openSUSE-SU-2017:2942-1

Опубликовано: 07 нояб. 2017

Источник: suse-cvrf

Описание

Security update for sssd

This update for sssd provides the following fixes:

Security issues fixed:

CVE-2017-12173: Fixed unsanitized input when searching in local cache database (bsc#1061832).

Non security issues fixed:

Fixed a segfault issue in ldap_rfc_2307_fallback_to_local_users. (bsc#1055123)
Install /var/lib/sss/mc directory to correct sssd cache invalidation behaviour. (bsc#1039567)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2

libipa_hbac-devel-1.13.4-9.1

libipa_hbac0-1.13.4-9.1

libsss_idmap-devel-1.13.4-9.1

libsss_idmap0-1.13.4-9.1

libsss_nss_idmap-devel-1.13.4-9.1

libsss_nss_idmap0-1.13.4-9.1

libsss_sudo-1.13.4-9.1

python-ipa_hbac-1.13.4-9.1

python-sss_nss_idmap-1.13.4-9.1

python-sssd-config-1.13.4-9.1

sssd-1.13.4-9.1

sssd-32bit-1.13.4-9.1

sssd-ad-1.13.4-9.1

sssd-ipa-1.13.4-9.1

sssd-krb5-1.13.4-9.1

sssd-krb5-common-1.13.4-9.1

sssd-ldap-1.13.4-9.1

sssd-proxy-1.13.4-9.1

sssd-tools-1.13.4-9.1

openSUSE Leap 42.3

libipa_hbac-devel-1.13.4-9.1

libipa_hbac0-1.13.4-9.1

libsss_idmap-devel-1.13.4-9.1

libsss_idmap0-1.13.4-9.1

libsss_nss_idmap-devel-1.13.4-9.1

libsss_nss_idmap0-1.13.4-9.1

libsss_sudo-1.13.4-9.1

python-ipa_hbac-1.13.4-9.1

python-sss_nss_idmap-1.13.4-9.1

python-sssd-config-1.13.4-9.1

sssd-1.13.4-9.1

sssd-32bit-1.13.4-9.1

sssd-ad-1.13.4-9.1

sssd-ipa-1.13.4-9.1

sssd-krb5-1.13.4-9.1

sssd-krb5-common-1.13.4-9.1

sssd-ldap-1.13.4-9.1

sssd-proxy-1.13.4-9.1

sssd-tools-1.13.4-9.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-11/msg00016.html
E-Mail link for openSUSE-SU-2017:2942-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.

Затронутые продукты

openSUSE Leap 42.2:libipa_hbac-devel-1.13.4-9.1

openSUSE Leap 42.2:libipa_hbac0-1.13.4-9.1

openSUSE Leap 42.2:libsss_idmap-devel-1.13.4-9.1

openSUSE Leap 42.2:libsss_idmap0-1.13.4-9.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-12173.html
CVE-2017-12173
https://bugzilla.suse.com/1061832
SUSE Bug 1061832

openSUSE-SU-2017:2942-1

Описание

Список пакетов

openSUSE Leap 42.2

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-12173

Описание

Затронутые продукты

Ссылки