ELSA-2018-3158

ELSA-2018-3158 - sssd security, bug fix, and enhancement update

Type:SECURITY
Severity:LOW
Release Date:2018-11-05

Description


[1.16.2-13]
- Resolves: rhbz#1593756 - sssd needs to require a newer version of
libtalloc and libtevent to avoid an issue
in GPO processing

[1.16.2-12]
- Resolves: rhbz#1610667 - sssd_ssh leaks file descriptors when more than one certificate is converted into an SSH key
- Resolves: rhbz#1583360 - The IPA selinux provider can return an error if SELinux is completely disabled

[1.16.2-11]
- Resolves: rhbz#1602781 - Local users failed to login with same password

[1.16.2-10]
- Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped

[1.16.2-9]
- Resolves: rhbz#1522928 - sssd doesnt allow user with expired password

[1.16.2-8]
- Resolves: rhbz#1607313 - When sssd is running as non-root user, the sudo pipe is created as sssd:sssd but then the private pipe ownership fails

[1.16.2-7]
- Resolves: rhbz#1600822 - SSSD bails out saving desktop profiles in case an invalid profile is found

[1.16.2-6]
- Resolves: rhbz#1582975 - The search filter for detecting POSIX attributes in global catalog is too broad and can cause a high load on the servers

[1.16.2-5]
- Resolves: rhbz#1583725 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries
- Resolves: rhbz#1416528 - sssd in cross realm trust configuration should be able to use AD KDCs from a client site defined in sssd.conf or a snippet
- Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd

[1.16.2-4]
- Resolves: rhbz#1590603 - EMBARGOED CVE-2018-10852 sssd: information leak from the sssd-sudo responder [rhel-7]
- Resolves: rhbz#1450778 - Full information regarding priority of lookup of principal in keytab not in man page

[1.16.2-3]
- Resolves: rhbz#1494690 - kdcinfo files are not created for subdomains of a directly joined AD client
- Resolves: rhbz#1583343 - Login with sshkeys stored in ipa not working after update to RHEL-7.5
- Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully
- Resolves: rhbz#1509691 - Document how to change the regular expression for SSSD so that group names with an @-sign can be parsed

[1.16.2-2]
- Related: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch

[1.16.2-1]
- Resolves: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch
- Resolves: rhbz#1523019 - Reset password with two factor authentication fails
- Resolves: rhbz#1534749 - Requesting an AD users private group and then the user itself returns an emty homedir
- Resolves: rhbz#1537272 - SSH public key authentication keeps working after keys are removed from ID view
- Resolves: rhbz#1537279 - Certificate is not removed from cache when its removed from the override
- Resolves: rhbz#1562025 - externalUser sudo attribute must be fully-qualified
- Resolves: rhbz#1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily
- Resolves: rhbz#1508530 - How should sudo behave without sudoHost attribute?
- Resolves: rhbz#1546754 - The man page of sss_ssh_authorizedkeys can be enhanced to better explain how the keys are retrieved and how X.509 certificates can be used
- Resolves: rhbz#1572790 - getgrgid/getpwuid fails in setups with multiple domains if the first domain uses mid_id/max_id
- Resolves: rhbz#1561562 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal
- Resolves: rhbz#1583251 - home dir disappear in sssd cache on the IPA master for AD users
- Resolves: rhbz#1514061 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set
- Resolves: rhbz#1571466 - Utilizing domain_resolution_order in sssd.conf breaks SELinux user map
- Resolves: rhbz#1571526 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.

[1.16.0-25]
- Resolves: rhbz#1547782 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process

[1.16.0-24]
- Related: rhbz#1578291 - Samba can not register sss idmap module because its using an outdated SMB_IDMAP_INTERFACE_VERSION

[1.16.0-23]
- Resolves: rhbz#1578291 - Samba can not register sss idmap module because its using an outdated SMB_IDMAP_INTERFACE_VERSION

[1.16.0-22]
- Resolves: rhbz#1516266 - Give a more detailed debug and system-log message if krb5_init_context() failed
- Resolves: rhbz#1503802 - Smartcard authentication fails if SSSD is offline and 'krb5_store_password_if_offline = True'
- Resolves: rhbz#1385665 - Incorrect error code returned from krb5_child (updated)
- Resolves: rhbz#1547234 - SSSDs GPO code ignores ad_site option
- Resolves: rhbz#1459348 - extend sss-certmap man page regarding priority processing
- Resolves: rhbz#1220767 - Group renaming issue when 'id_provider = ldap' is set
- Resolves: rhbz#1538555 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000]

