ELSA-2019-2177

ELSA-2019-2177 - sssd security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2019-08-13

Description


[1.16.4-21]
- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization
- Rebuild japanese gmo file explicitly

[1.16.4-20]
- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization

[1.16.4-19]
- Resolves: rhbz#1707959 - sssd does not properly check GSS-SPNEGO

[1.16.4-18]
- Resolves: rhbz#1710286 - The server error message is not returned if
password change fails

[1.16.4-17]
- Resolves: rhbz#1711832 - The files provider does not handle resetOffline
properly

[1.16.4-16]
- Resolves: rhbz#1707759 - Error accessing files on samba share randomly

[1.16.4-15]
- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains
/trusts

[1.16.4-14]
- Resolves: rhbz#1684979 - The HBAC code requires dereference to be enabled
and fails otherwise

[1.16.4-12]
- Resolves: rhbz#1576524 - RHEL STIG pointing sssd Packaging issue
- This was partially fixed by the rebase, but one
spec file change was missing.

[1.16.4-12]
- Resolves: rhbz#1524566 - FIPS mode breaks using pysss.so (sss_obfuscate)

[1.16.4-11]
- Resolves: rhbz#1350012 - kinit / sssd kerberos fail over
- Resolves: rhbz#720688 - [RFE] return multiple server addresses to the
Kerberos locator plugin

[1.16.4-10]
- Resolves: rhbz#1402056 - [RFE] Make 2FA prompting configurable

[1.16.4-9]
- Resolves: rhbz#1666819 - SSSD can trigger a NSS lookup when parsing the
filter_users/groups lists on startup, this can
block the startup

[1.16.4-8]
- Resolves: rhbz#1645461 - Slow ldb search causes blocking during startup
which might cause the registration to time out

[1.16.4-7]
- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover
subdomains / trusts

[1.16.4-6]
- Resolves: rhbz#1671138 - User is unable to perform sudo as a user on IPA
Server, even though 'sudo -l' shows permissions
to do so

[1.16.4-5]
- Resolves: rhbz#1657806 - [RFE]: Optionally disable generating auto private
groups for subdomains of an AD provider

[1.16.4-4]
- Resolves: rhbz#1641131 - [RFE] Need an option in SSSD so that it will skip
GPOs that have groupPolicyContainers, unreadable
by SSSD.
- Resolves: rhbz#1660874 - CVE-2018-16838 sssd: improper implementation of
GPOs due to too restrictive permissions [rhel-7]

[1.16.4-3]
- Resolves: rhbz#1631656 - KCM: kinit: Matching credential not found while
getting default ccache

[1.16.4-2]
- Resolves: rhbz#1406678 - sssd service is starting before network service
- Resolves: rhbz#1616853 - SSSD always boots in Offline mode

[1.16.4-1]
- Resolves: rhbz#1658994 - Rebase SSSD to 1.16.x

[1.16.2-17]
- Resolves: rhbz#1603311 - Enable generating user private groups only for
users with uid == gid where gid does not
correspond to a real LDAP group

[1.16.2-16]
- Resolves: rhbz#1602172 - SSSDs LDAP authentication provider does not work
if ID provider is authenticated with GSSAPI

[1.16.2-15]
- Resolves: rhbz#1622109 - SSSD not fetching all sudo rules from AD

[1.16.2-14]
- Resolves: rhbz#1619706 - sssd only sets the SELinux login context if it
differs from the default


