Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0556-1

Опубликовано: 06 мар. 2019
Источник: suse-cvrf

Описание

Security update for sssd

This update for sssd fixes the following issues:

Security vulnerabilities addressed:

  • Fix fallback_homedir returning '/' for empty home directories (CVE-2019-3811) (bsc#1121759)
  • Create sockets with right permissions (bsc#1098377, CVE-2018-10852)

Other bug fixes and changes:

  • Install logrotate configuration (bsc#1004220)
  • Strip whitespaces in netgroup triples (bsc#1087320)
  • Align systemd service file with upstream
    • Run interactive and change service type to notify (bsc#1120852)
    • Replace deprecated '-f' and use '--logger'

Список пакетов

SUSE Linux Enterprise Desktop 12 SP4
libipa_hbac0-1.16.1-4.3.2
libsss_certmap0-1.16.1-4.3.2
libsss_idmap0-1.16.1-4.3.2
libsss_nss_idmap0-1.16.1-4.3.2
libsss_simpleifp0-1.16.1-4.3.2
python-sssd-config-1.16.1-4.3.2
sssd-1.16.1-4.3.2
sssd-32bit-1.16.1-4.3.2
sssd-ad-1.16.1-4.3.2
sssd-ipa-1.16.1-4.3.2
sssd-krb5-1.16.1-4.3.2
sssd-krb5-common-1.16.1-4.3.2
sssd-ldap-1.16.1-4.3.2
sssd-proxy-1.16.1-4.3.2
sssd-tools-1.16.1-4.3.2
SUSE Linux Enterprise Server 12 SP4
libipa_hbac0-1.16.1-4.3.2
libsss_certmap0-1.16.1-4.3.2
libsss_idmap0-1.16.1-4.3.2
libsss_nss_idmap0-1.16.1-4.3.2
libsss_simpleifp0-1.16.1-4.3.2
python-sssd-config-1.16.1-4.3.2
sssd-1.16.1-4.3.2
sssd-32bit-1.16.1-4.3.2
sssd-ad-1.16.1-4.3.2
sssd-ipa-1.16.1-4.3.2
sssd-krb5-1.16.1-4.3.2
sssd-krb5-common-1.16.1-4.3.2
sssd-ldap-1.16.1-4.3.2
sssd-proxy-1.16.1-4.3.2
sssd-tools-1.16.1-4.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libipa_hbac0-1.16.1-4.3.2
libsss_certmap0-1.16.1-4.3.2
libsss_idmap0-1.16.1-4.3.2
libsss_nss_idmap0-1.16.1-4.3.2
libsss_simpleifp0-1.16.1-4.3.2
python-sssd-config-1.16.1-4.3.2
sssd-1.16.1-4.3.2
sssd-32bit-1.16.1-4.3.2
sssd-ad-1.16.1-4.3.2
sssd-ipa-1.16.1-4.3.2
sssd-krb5-1.16.1-4.3.2
sssd-krb5-common-1.16.1-4.3.2
sssd-ldap-1.16.1-4.3.2
sssd-proxy-1.16.1-4.3.2
sssd-tools-1.16.1-4.3.2
SUSE Linux Enterprise Software Development Kit 12 SP4
libipa_hbac-devel-1.16.1-4.3.2
libsss_idmap-devel-1.16.1-4.3.2
libsss_nss_idmap-devel-1.16.1-4.3.2

Ссылки

Описание

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libipa_hbac0-1.16.1-4.3.2
SUSE Linux Enterprise Desktop 12 SP4:libsss_certmap0-1.16.1-4.3.2
SUSE Linux Enterprise Desktop 12 SP4:libsss_idmap0-1.16.1-4.3.2
SUSE Linux Enterprise Desktop 12 SP4:libsss_nss_idmap0-1.16.1-4.3.2
Ссылки

Описание

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libipa_hbac0-1.16.1-4.3.2
SUSE Linux Enterprise Desktop 12 SP4:libsss_certmap0-1.16.1-4.3.2
SUSE Linux Enterprise Desktop 12 SP4:libsss_idmap0-1.16.1-4.3.2
SUSE Linux Enterprise Desktop 12 SP4:libsss_nss_idmap0-1.16.1-4.3.2
Ссылки