[1.16.0-21]
- Resolves: rhbz#1565774 - After updating to RHEL 7.5 failing to clear the sssd cache

[1.16.0-20]
- Resolves: rhbz#1566782 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash


Related CVEs


CVE-2018-10852

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) sssd-1.16.2-13.el7.src.rpm856674da8c332817e59f67ceb0fa3727ELBA-2021-0341
libipa_hbac-1.16.2-13.el7.aarch64.rpm0226b2341c50a6c51a4b8f2b73caa9d3ELBA-2021-0341
libipa_hbac-devel-1.16.2-13.el7.aarch64.rpmee393651572d153b84d76c3c9b1b5083ELBA-2021-0341
libsss_autofs-1.16.2-13.el7.aarch64.rpmcf8aae595cc7c539c6b9151302e0a3a1ELBA-2021-0341
libsss_certmap-1.16.2-13.el7.aarch64.rpm5166781084c9340a9c2caaad24d86347ELBA-2021-0341
libsss_certmap-devel-1.16.2-13.el7.aarch64.rpma3537b1cc9cee8bc9a7c9bd657394ae9ELBA-2021-0341
libsss_idmap-1.16.2-13.el7.aarch64.rpmc64ec5f7ca04ef72d27b67411939eed1ELBA-2021-0341
libsss_idmap-devel-1.16.2-13.el7.aarch64.rpme9bddf0a651567dab5689678102ddab1ELBA-2021-0341
libsss_nss_idmap-1.16.2-13.el7.aarch64.rpm94e4c06c20eea90233f3d9c6771481d5ELBA-2021-0341
libsss_nss_idmap-devel-1.16.2-13.el7.aarch64.rpm2aa16fa242dbfd1ad755e00a1285ed11ELBA-2021-0341
libsss_simpleifp-1.16.2-13.el7.aarch64.rpm5a7be873413da91c3c8038783bb0a743ELBA-2021-0341
libsss_simpleifp-devel-1.16.2-13.el7.aarch64.rpm4252a1c7a1c54fa5ec493cabd3af46e8ELBA-2021-0341
libsss_sudo-1.16.2-13.el7.aarch64.rpm0f7e93e44048c4ba8ae145780ba88cacELBA-2021-0341
python-libipa_hbac-1.16.2-13.el7.aarch64.rpmd08f873c8583750504dff5750d854158ELBA-2021-0341
python-libsss_nss_idmap-1.16.2-13.el7.aarch64.rpm1b8bef5bc8e1fc135359007f22982109ELBA-2021-0341
python-sss-1.16.2-13.el7.aarch64.rpm19207d501e7f01a766ec801323a08c15ELBA-2021-0341
python-sss-murmur-1.16.2-13.el7.aarch64.rpm48f321e13778c8f2ad9ff29522802b42ELBA-2021-0341
python-sssdconfig-1.16.2-13.el7.noarch.rpmab546aa5328922a7d689685ca593f376ELBA-2021-0341
sssd-1.16.2-13.el7.aarch64.rpm44153325fd26d4f2d3bae8f9c74be392ELBA-2021-0341
sssd-ad-1.16.2-13.el7.aarch64.rpmb3b31e1f84fbc7d40456e96d47b61b48ELBA-2021-0341
sssd-client-1.16.2-13.el7.aarch64.rpm2f9a4e1faa9b311ae27337a3263754a6ELBA-2021-0341
sssd-common-1.16.2-13.el7.aarch64.rpm1582ec92b98320a8548e4ea97d15c23dELBA-2021-0341
sssd-common-pac-1.16.2-13.el7.aarch64.rpmdd8765b97ee0fc9c4646890c4ca06540ELBA-2021-0341
sssd-dbus-1.16.2-13.el7.aarch64.rpmfc8d9fb7af2323c416400ccf2565bf5dELBA-2021-0341
sssd-ipa-1.16.2-13.el7.aarch64.rpmff34d1c5fde9dd9cb6ea151db145806bELBA-2021-0341
