Security update for sssd
| Announcement ID: | SUSE-SU-2019:0081-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves one vulnerability and has six security fixes can now be installed.
Description:
This update for sssd provides the following fixes:
This security issue was fixed:
- CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users (bsc#1098377)
These non-security issues were fixed:
- Fix a segmentation fault in sss_cache command. (bsc#1072728)
- Fix a failure in autofs initialisation sequence upon system boot. (bsc#1010700)
- Fix race condition on boot between SSSD and autofs. (bsc#1010700)
- Fix a bug where file descriptors were not closed (bsc#1080156)
- Fix an issue where sssd logs were not rotated properly (bsc#1080156)
- Remove whitespaces from netgroup entries (bsc#1087320)
- Remove misleading log messages (bsc#1101877)
- exit() the forked process if exec()-ing a child process fails (bsc#1110299)
- Do not schedule the machine renewal task if adcli is not executable (bsc#1110299)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE OpenStack Cloud 7
zypper in -t patch SUSE-OpenStack-Cloud-7-2019-81=1 -
SUSE Linux Enterprise Desktop 12 SP3
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-81=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP2
zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-81=1 -
SUSE Linux Enterprise Software Development Kit 12 SP3
zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-81=1 -
SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-81=1 -
SUSE Linux Enterprise Server 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-81=1 -
SUSE Linux Enterprise High Performance Computing 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-81=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-81=1 -
SUSE Enterprise Storage 4
zypper in -t patch SUSE-Storage-4-2019-81=1
Package List:
-
SUSE OpenStack Cloud 7 (x86_64)
- sssd-tools-1.13.4-34.23.1
- libipa_hbac0-1.13.4-34.23.1
- sssd-krb5-1.13.4-34.23.1
- python-sssd-config-1.13.4-34.23.1
- libipa_hbac0-debuginfo-1.13.4-34.23.1
- python-sssd-config-debuginfo-1.13.4-34.23.1
- sssd-32bit-1.13.4-34.23.1
- libsss_sudo-debuginfo-1.13.4-34.23.1
- libsss_idmap0-debuginfo-1.13.4-34.23.1
- sssd-debuginfo-32bit-1.13.4-34.23.1
- sssd-debugsource-1.13.4-34.23.1
- sssd-ad-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-debuginfo-1.13.4-34.23.1
- sssd-ipa-1.13.4-34.23.1
- sssd-tools-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-1.13.4-34.23.1
- libsss_idmap0-1.13.4-34.23.1
- sssd-debuginfo-1.13.4-34.23.1
- sssd-1.13.4-34.23.1
- sssd-ad-1.13.4-34.23.1
- sssd-ldap-1.13.4-34.23.1
- sssd-ipa-debuginfo-1.13.4-34.23.1
- sssd-krb5-debuginfo-1.13.4-34.23.1
- sssd-ldap-debuginfo-1.13.4-34.23.1
- sssd-proxy-1.13.4-34.23.1
- libsss_sudo-1.13.4-34.23.1
- sssd-proxy-debuginfo-1.13.4-34.23.1
-
SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
- sssd-tools-1.13.4-34.23.1
- libipa_hbac0-1.13.4-34.23.1
- sssd-krb5-1.13.4-34.23.1
- python-sssd-config-1.13.4-34.23.1
- libsss_nss_idmap0-1.13.4-34.23.1
- libipa_hbac0-debuginfo-1.13.4-34.23.1
- libsss_nss_idmap0-debuginfo-1.13.4-34.23.1
- python-sssd-config-debuginfo-1.13.4-34.23.1
- sssd-32bit-1.13.4-34.23.1
- libsss_sudo-debuginfo-1.13.4-34.23.1
- libsss_idmap0-debuginfo-1.13.4-34.23.1
- sssd-debuginfo-32bit-1.13.4-34.23.1
- sssd-debugsource-1.13.4-34.23.1
- sssd-ad-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-debuginfo-1.13.4-34.23.1
- sssd-ipa-1.13.4-34.23.1
- sssd-tools-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-1.13.4-34.23.1
- libsss_idmap0-1.13.4-34.23.1
- sssd-debuginfo-1.13.4-34.23.1
- sssd-1.13.4-34.23.1
- sssd-ad-1.13.4-34.23.1
