openSUSE-SU-2019:0344-1

Опубликовано: 23 мар. 2019

Источник: suse-cvrf

Описание

Security update for sssd

This update for sssd fixes the following issues:

Security vulnerability addresed:

CVE-2019-3811: Fix fallback_homedir returning '/' for empty home directories (bsc#1121759)

Other bug fixes and changes:

Install logrotate configuration (bsc#1004220)
Align systemd service file with upstream, run interactive and change service type to notify (bsc#1120852)
Fix sssd not starting in foreground mode (bsc#1125277)
Strip whitespaces in netgroup triples (bsc#1087320)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

adcli-0.8.2-lp150.4.1

adcli-doc-0.8.2-lp150.4.1

libipa_hbac-devel-1.16.1-lp150.2.9.1

libipa_hbac0-1.16.1-lp150.2.9.1

libnfsidmap-sss-1.16.1-lp150.2.9.1

libsss_certmap-devel-1.16.1-lp150.2.9.1

libsss_certmap0-1.16.1-lp150.2.9.1

libsss_idmap-devel-1.16.1-lp150.2.9.1

libsss_idmap0-1.16.1-lp150.2.9.1

libsss_nss_idmap-devel-1.16.1-lp150.2.9.1

libsss_nss_idmap0-1.16.1-lp150.2.9.1

libsss_simpleifp-devel-1.16.1-lp150.2.9.1

libsss_simpleifp0-1.16.1-lp150.2.9.1

python3-ipa_hbac-1.16.1-lp150.2.9.1

python3-sss-murmur-1.16.1-lp150.2.9.1

python3-sss_nss_idmap-1.16.1-lp150.2.9.1

python3-sssd-config-1.16.1-lp150.2.9.1

sssd-1.16.1-lp150.2.9.1

sssd-32bit-1.16.1-lp150.2.9.1

sssd-ad-1.16.1-lp150.2.9.1

sssd-dbus-1.16.1-lp150.2.9.1

sssd-ipa-1.16.1-lp150.2.9.1

sssd-krb5-1.16.1-lp150.2.9.1

sssd-krb5-common-1.16.1-lp150.2.9.1

sssd-ldap-1.16.1-lp150.2.9.1

sssd-proxy-1.16.1-lp150.2.9.1

sssd-tools-1.16.1-lp150.2.9.1

sssd-wbclient-1.16.1-lp150.2.9.1

sssd-wbclient-devel-1.16.1-lp150.2.9.1

sssd-winbind-idmap-1.16.1-lp150.2.9.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NT6ZEFQ4B6JZKL6AAQC6N4XDZ2JOD7Z3/#NT6ZEFQ4B6JZKL6AAQC6N4XDZ2JOD7Z3
E-Mail link for openSUSE-SU-2019:0344-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1004220
SUSE Bug 1004220
https://bugzilla.suse.com/1087320
SUSE Bug 1087320
https://bugzilla.suse.com/1120852
SUSE Bug 1120852
https://bugzilla.suse.com/1121759
SUSE Bug 1121759
https://bugzilla.suse.com/1125277
SUSE Bug 1125277
https://www.suse.com/security/cve/CVE-2019-3811/
SUSE CVE CVE-2019-3811 page

Описание

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

Затронутые продукты

openSUSE Leap 15.0:adcli-0.8.2-lp150.4.1

openSUSE Leap 15.0:adcli-doc-0.8.2-lp150.4.1

openSUSE Leap 15.0:libipa_hbac-devel-1.16.1-lp150.2.9.1

openSUSE Leap 15.0:libipa_hbac0-1.16.1-lp150.2.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-3811.html
CVE-2019-3811
https://bugzilla.suse.com/1121759
SUSE Bug 1121759

openSUSE-SU-2019:0344-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-3811

Описание

Затронутые продукты

Ссылки