sssd-1.12.4-47.AXS4.4

エラータID: AXSA:2015-557:03

Release date: 
Wednesday, November 11, 2015 - 16:41
Subject: 
sssd-1.12.4-47.AXS4.4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Low
Description: 

Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.

Security issues fixed with this release:

CVE-2015-5292
Memory leak in the Privilege Attribute Certificate (PAC) responder
plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD)
1.10 before 1.13.1 allows remote authenticated users to cause a denial
of service (memory consumption) via a large number of logins that
trigger parsing of PAC blobs during Kerberos authentication.

Fixed bugs:

* Previously, SSSD did not correctly handle sudo rules that applied to groups with names containing special characters, such as the "(" opening parenthesis sign. Consequently, SSSD skipped such sudo rules. The internal sysdb search has been modified to escape special characters when searching for objects to which sudo rules apply. As a result, SSSD applies the described sudo rules as expected.
* Prior to this update, SSSD did not correctly handle group names containing special Lightweight Directory Access Protocol (LDAP) characters, such as the "(" or ")" parenthesis signs. When a group name contained one or more such characters, the internal cache cleanup operation failed with an I/O error. With this update, LDAP special characters in the Distinguished Name (DN) of a cache entry are escaped before the cleanup operation starts. As a result, the cleanup operation completes successfully in the described situation.
* Applications performing Kerberos authentication previously increased the memory footprint of the Kerberos plug-in that parses the Privilege Attribute Certificate (PAC) information. The plug-in has been updated to free the memory it allocates, thus fixing this bug.
* Previously, when malformed POSIX attributes were defined in an Active Directory (AD) LDAP server, SSSD unexpectedly switched to offline mode. This update relaxes certain checks for AD POSIX attribute validity. As a result, SSSD now works as expected even when malformed POSIX attributes are present in AD and no longer enters offline mode in the described situation.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. sssd-1.12.4-47.AXS4.4.src.rpm
    MD5: bb4a430d3e69b5f5f43b30c826df3f7f
    SHA-256: 887c76780d9f40dacc50ead3a1f1902e5c36d1c3ce45a61d3c0d2d968c87440a
    Size: 4.28 MB

Asianux Server 4 for x86
  1. libipa_hbac-1.12.4-47.AXS4.4.i686.rpm
    MD5: 1130a9d082e80a802cd8c393c112178d
    SHA-256: 6f6e1b2f0363fac18cc1caf2cd79517c86b99003936f949a1168d15a00d185f8
    Size: 104.50 kB
  2. libipa_hbac-python-1.12.4-47.AXS4.4.i686.rpm
    MD5: 01949fc3bff90db7defad854e2032ac5
    SHA-256: 160381bd8648db884f93a507f887051458acf1e42686605270c43f545c928614
    Size: 98.83 kB
  3. libsss_idmap-1.12.4-47.AXS4.4.i686.rpm
    MD5: 57f6a2ee2be7638fe65fdc721e099669
    SHA-256: 202fa570fc3fa551328c8215312a4296b7d4fb8ae3663dd01af273923b6c94d6
    Size: 108.99 kB
  4. python-sssdconfig-1.12.4-47.AXS4.4.noarch.rpm
    MD5: 052511979d867143d064d9531e6570b0
    SHA-256: b14795f74d3f59850db06b8c7edfe8aa35cde7825c0a71c6ca7a21bf0d82f548
    Size: 132.26 kB
  5. sssd-1.12.4-47.AXS4.4.i686.rpm
    MD5: c996f8fb5100fcae7c4e6bd143910e7a
    SHA-256: 00b710d58babf9d1afddb51a7e4ecf77638060763bebda29619caf63ce6b1efd
    Size: 99.72 kB
  6. sssd-ad-1.12.4-47.AXS4.4.i686.rpm
    MD5: 873d8243841059eab783294e1d0b6e64
    SHA-256: 52f9716f74e531bae2b8263822b6042e46103cb6098bad3314da41cfe3b751b7
    Size: 199.24 kB
  7. sssd-client-1.12.4-47.AXS4.4.i686.rpm
    MD5: a2a9fd4dc8797eb5c81b188de31a3f87
    SHA-256: 822d3c255e22d00f9681e36e20cd131368d460039c128cc770f12fb38abfdedf
    Size: 150.41 kB
  8. sssd-common-1.12.4-47.AXS4.4.i686.rpm
    MD5: 47aa58b3bc5c1b01e1043bcd5f1b2a6f
    SHA-256: 9ef1acd9911186c556aa32683b72ebadcdbc9f61c1178cd98956c5904063d274
    Size: 961.62 kB
  9. sssd-common-pac-1.12.4-47.AXS4.4.i686.rpm
    MD5: bffc15f509632bb0d487fbbfa3f16100
    SHA-256: 731d98a731975a3161117aa441342e54bd7eb5276eb2fe70161ac4128c750889
    Size: 132.91 kB
  10. sssd-dbus-1.12.4-47.AXS4.4.i686.rpm
    MD5: 8e3731c58c0819952b6c5c897b064a08
    SHA-256: c942025157c55bded30ad7a36a671b5b442a3c60546485ec8010fad697c69a6c
    Size: 139.88 kB
  11. sssd-ipa-1.12.4-47.AXS4.4.i686.rpm
    MD5: 60059718ef430018013a042d07c9f3e6
    SHA-256: 99534b6797dd79882f7b559d6365848f16616e50e7b33a82c7609a9c482db287
    Size: 231.77 kB
  12. sssd-krb5-1.12.4-47.AXS4.4.i686.rpm
    MD5: 6499e8793525de148ee89cb89b3e3428
    SHA-256: accffc2a206963beddef11b6a463d218d698f39998a72a0050b208358bd64925
    Size: 133.17 kB
  13. sssd-krb5-common-1.12.4-47.AXS4.4.i686.rpm
    MD5: 16906e112eaccc7574cfe39315beb0fa
    SHA-256: 0f4419461c2c972e60fa8409c67b1d3995d2d38f6fdef0cc16da5311142b432a
    Size: 187.23 kB
  14. sssd-ldap-1.12.4-47.AXS4.4.i686.rpm
    MD5: 5565894c71b36711a0291af8b81bd822
    SHA-256: 7525b143f1e296b2e63291d35b230a7babe452cafc20b30ea0d5156829d7e8e2
    Size: 214.65 kB
  15. sssd-proxy-1.12.4-47.AXS4.4.i686.rpm
    MD5: f840c94e1f1e869c21a43eb69215e6d2
    SHA-256: b6c38b97ea5676503974e945d7d72aabb829a7187dbb7eda50d4533184585ebc
    Size: 127.96 kB

