openSUSE-SU-2019:0051-1

Опубликовано: 13 янв. 2019

Источник: suse-cvrf

Описание

Security update for sssd

This update for sssd provides the following fixes:

This security issue was fixed:

CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users (bsc#1098377)

These non-security issues were fixed:

Fix a segmentation fault in sss_cache command. (bsc#1072728)
Fix a failure in autofs initialisation sequence upon system boot. (bsc#1010700)
Fix race condition on boot between SSSD and autofs. (bsc#1010700)
Fix a bug where file descriptors were not closed (bsc#1080156)
Fix an issue where sssd logs were not rotated properly (bsc#1080156)
Remove whitespaces from netgroup entries (bsc#1087320)
Remove misleading log messages (bsc#1101877)
exit() the forked process if exec()-ing a child process fails (bsc#1110299)
Do not schedule the machine renewal task if adcli is not executable (bsc#1110299)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.3

libipa_hbac-devel-1.13.4-12.1

libipa_hbac0-1.13.4-12.1

libsss_idmap-devel-1.13.4-12.1

libsss_idmap0-1.13.4-12.1

libsss_nss_idmap-devel-1.13.4-12.1

libsss_nss_idmap0-1.13.4-12.1

libsss_sudo-1.13.4-12.1

python-ipa_hbac-1.13.4-12.1

python-sss_nss_idmap-1.13.4-12.1

python-sssd-config-1.13.4-12.1

sssd-1.13.4-12.1

sssd-32bit-1.13.4-12.1

sssd-ad-1.13.4-12.1

sssd-ipa-1.13.4-12.1

sssd-krb5-1.13.4-12.1

sssd-krb5-common-1.13.4-12.1

sssd-ldap-1.13.4-12.1

sssd-proxy-1.13.4-12.1

sssd-tools-1.13.4-12.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00014.html
E-Mail link for openSUSE-SU-2019:0051-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

Затронутые продукты

openSUSE Leap 42.3:libipa_hbac-devel-1.13.4-12.1

openSUSE Leap 42.3:libipa_hbac0-1.13.4-12.1

openSUSE Leap 42.3:libsss_idmap-devel-1.13.4-12.1

openSUSE Leap 42.3:libsss_idmap0-1.13.4-12.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-10852.html
CVE-2018-10852
https://bugzilla.suse.com/1098377
SUSE Bug 1098377

openSUSE-SU-2019:0051-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-10852

Описание

Затронутые продукты

Ссылки