Описание
Security update for sssd
This update for sssd fixes the following issues:
Security vulnerability fixed:
- CVE-2019-3811: Fix fallback_homedir returning '/' for empty home directories (bsc#1121759)
Other bug fixes and changes:
- Skip sdap_save_grpmem() if ignore_group_members is set. (bsc#1082568)
- Only search for primary group if it is not already cached (bsc#1082568)
- Install /var/lib/sss/mc directory to correct sssd cache invalidation behaviour. Spec patch authored by Josef Cejka. (bsc#1039567) to fix a segfault in sudo provider (bsc#977224).
- Fix a segfault in sss_cache (bsc#976038).
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
libipa_hbac0-1.11.5.1-10.16.1
libsss_idmap0-1.11.5.1-10.16.1
libsss_sudo-1.11.5.1-10.16.1
python-sssd-config-1.11.5.1-10.16.1
sssd-1.11.5.1-10.16.1
sssd-32bit-1.11.5.1-10.16.1
sssd-ad-1.11.5.1-10.16.1
sssd-ipa-1.11.5.1-10.16.1
sssd-krb5-1.11.5.1-10.16.1
sssd-krb5-common-1.11.5.1-10.16.1
sssd-ldap-1.11.5.1-10.16.1
sssd-proxy-1.11.5.1-10.16.1
sssd-tools-1.11.5.1-10.16.1
Ссылки
- Link for SUSE-SU-2019:0552-1
- E-Mail link for SUSE-SU-2019:0552-1
- SUSE Security Ratings
- SUSE Bug 1039567
- SUSE Bug 1082568
- SUSE Bug 1121759
- SUSE Bug 976038
- SUSE Bug 977224
- SUSE CVE CVE-2019-3811 page
Описание
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libipa_hbac0-1.11.5.1-10.16.1
SUSE Linux Enterprise Server 12-LTSS:libsss_idmap0-1.11.5.1-10.16.1
SUSE Linux Enterprise Server 12-LTSS:libsss_sudo-1.11.5.1-10.16.1
SUSE Linux Enterprise Server 12-LTSS:python-sssd-config-1.11.5.1-10.16.1
Ссылки
- CVE-2019-3811
- SUSE Bug 1121759