- sssd-ldap-1.13.4-34.23.1
- sssd-ipa-debuginfo-1.13.4-34.23.1
- sssd-krb5-debuginfo-1.13.4-34.23.1
- sssd-ldap-debuginfo-1.13.4-34.23.1
- sssd-proxy-1.13.4-34.23.1
- libsss_sudo-1.13.4-34.23.1
- sssd-proxy-debuginfo-1.13.4-34.23.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
- sssd-tools-1.13.4-34.23.1
- libipa_hbac0-1.13.4-34.23.1
- sssd-krb5-1.13.4-34.23.1
- python-sssd-config-1.13.4-34.23.1
- libipa_hbac0-debuginfo-1.13.4-34.23.1
- python-sssd-config-debuginfo-1.13.4-34.23.1
- libsss_sudo-debuginfo-1.13.4-34.23.1
- libsss_idmap0-debuginfo-1.13.4-34.23.1
- sssd-debugsource-1.13.4-34.23.1
- sssd-ad-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-debuginfo-1.13.4-34.23.1
- sssd-ipa-1.13.4-34.23.1
- sssd-tools-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-1.13.4-34.23.1
- libsss_idmap0-1.13.4-34.23.1
- sssd-debuginfo-1.13.4-34.23.1
- sssd-1.13.4-34.23.1
- sssd-ad-1.13.4-34.23.1
- sssd-ldap-1.13.4-34.23.1
- sssd-ipa-debuginfo-1.13.4-34.23.1
- sssd-krb5-debuginfo-1.13.4-34.23.1
- sssd-ldap-debuginfo-1.13.4-34.23.1
- sssd-proxy-1.13.4-34.23.1
- libsss_sudo-1.13.4-34.23.1
- sssd-proxy-debuginfo-1.13.4-34.23.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64)
- sssd-32bit-1.13.4-34.23.1
- sssd-debuginfo-32bit-1.13.4-34.23.1
-
SUSE Linux Enterprise Software Development Kit 12 SP3 (aarch64 ppc64le s390x x86_64)
- libsss_nss_idmap-devel-1.13.4-34.23.1
- sssd-debugsource-1.13.4-34.23.1
- sssd-debuginfo-1.13.4-34.23.1
- libsss_idmap-devel-1.13.4-34.23.1
- libipa_hbac-devel-1.13.4-34.23.1
-
SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (ppc64le s390x x86_64)
- sssd-tools-1.13.4-34.23.1
- libipa_hbac0-1.13.4-34.23.1
- sssd-krb5-1.13.4-34.23.1
- python-sssd-config-1.13.4-34.23.1
- libipa_hbac0-debuginfo-1.13.4-34.23.1
- python-sssd-config-debuginfo-1.13.4-34.23.1
- libsss_sudo-debuginfo-1.13.4-34.23.1
- libsss_idmap0-debuginfo-1.13.4-34.23.1
- sssd-debugsource-1.13.4-34.23.1
- sssd-ad-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-debuginfo-1.13.4-34.23.1
- sssd-ipa-1.13.4-34.23.1
- sssd-tools-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-1.13.4-34.23.1
- libsss_idmap0-1.13.4-34.23.1
- sssd-debuginfo-1.13.4-34.23.1
- sssd-1.13.4-34.23.1
- sssd-ad-1.13.4-34.23.1
- sssd-ldap-1.13.4-34.23.1
- sssd-ipa-debuginfo-1.13.4-34.23.1
- sssd-krb5-debuginfo-1.13.4-34.23.1
- sssd-ldap-debuginfo-1.13.4-34.23.1
- sssd-proxy-1.13.4-34.23.1
- libsss_sudo-1.13.4-34.23.1
- sssd-proxy-debuginfo-1.13.4-34.23.1
-
SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (s390x x86_64)
- sssd-32bit-1.13.4-34.23.1
- sssd-debuginfo-32bit-1.13.4-34.23.1
-
SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
- sssd-tools-1.13.4-34.23.1
- libipa_hbac0-1.13.4-34.23.1
- sssd-krb5-1.13.4-34.23.1
- python-sssd-config-1.13.4-34.23.1
- libsss_nss_idmap0-1.13.4-34.23.1
- libipa_hbac0-debuginfo-1.13.4-34.23.1
- libsss_nss_idmap0-debuginfo-1.13.4-34.23.1
- python-sssd-config-debuginfo-1.13.4-34.23.1
- libsss_sudo-debuginfo-1.13.4-34.23.1
- libsss_idmap0-debuginfo-1.13.4-34.23.1
- sssd-debugsource-1.13.4-34.23.1
- sssd-ad-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-debuginfo-1.13.4-34.23.1
- sssd-ipa-1.13.4-34.23.1
- sssd-tools-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-1.13.4-34.23.1
- libsss_idmap0-1.13.4-34.23.1
- sssd-debuginfo-1.13.4-34.23.1
- sssd-1.13.4-34.23.1
- sssd-ad-1.13.4-34.23.1
- sssd-ldap-1.13.4-34.23.1
- sssd-ipa-debuginfo-1.13.4-34.23.1
- sssd-krb5-debuginfo-1.13.4-34.23.1
- sssd-ldap-debuginfo-1.13.4-34.23.1
- sssd-proxy-1.13.4-34.23.1
- libsss_sudo-1.13.4-34.23.1
- sssd-proxy-debuginfo-1.13.4-34.23.1
-
SUSE Linux Enterprise Server 12 SP3 (s390x x86_64)
- sssd-32bit-1.13.4-34.23.1