sssd-kcm-1.16.2-13.el7.aarch64.rpm99c9c151ca540f8caaee4cb6da32056cELBA-2021-0341
sssd-krb5-1.16.2-13.el7.aarch64.rpm94c9f490f0de0b21f317dcc6ee2997b8ELBA-2021-0341
sssd-krb5-common-1.16.2-13.el7.aarch64.rpm2e227041db9e6d0ed2a3c67471ee890aELBA-2021-0341
sssd-ldap-1.16.2-13.el7.aarch64.rpme6d7f914ae29fa30f90b37fc75a6ff01ELBA-2021-0341
sssd-libwbclient-1.16.2-13.el7.aarch64.rpm3aba9fa63dd24963fe63f4ce95aecf14ELBA-2021-0341
sssd-libwbclient-devel-1.16.2-13.el7.aarch64.rpmc8b1358ef4e8618a71a90800baadad97ELBA-2021-0341
sssd-polkit-rules-1.16.2-13.el7.aarch64.rpm00dcd97130efd902116b5ba27a19c7aeELBA-2021-0341
sssd-proxy-1.16.2-13.el7.aarch64.rpm5ede76677b4f5b66e53fedeb8927f513ELBA-2021-0341
sssd-tools-1.16.2-13.el7.aarch64.rpm2a27cb53f0296d46b430e07f4f4a839cELBA-2021-0341
sssd-winbind-idmap-1.16.2-13.el7.aarch64.rpm8815e6f2b4af6a20f0b091c626282e67ELBA-2021-0341
Oracle Linux 7 (x86_64) sssd-1.16.2-13.el7.src.rpm856674da8c332817e59f67ceb0fa3727ELBA-2021-0341
libipa_hbac-1.16.2-13.el7.i686.rpm7011264e9be54aaf30c2c8ee4e4c659bELBA-2021-0341
libipa_hbac-1.16.2-13.el7.x86_64.rpm50054ea15d4e11f008764d601ab21090ELBA-2021-0341
libipa_hbac-devel-1.16.2-13.el7.i686.rpmd203f948ad9919f8a48619d0f75892d8ELBA-2021-0341
libipa_hbac-devel-1.16.2-13.el7.x86_64.rpm8376ba80544bd085670b3cadb45002a8ELBA-2021-0341
libsss_autofs-1.16.2-13.el7.x86_64.rpmb2c5e77c5c2c7b4336bb2de7216b3269ELBA-2021-0341
libsss_certmap-1.16.2-13.el7.i686.rpm8bf8f1cde0523e98e66833710512ba2bELBA-2021-0341
libsss_certmap-1.16.2-13.el7.x86_64.rpm9da2381b0fb3bfb8ffd01f0800cfd157ELBA-2021-0341
libsss_certmap-devel-1.16.2-13.el7.i686.rpmbd850e44eb0c9e0cf90032583a4456a8ELBA-2021-0341
libsss_certmap-devel-1.16.2-13.el7.x86_64.rpma0c8da8eeaceeeaadd621ad6ee1b61dfELBA-2021-0341
libsss_idmap-1.16.2-13.el7.i686.rpm2a05af38cb912c90a6138120cc61831bELBA-2021-0341
libsss_idmap-1.16.2-13.el7.x86_64.rpmd95bcc54994ce7010cd980ff374515b0ELBA-2021-0341
libsss_idmap-devel-1.16.2-13.el7.i686.rpm277d52ebc1f1d707902e67cb36a0706dELBA-2021-0341
libsss_idmap-devel-1.16.2-13.el7.x86_64.rpm7d9395ced973438b38af5a3c1af0c16fELBA-2021-0341
libsss_nss_idmap-1.16.2-13.el7.i686.rpmd9cfc7a869e7b63ae980f15f853316c0ELBA-2021-0341
libsss_nss_idmap-1.16.2-13.el7.x86_64.rpmd0f701d85bd85f9fdd76ace0a3933bc2ELBA-2021-0341
libsss_nss_idmap-devel-1.16.2-13.el7.i686.rpmcc0f069643a808a058628dab402268e3ELBA-2021-0341
libsss_nss_idmap-devel-1.16.2-13.el7.x86_64.rpm921c8da4e3d6850140707962bda8fbe2ELBA-2021-0341
libsss_simpleifp-1.16.2-13.el7.i686.rpm020897d5c71bd795baf68f33ffb3dd2bELBA-2021-0341