Related CVEs


CVE-2018-16838
CVE-2019-3811

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) sssd-1.16.4-21.el7.src.rpm7849d10fc41efa26c62372b64ecbc1a7-
libipa_hbac-1.16.4-21.el7.aarch64.rpmfa04244b9278973369a0c1a6de4565a4-
libipa_hbac-devel-1.16.4-21.el7.aarch64.rpm27f0348271bc3c5abcdc6e73fd5058fd-
libsss_autofs-1.16.4-21.el7.aarch64.rpm81468337472eb323e8a212d4ddbcc9a3-
libsss_certmap-1.16.4-21.el7.aarch64.rpm7d2f48b04440776bb15e18fde102f991-
libsss_certmap-devel-1.16.4-21.el7.aarch64.rpm084f0113f12d52a9d25fb44ebaae3372-
libsss_idmap-1.16.4-21.el7.aarch64.rpm4a367a3c496b9fb738b6ff7eee662cfd-
libsss_idmap-devel-1.16.4-21.el7.aarch64.rpmb212acbded1a5f51c89f2e0479ec5496-
libsss_nss_idmap-1.16.4-21.el7.aarch64.rpmf038d5d3f9c4e45c4a43742ae7ab5939-
libsss_nss_idmap-devel-1.16.4-21.el7.aarch64.rpmd477ca55268a8a18b6c9ff53cd62a23f-
libsss_simpleifp-1.16.4-21.el7.aarch64.rpmd031eb856d07c0afb7593fee16ac402d-
libsss_simpleifp-devel-1.16.4-21.el7.aarch64.rpm375884f5857f982d6e501069df2454e2-
libsss_sudo-1.16.4-21.el7.aarch64.rpm2a226dbee8e7414e7d494fa0c57872a4-
python-libipa_hbac-1.16.4-21.el7.aarch64.rpmc8dd902c44fb1a1910362c20fe7f2301-
python-libsss_nss_idmap-1.16.4-21.el7.aarch64.rpm9d7368c4f20d676677d7e730cb61810f-
python-sss-1.16.4-21.el7.aarch64.rpmc5224ff78fa94143890226ae712fab96-
python-sss-murmur-1.16.4-21.el7.aarch64.rpmb453c69a3d3daa7cffdab9412bc80044-
python-sssdconfig-1.16.4-21.el7.noarch.rpmbb267686d73d424d047d86b88a5414bf-
sssd-1.16.4-21.el7.aarch64.rpmfa1a2f6174eb3101a6ba62171ba4b0a5-
sssd-ad-1.16.4-21.el7.aarch64.rpmd387d994109085358f689da05128e2f0-
sssd-client-1.16.4-21.el7.aarch64.rpma88172bb1a7c84ce7d5437adf4e3ee5f-
sssd-common-1.16.4-21.el7.aarch64.rpm8afd35701304f52ba11e1571c4ed0023-
sssd-common-pac-1.16.4-21.el7.aarch64.rpmb3474e5e3b4376d56462b40e4fe1b171-
sssd-dbus-1.16.4-21.el7.aarch64.rpm4662b73f3ae8cc90f31518e56412a961-
sssd-ipa-1.16.4-21.el7.aarch64.rpm2eeebbf91aaac85aeeda0daae706cf3c-
sssd-kcm-1.16.4-21.el7.aarch64.rpm833af672977ea05d4875e983794b3b4e-
sssd-krb5-1.16.4-21.el7.aarch64.rpma606626f2056b851122510f1dbc5fb2b-
sssd-krb5-common-1.16.4-21.el7.aarch64.rpm191684102d7d2e78e5ad68a7e47806e7-
sssd-ldap-1.16.4-21.el7.aarch64.rpm9aed69af514890476828a0b5864be155-
sssd-libwbclient-1.16.4-21.el7.aarch64.rpm92c2cd3f054f32bd82513e4dc89d4c79-
sssd-libwbclient-devel-1.16.4-21.el7.aarch64.rpm8906d7cc73ca65190c9650ec075faec2-
sssd-polkit-rules-1.16.4-21.el7.aarch64.rpm76fbe2a4c54749ebd0daac89aabc91d7-
sssd-proxy-1.16.4-21.el7.aarch64.rpm2c20627d84fc58f851981328844e7629-
sssd-tools-1.16.4-21.el7.aarch64.rpm3aa4de9f5a9de00ef3c957d0269660ee-
sssd-winbind-idmap-1.16.4-21.el7.aarch64.rpm96f2207e041666497cd1d7d9e98084d5-
Oracle Linux 7 (x86_64) sssd-1.16.4-21.el7.src.rpm7849d10fc41efa26c62372b64ecbc1a7-
libipa_hbac-1.16.4-21.el7.i686.rpm0ab762e5c4e2b26e6cc3ddd8816a2f33-
libipa_hbac-1.16.4-21.el7.x86_64.rpmfccde55f070ee45c37f389d0957080a2-
libipa_hbac-devel-1.16.4-21.el7.i686.rpm7f5b89e068e3d1d1d7a2620024ca232b-
libipa_hbac-devel-1.16.4-21.el7.x86_64.rpm1735829d79d8e975e8458d9604b9870d-
libsss_autofs-1.16.4-21.el7.x86_64.rpm3aa155dcd33d0e312ace0bed1db2ecdd-