- sssd-debuginfo-32bit-1.13.4-34.23.1
-
SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
- sssd-tools-1.13.4-34.23.1
- libipa_hbac0-1.13.4-34.23.1
- sssd-krb5-1.13.4-34.23.1
- python-sssd-config-1.13.4-34.23.1
- libsss_nss_idmap0-1.13.4-34.23.1
- libipa_hbac0-debuginfo-1.13.4-34.23.1
- libsss_nss_idmap0-debuginfo-1.13.4-34.23.1
- python-sssd-config-debuginfo-1.13.4-34.23.1
- libsss_sudo-debuginfo-1.13.4-34.23.1
- libsss_idmap0-debuginfo-1.13.4-34.23.1
- sssd-debugsource-1.13.4-34.23.1
- sssd-ad-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-debuginfo-1.13.4-34.23.1
- sssd-ipa-1.13.4-34.23.1
- sssd-tools-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-1.13.4-34.23.1
- libsss_idmap0-1.13.4-34.23.1
- sssd-debuginfo-1.13.4-34.23.1
- sssd-1.13.4-34.23.1
- sssd-ad-1.13.4-34.23.1
- sssd-ldap-1.13.4-34.23.1
- sssd-ipa-debuginfo-1.13.4-34.23.1
- sssd-krb5-debuginfo-1.13.4-34.23.1
- sssd-ldap-debuginfo-1.13.4-34.23.1
- sssd-proxy-1.13.4-34.23.1
- libsss_sudo-1.13.4-34.23.1
- sssd-proxy-debuginfo-1.13.4-34.23.1
-
SUSE Linux Enterprise High Performance Computing 12 SP3 (x86_64)
- sssd-32bit-1.13.4-34.23.1
- sssd-debuginfo-32bit-1.13.4-34.23.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
- sssd-tools-1.13.4-34.23.1
- libipa_hbac0-1.13.4-34.23.1
- sssd-krb5-1.13.4-34.23.1
- python-sssd-config-1.13.4-34.23.1
- libsss_nss_idmap0-1.13.4-34.23.1
- libipa_hbac0-debuginfo-1.13.4-34.23.1
- libsss_nss_idmap0-debuginfo-1.13.4-34.23.1
- python-sssd-config-debuginfo-1.13.4-34.23.1
- libsss_sudo-debuginfo-1.13.4-34.23.1
- libsss_idmap0-debuginfo-1.13.4-34.23.1
- sssd-debugsource-1.13.4-34.23.1
- sssd-ad-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-debuginfo-1.13.4-34.23.1
- sssd-ipa-1.13.4-34.23.1
- sssd-tools-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-1.13.4-34.23.1
- libsss_idmap0-1.13.4-34.23.1
- sssd-debuginfo-1.13.4-34.23.1
- sssd-1.13.4-34.23.1
- sssd-ad-1.13.4-34.23.1
- sssd-ldap-1.13.4-34.23.1
- sssd-ipa-debuginfo-1.13.4-34.23.1
- sssd-krb5-debuginfo-1.13.4-34.23.1
- sssd-ldap-debuginfo-1.13.4-34.23.1
- sssd-proxy-1.13.4-34.23.1
- libsss_sudo-1.13.4-34.23.1
- sssd-proxy-debuginfo-1.13.4-34.23.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP3 (x86_64)
- sssd-32bit-1.13.4-34.23.1
- sssd-debuginfo-32bit-1.13.4-34.23.1
-
SUSE Enterprise Storage 4 (x86_64)
- sssd-tools-1.13.4-34.23.1
- libipa_hbac0-1.13.4-34.23.1
- sssd-krb5-1.13.4-34.23.1
- python-sssd-config-1.13.4-34.23.1
- libipa_hbac0-debuginfo-1.13.4-34.23.1
- python-sssd-config-debuginfo-1.13.4-34.23.1
- sssd-32bit-1.13.4-34.23.1
- libsss_sudo-debuginfo-1.13.4-34.23.1
- libsss_idmap0-debuginfo-1.13.4-34.23.1
- sssd-debuginfo-32bit-1.13.4-34.23.1
- sssd-debugsource-1.13.4-34.23.1
- sssd-ad-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-debuginfo-1.13.4-34.23.1
- sssd-ipa-1.13.4-34.23.1
- sssd-tools-debuginfo-1.13.4-34.23.1
- sssd-krb5-common-1.13.4-34.23.1
- libsss_idmap0-1.13.4-34.23.1
- sssd-debuginfo-1.13.4-34.23.1
- sssd-1.13.4-34.23.1
- sssd-ad-1.13.4-34.23.1
- sssd-ldap-1.13.4-34.23.1
- sssd-ipa-debuginfo-1.13.4-34.23.1
- sssd-krb5-debuginfo-1.13.4-34.23.1
- sssd-ldap-debuginfo-1.13.4-34.23.1
- sssd-proxy-1.13.4-34.23.1
- libsss_sudo-1.13.4-34.23.1
- sssd-proxy-debuginfo-1.13.4-34.23.1
References:
- https://www.suse.com/security/cve/CVE-2018-10852.html
- https://bugzilla.suse.com/show_bug.cgi?id=1010700
- https://bugzilla.suse.com/show_bug.cgi?id=1072728
- https://bugzilla.suse.com/show_bug.cgi?id=1080156
- https://bugzilla.suse.com/show_bug.cgi?id=1087320
- https://bugzilla.suse.com/show_bug.cgi?id=1098377
- https://bugzilla.suse.com/show_bug.cgi?id=1101877
- https://bugzilla.suse.com/show_bug.cgi?id=1110299