SUSE-SU-2019:1477-1

Опубликовано: 12 июн. 2019

Источник: suse-cvrf

Описание

Security update for sssd

This update for sssd fixes the following issues:

Security issue fixed:

CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194).

Non-security issue fixed:

Create directory to download and cache GPOs (bsc#1132879)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

libipa_hbac0-1.13.4-34.37.1

libsss_idmap0-1.13.4-34.37.1

libsss_nss_idmap0-1.13.4-34.37.1

libsss_sudo-1.13.4-34.37.1

python-sssd-config-1.13.4-34.37.1

sssd-1.13.4-34.37.1

sssd-ad-1.13.4-34.37.1

sssd-ipa-1.13.4-34.37.1

sssd-krb5-1.13.4-34.37.1

sssd-krb5-common-1.13.4-34.37.1

sssd-ldap-1.13.4-34.37.1

sssd-proxy-1.13.4-34.37.1

sssd-tools-1.13.4-34.37.1

SUSE Linux Enterprise Server 12 SP3

libipa_hbac0-1.13.4-34.37.1

libsss_idmap0-1.13.4-34.37.1

libsss_nss_idmap0-1.13.4-34.37.1

libsss_sudo-1.13.4-34.37.1

python-sssd-config-1.13.4-34.37.1

sssd-1.13.4-34.37.1

sssd-ad-1.13.4-34.37.1

sssd-ipa-1.13.4-34.37.1

sssd-krb5-1.13.4-34.37.1

sssd-krb5-common-1.13.4-34.37.1

sssd-ldap-1.13.4-34.37.1

sssd-proxy-1.13.4-34.37.1

sssd-tools-1.13.4-34.37.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libipa_hbac0-1.13.4-34.37.1

libsss_idmap0-1.13.4-34.37.1

libsss_nss_idmap0-1.13.4-34.37.1

libsss_sudo-1.13.4-34.37.1

python-sssd-config-1.13.4-34.37.1

sssd-1.13.4-34.37.1

sssd-ad-1.13.4-34.37.1

sssd-ipa-1.13.4-34.37.1

sssd-krb5-1.13.4-34.37.1

sssd-krb5-common-1.13.4-34.37.1

sssd-ldap-1.13.4-34.37.1

sssd-proxy-1.13.4-34.37.1

sssd-tools-1.13.4-34.37.1

SUSE Linux Enterprise Software Development Kit 12 SP3

libipa_hbac-devel-1.13.4-34.37.1

libsss_idmap-devel-1.13.4-34.37.1

libsss_nss_idmap-devel-1.13.4-34.37.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20191477-1/
Link for SUSE-SU-2019:1477-1
https://lists.suse.com/pipermail/sle-security-updates/2019-June/005550.html
E-Mail link for SUSE-SU-2019:1477-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1124194
SUSE Bug 1124194
https://bugzilla.suse.com/1132879
SUSE Bug 1132879
https://www.suse.com/security/cve/CVE-2018-16838/
SUSE CVE CVE-2018-16838 page

Описание

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP3:libipa_hbac0-1.13.4-34.37.1

SUSE Linux Enterprise Desktop 12 SP3:libsss_idmap0-1.13.4-34.37.1

SUSE Linux Enterprise Desktop 12 SP3:libsss_nss_idmap0-1.13.4-34.37.1

SUSE Linux Enterprise Desktop 12 SP3:libsss_sudo-1.13.4-34.37.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16838.html
CVE-2018-16838
https://bugzilla.suse.com/1124194
SUSE Bug 1124194

SUSE-SU-2019:1477-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP3

Ссылки

Уязвимость: CVE-2018-16838

Описание

Затронутые продукты

Ссылки