libsss_certmap-1.16.4-21.el7.i686.rpm87791a9ec2e909b2d576212bb21fb208-
libsss_certmap-1.16.4-21.el7.x86_64.rpm53d2fc1b9d8c617fc357943aa3b105a0-
libsss_certmap-devel-1.16.4-21.el7.i686.rpm7b35e02346da10b5b4c4c512a44ecc52-
libsss_certmap-devel-1.16.4-21.el7.x86_64.rpm07d480d3938ab044cf2c51e4db4557b4-
libsss_idmap-1.16.4-21.el7.i686.rpm1968e52c26273aed74848ce08ca7aa0e-
libsss_idmap-1.16.4-21.el7.x86_64.rpm9cffb6ca1909c94575d88e98b201ed04-
libsss_idmap-devel-1.16.4-21.el7.i686.rpm53c49d4ec652fd9006f902769254bc9a-
libsss_idmap-devel-1.16.4-21.el7.x86_64.rpmaf86e97e7d10d4677611deb23c01da41-
libsss_nss_idmap-1.16.4-21.el7.i686.rpm9c0dc891a71ae09ac6f8f3d31f860296-
libsss_nss_idmap-1.16.4-21.el7.x86_64.rpmaa0d582a22a9e3d5708d02cc7b552c73-
libsss_nss_idmap-devel-1.16.4-21.el7.i686.rpm4b6ed1890eb9291ffb4f87b33186908d-
libsss_nss_idmap-devel-1.16.4-21.el7.x86_64.rpma3690d46496e795c5e69b32a582855ab-
libsss_simpleifp-1.16.4-21.el7.i686.rpm269f6b1ed2cd74214db19c75cbabdeea-
libsss_simpleifp-1.16.4-21.el7.x86_64.rpm659a30911464d539d1ba79d064504f95-
libsss_simpleifp-devel-1.16.4-21.el7.i686.rpm0ee2939278462fec127846885eb08139-
libsss_simpleifp-devel-1.16.4-21.el7.x86_64.rpm6801cc629678c5cd57f4f3c5082e277e-
libsss_sudo-1.16.4-21.el7.x86_64.rpmb35e4ed3b07c73fca382c89db128dbcb-
python-libipa_hbac-1.16.4-21.el7.x86_64.rpm3f023809774f36c6ca22d7a8b062336f-
python-libsss_nss_idmap-1.16.4-21.el7.x86_64.rpmd6cad56f27de408711a06aac40084ea8-
python-sss-1.16.4-21.el7.x86_64.rpm18b45a3ed0e9ebf12563d0fa0dc2ebac-
python-sss-murmur-1.16.4-21.el7.x86_64.rpm21c4d6b1de9fff247dc5c1b4ddb1e6c0-
python-sssdconfig-1.16.4-21.el7.noarch.rpmbb267686d73d424d047d86b88a5414bf-
sssd-1.16.4-21.el7.x86_64.rpm2c4d1f57eb521209c35e7c1e6705c648-
sssd-ad-1.16.4-21.el7.x86_64.rpm996c16f4db9fa9b4dee258692088efbd-
sssd-client-1.16.4-21.el7.i686.rpm3db18272c5462805e50adf329013e505-
sssd-client-1.16.4-21.el7.x86_64.rpm4f1a83935b04ee4555e6eba34df5ce0e-
sssd-common-1.16.4-21.el7.x86_64.rpmb49d94017513fe38f267e7816cdc6ef3-
sssd-common-pac-1.16.4-21.el7.x86_64.rpmd266a3eade2c923991c5d38746b94af7-
sssd-dbus-1.16.4-21.el7.x86_64.rpm8ec458fa532b0d9c4453ddbde571138c-
sssd-ipa-1.16.4-21.el7.x86_64.rpmb4637bcecd197b7f6049d34a06674707-
sssd-kcm-1.16.4-21.el7.x86_64.rpm96e05e7081a4d8d698acfba1697eec48-
sssd-krb5-1.16.4-21.el7.x86_64.rpmd29eb9ef7a7ca14f945d80a4454d8786-
sssd-krb5-common-1.16.4-21.el7.x86_64.rpm6db3b1b881cc6d62f66cd27ac7e0001b-
sssd-ldap-1.16.4-21.el7.x86_64.rpmf8e3c18192176e00d1bfd3773e9cae8a-
sssd-libwbclient-1.16.4-21.el7.x86_64.rpm2fc83c56f56e8689a6d6d486e5755862-
sssd-libwbclient-devel-1.16.4-21.el7.i686.rpmae7422a19131352a2cf3001e78e04d6f-
sssd-libwbclient-devel-1.16.4-21.el7.x86_64.rpm12e840a56024d8b4fa68330da4eed708-
sssd-polkit-rules-1.16.4-21.el7.x86_64.rpmae672eb238be63213ff134ea9fe4e77f-
sssd-proxy-1.16.4-21.el7.x86_64.rpm3a1e3a1cbe47a1e139b9c368bff98239-
sssd-tools-1.16.4-21.el7.x86_64.rpm3db254eb68187cc5a819341cd76ed2ba-
sssd-winbind-idmap-1.16.4-21.el7.x86_64.rpm85133424a3b6002620789fb936b12c21-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete