Security update for sssd

Announcement ID:	SUSE-SU-2019:0542-1
Rating:	moderate
References:	bsc#1004220 bsc#1087320 bsc#1120852 bsc#1121759 bsc#1125277
Cross-References:	CVE-2019-3811
CVSS scores:	CVE-2019-3811 ( SUSE ): 4.1 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVE-2019-3811 ( NVD ): 5.2 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2019-3811 ( NVD ): 4.1 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Affected Products:	Basesystem Module 15 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that solves one vulnerability and has four security fixes can now be installed.

Description:

This update for sssd fixes the following issues:

Security vulnerability addresed:

• CVE-2019-3811: Fix fallback_homedir returning '/' for empty home directories (bsc#1121759)

Other bug fixes and changes:

• Install logrotate configuration (bsc#1004220)
• Align systemd service file with upstream, run interactive and change service type to notify (bsc#1120852)
• Fix sssd not starting in foreground mode (bsc#1125277)
• Strip whitespaces in netgroup triples (bsc#1087320)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Basesystem Module 15
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-542=1

Package List:

• Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
  • sssd-wbclient-devel-1.16.1-3.15.1
  • libsss_idmap-devel-1.16.1-3.15.1
  • sssd-ldap-debuginfo-1.16.1-3.15.1
  • sssd-debugsource-1.16.1-3.15.1
  • libsss_idmap0-1.16.1-3.15.1
  • python3-sssd-config-1.16.1-3.15.1
  • sssd-ipa-1.16.1-3.15.1
  • libsss_certmap-devel-1.16.1-3.15.1
  • sssd-proxy-1.16.1-3.15.1
  • libsss_simpleifp-devel-1.16.1-3.15.1
  • libsss_simpleifp0-1.16.1-3.15.1
  • sssd-krb5-debuginfo-1.16.1-3.15.1
  • libsss_nss_idmap-devel-1.16.1-3.15.1
  • sssd-dbus-debuginfo-1.16.1-3.15.1
  • libsss_nss_idmap0-debuginfo-1.16.1-3.15.1
  • sssd-ad-1.16.1-3.15.1
  • libsss_certmap0-1.16.1-3.15.1
  • libsss_certmap0-debuginfo-1.16.1-3.15.1
  • libipa_hbac-devel-1.16.1-3.15.1
  • sssd-ad-debuginfo-1.16.1-3.15.1
  • libipa_hbac0-debuginfo-1.16.1-3.15.1
  • sssd-debuginfo-1.16.1-3.15.1
  • libsss_simpleifp0-debuginfo-1.16.1-3.15.1
  • sssd-1.16.1-3.15.1
  • sssd-krb5-common-1.16.1-3.15.1
  • libsss_nss_idmap0-1.16.1-3.15.1
  • libipa_hbac0-1.16.1-3.15.1
  • sssd-ldap-1.16.1-3.15.1
  • sssd-wbclient-1.16.1-3.15.1
  • sssd-wbclient-debuginfo-1.16.1-3.15.1
  • libsss_idmap0-debuginfo-1.16.1-3.15.1
  • python3-sssd-config-debuginfo-1.16.1-3.15.1
  • sssd-tools-debuginfo-1.16.1-3.15.1
  • sssd-krb5-common-debuginfo-1.16.1-3.15.1
  • sssd-tools-1.16.1-3.15.1
  • sssd-proxy-debuginfo-1.16.1-3.15.1
  • sssd-ipa-debuginfo-1.16.1-3.15.1
  • sssd-krb5-1.16.1-3.15.1
  • sssd-dbus-1.16.1-3.15.1
• Basesystem Module 15 (x86_64)
  • sssd-32bit-debuginfo-1.16.1-3.15.1
  • sssd-32bit-1.16.1-3.15.1

References:

• https://www.suse.com/security/cve/CVE-2019-3811.html
• https://bugzilla.suse.com/show_bug.cgi?id=1004220
• https://bugzilla.suse.com/show_bug.cgi?id=1087320
• https://bugzilla.suse.com/show_bug.cgi?id=1120852
• https://bugzilla.suse.com/show_bug.cgi?id=1121759
• https://bugzilla.suse.com/show_bug.cgi?id=1125277