libsss_simpleifp-1.16.2-13.el7.x86_64.rpme81798f0f58898ebc28cb961e4d31ee7ELBA-2021-0341
libsss_simpleifp-devel-1.16.2-13.el7.i686.rpm7da56ae45b1d2d3744e0ec038009f29fELBA-2021-0341
libsss_simpleifp-devel-1.16.2-13.el7.x86_64.rpm10ba0c0b48114c7a94620ad9642f5eb9ELBA-2021-0341
libsss_sudo-1.16.2-13.el7.x86_64.rpm38719efb17317ea4dcf2fe58afcacb28ELBA-2021-0341
python-libipa_hbac-1.16.2-13.el7.x86_64.rpme1d726c9653e68e83bbf99720af98f3bELBA-2021-0341
python-libsss_nss_idmap-1.16.2-13.el7.x86_64.rpme7511eea8ab2418f51481a91ba05b2d7ELBA-2021-0341
python-sss-1.16.2-13.el7.x86_64.rpm994f18532fd25cbfed628f814479b1c9ELBA-2021-0341
python-sss-murmur-1.16.2-13.el7.x86_64.rpm644ec38d10c58d4c29f2064985ca966aELBA-2021-0341
python-sssdconfig-1.16.2-13.el7.noarch.rpmab546aa5328922a7d689685ca593f376ELBA-2021-0341
sssd-1.16.2-13.el7.x86_64.rpm6f6f23d92855de3caf4fe6dd979122cdELBA-2021-0341
sssd-ad-1.16.2-13.el7.x86_64.rpm1fe89d6bbb281fa589d28e7f1c9876dbELBA-2021-0341
sssd-client-1.16.2-13.el7.i686.rpmdd28f4e898b14f31a0ff6b139741be29ELBA-2021-0341
sssd-client-1.16.2-13.el7.x86_64.rpm6a3a661e4b26d0a1c0dfb0d7c036d5daELBA-2021-0341
sssd-common-1.16.2-13.el7.x86_64.rpm180be4d19531f2c0a956db8ed656847cELBA-2021-0341
sssd-common-pac-1.16.2-13.el7.x86_64.rpmdfc76fab79b588613a5610e09ced4287ELBA-2021-0341
sssd-dbus-1.16.2-13.el7.x86_64.rpm4cffd57a5af72d0ba4c4ccf2e099603dELBA-2021-0341
sssd-ipa-1.16.2-13.el7.x86_64.rpmc946583b28d1eb30983f5a29cba8041bELBA-2021-0341
sssd-kcm-1.16.2-13.el7.x86_64.rpm71454950ff5414597e3be5afa52a40a1ELBA-2021-0341
sssd-krb5-1.16.2-13.el7.x86_64.rpmf2b64e5fe4fcb0b5c35102c174714c34ELBA-2021-0341
sssd-krb5-common-1.16.2-13.el7.x86_64.rpm1678f180d3998a8a575c5f032bb42a57ELBA-2021-0341
sssd-ldap-1.16.2-13.el7.x86_64.rpme10886ea52d3919fecfbde679815a5d2ELBA-2021-0341
sssd-libwbclient-1.16.2-13.el7.x86_64.rpmb1d2387eb7466d5e6358488c27f35621ELBA-2021-0341
sssd-libwbclient-devel-1.16.2-13.el7.i686.rpm3f2a7388fe683985a7aeecc42eacd520ELBA-2021-0341
sssd-libwbclient-devel-1.16.2-13.el7.x86_64.rpm091ddd2d964ef131bed50bf7421d741dELBA-2021-0341
sssd-polkit-rules-1.16.2-13.el7.x86_64.rpmba0d6b6c8a6ba6b95b4aad50865bb87dELBA-2021-0341
sssd-proxy-1.16.2-13.el7.x86_64.rpm226db9713b94b65efcceb2d002a25c03ELBA-2021-0341
sssd-tools-1.16.2-13.el7.x86_64.rpm34d08646e182d42bbd64b49cd8f186bdELBA-2021-0341
sssd-winbind-idmap-1.16.2-13.el7.x86_64.rpm330296e16a60bd63b3aee01db7e0ee03ELBA-2021-0341



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete