 1072728
- SUSE Bug 1080156
- SUSE Bug 1087320
- SUSE Bug 1098377
- SUSE Bug 1101877
- SUSE Bug 1110299
- SUSE CVE CVE-2018-10852 page
Описание
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
Затронутые продукты
SUSE Enterprise Storage 4:libipa_hbac0-1.13.4-34.23.1
SUSE Enterprise Storage 4:libsss_idmap0-1.13.4-34.23.1
SUSE Enterprise Storage 4:libsss_sudo-1.13.4-34.23.1
SUSE Enterprise Storage 4:python-sssd-config-1.13.4-34.23.1
Ссылки
- CVE-2018-10852
- SUSE Bug 1098377