Asianux Server 4 for x86_64
  1. libipa_hbac-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: ce49ac7b6d39249b69c6ed7e02aff1de
    SHA-256: dc6ae486428b8f182efcf5e62e9b273ff28ea31957178e8c86ad8aa31372f880
    Size: 104.01 kB
  2. libipa_hbac-python-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: bfe612847d50e1b40d44392cd79a4805
    SHA-256: c34059f87f681c7752b8dc237dd42f1d411acd3d85195f7fc0e386d3301f27f6
    Size: 98.79 kB
  3. libsss_idmap-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: 50f145192ce02f8b47184d2c755ee242
    SHA-256: 11685df86b4467362b6ded070a6a77c1a1a33c54b443e88d11b8974c71b98831
    Size: 108.69 kB
  4. python-sssdconfig-1.12.4-47.AXS4.4.noarch.rpm
    MD5: f54e4ce203066794eaf45397406d8fe4
    SHA-256: 9fdf05ec3169722ee09b448179fdc2fc513e3159e52934c08b3b0e7e7c5f9c54
    Size: 131.81 kB
  5. sssd-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: 717d0824cbc7616ae31c5853c16b118e
    SHA-256: 1da1480bb45e094ce7538b55d6dd09c1e73ae685b94371834017be34b3dfd2fb
    Size: 99.27 kB
  6. sssd-ad-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: cf4cb7f1023dede6e2e0ba11066c0660
    SHA-256: 4d57036b867c5cb1defd525da3074fe419fbf3cbc94c874ff2b65c1f2fcc8fdf
    Size: 201.17 kB
  7. sssd-client-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: 17220b597c2a4775b8459b281e0d3ae0
    SHA-256: c7f857ca0f18c0c05d8d3346fed9b966b2546f8eda39404aaf93cd7af176a049
    Size: 150.28 kB
  8. sssd-common-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: e8eeba6be2158515d832b24eb314d97d
    SHA-256: 19f8316568866bcd93fca81dea8330f5b47fdf0b94927f2669dcb9edc35adb0f
    Size: 975.56 kB
  9. sssd-common-pac-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: 664f6b4ac7622df2d8ed8b54e5f1d59c
    SHA-256: 21f86ed30a055b76f267c155452be08d1588e1f0c2b0070a26b3bee217d97ce7
    Size: 133.86 kB
  10. sssd-dbus-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: 5e4508146b4570503382271b5ff4c1f9
    SHA-256: 9007e9da97cee8c88b4a9fa0805ff6364f78a7e18c454254fc8c2086ad988fce
    Size: 140.95 kB
  11. sssd-ipa-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: 26a10e04fc65477bff2927bc062c085c
    SHA-256: 7fa0c2b431b4c2fcc175c2bf588ca9b873e182990e5e5c51c445ba503bdc5905
    Size: 236.31 kB
  12. sssd-krb5-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: 9be44b0546923e3380204991497636a7
    SHA-256: 54a1f9542500bd516e6b0d4f1ea293fd5ff6beaad92e9cd825836c501088ce28
    Size: 133.03 kB
  13. sssd-krb5-common-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: e81385da31df3e16f166af19d4c397df
    SHA-256: 5eead32563ad41732bc1580b329b5d049fca4a416bfdd7ee8430d8a3d6e7e4fa
    Size: 189.68 kB
  14. sssd-ldap-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: b8f125fce9358c2d77c92c297b1bf2b4
    SHA-256: 427e771ed09e7f71cecd3bf0fdfe12fd4bf8a277bf486df3b980e4571266a313
    Size: 214.66 kB
  15. sssd-proxy-1.12.4-47.AXS4.4.x86_64.rpm
    MD5: 980f916ba1e8778df583a0dce44ec200
    SHA-256: 8260db84bded37e8ef4b90c13588a032d9d801b2375fb23a22f337fd334605f6
    Size: 128.63 kB
  16. libipa_hbac-1.12.4-47.AXS4.4.i686.rpm
    MD5: 1130a9d082e80a802cd8c393c112178d
    SHA-256: 6f6e1b2f0363fac18cc1caf2cd79517c86b99003936f949a1168d15a00d185f8
    Size: 104.50 kB
  17. libsss_idmap-1.12.4-47.AXS4.4.i686.rpm
    MD5: 57f6a2ee2be7638fe65fdc721e099669
    SHA-256: 202fa570fc3fa551328c8215312a4296b7d4fb8ae3663dd01af273923b6c94d6
    Size: 108.99 kB
  18. sssd-client-1.12.4-47.AXS4.4.i686.rpm
    MD5: a2a9fd4dc8797eb5c81b188de31a3f87
    SHA-256: 822d3c255e22d00f9681e36e20cd131368d460039c128cc770f12fb38abfdedf
    Size: 150.41 kB