sssd-1.15.2-50.el7.8

エラータID: AXSA:2017-2463:06

Release date: 
Monday, December 11, 2017 - 11:35
Subject: 
sssd-1.15.2-50.el7.8
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.

Security Fix(es):

* It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. (CVE-2017-12173)

This issue was discovered by Sumit Bose (Asianux).

Bug Fix(es):

* Previously, SSSD's krb5 provider did not respect changed UIDs in ID views overriding the default view. Consequently, Kerberos credential caches were created with the incorrect, original UID, and processes of the user were not able to find the changed UID. With this update, SSSD's krb5 provider is made aware of the proper ID view name and respects the ID override data. As a result, the Kerberos credential cache is now created with the expected UID, and the processes can find it. (BZ#1508972)

* Previously, the list of cache request domains was sometimes freed in the middle of a cache request operation due to the refresh domains request, as they both were using the same list. As a consequence, a segmentation fault sometimes occurred in SSSD. With this update, SSSD uses a copy of the cache request domains' list for each cache request. As a result, SSSD no longer crashes in this case. (BZ#1509177)

* Previously, the calls provided by SSSD to send data to the Privilege Attribute Certificate (PAC) responder did not use a mutex or any other means to serialize access to the PAC responder from a single process. When multithreaded applications overran the PAC responder with multiple parallel requests, some threads did not receive a proper reply. Consequently, such threads only resumed work after waiting 5 minutes for a response. This update configures mutex to serialize access to the PAC responder socket for multithreaded applications. As a result, all threads now get a proper and timely reply. (BZ#1506682)

CVE-2017-12173
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. sssd-1.15.2-50.el7.8.src.rpm
    MD5: b9a4ebd1fb0359d3e23e999f2b34309f
    SHA-256: bb8845990257a2206f2305b43b4ad9f5908bab86203d6be0526975596512e908
    Size: 5.53 MB

Asianux Server 7 for x86_64
  1. libipa_hbac-1.15.2-50.el7.8.x86_64.rpm
    MD5: 1b1cd890a39f24874d3456767f1035d3
    SHA-256: fff948ffc2165e21dfbfe4a5883d117aa8d0b18ea1f035cc323943c66ac34f81
    Size: 127.18 kB
  2. libsss_autofs-1.15.2-50.el7.8.x86_64.rpm
    MD5: e31b63f9b2e97ba933e21c513753df33
    SHA-256: 67928d9e4725b034e9618590b648dc92892a070e73b7799c6484e8e541d4810a
    Size: 128.99 kB
  3. libsss_certmap-1.15.2-50.el7.8.x86_64.rpm
    MD5: 2ea93c5f024f8b827147609e872cb497
    SHA-256: 859c41dc6df3cade49467aafd9d2e4cf6de95ba7009e0847dfa0c946237aabda
    Size: 149.69 kB
  4. libsss_idmap-1.15.2-50.el7.8.x86_64.rpm
    MD5: 10809a5f31906f84751d09b981182903
    SHA-256: 21d17af64b29d5d0bc5d79270e222f1e24e0edcadf90aaa190132c74414fc14f
    Size: 131.70 kB
  5. libsss_nss_idmap-1.15.2-50.el7.8.x86_64.rpm
    MD5: fc48dd49d8dee2d71f7467355805a419
    SHA-256: a2e809dab53a830155eb1307ba1a7542928fa2bdbcfa7588c959e0d6ea114655
    Size: 129.62 kB
  6. libsss_simpleifp-1.15.2-50.el7.8.x86_64.rpm
    MD5: c6a552fcd622b18fbd51fee89c37459f
    SHA-256: 7626beddcc8e4e5bf68ef58782eb15a4480f119b9a2a50b44dc3da445f358bfd
    Size: 117.91 kB
  7. libsss_sudo-1.15.2-50.el7.8.x86_64.rpm
    MD5: d9ea6833a70c226f4be6d0fedb01903e
    SHA-256: 9171ae1d60c41d25be2e99039521717a6bc63e365f76a55632f062ad3e302ec2
    Size: 127.38 kB
  8. python-libipa_hbac-1.15.2-50.el7.8.x86_64.rpm
    MD5: a4188ccb153fde6adacf3b631e859a13
    SHA-256: 54b0d295ab7a21aeeab04380d30101a1899086b7f3033f9a3764e389d733ef61
    Size: 120.17 kB
  9. python-libsss_nss_idmap-1.15.2-50.el7.8.x86_64.rpm
    MD5: b69d65fdb911e75ce311ff7936e186b9
    SHA-256: 4f9ce7cc01897b943c07c38b2cb7e03af9cd3ea37a6ab9eb19fcb908c4110e65
    Size: 112.94 kB
  10. python-sss-1.15.2-50.el7.8.x86_64.rpm
    MD5: 937167261b2728c200278291480f2600
    SHA-256: cf9d99c357ad7f2541bd91d1ffcb7d4f54017ef6ab50b61a048cee2de2121a86
    Size: 137.30 kB
  11. python-sssdconfig-1.15.2-50.el7.8.noarch.rpm
    MD5: 305300d18be52d01d9ad842f2aafd424
    SHA-256: 5db98222e0c5a19f2371906cb62c0ef80e73ce2934cd94a2a186916774bca454
    Size: 153.12 kB
  12. python-sss-murmur-1.15.2-50.el7.8.x86_64.rpm
    MD5: a2cf60fae820fa955ce314cca52fc5ce
    SHA-256: 361d1ce1744de85e870981dbd948e558434e7c9ead359e09490eac4450a1eb04
    Size: 110.11 kB
  13. sssd-1.15.2-50.el7.8.x86_64.rpm
    MD5: d6fb73488f7ebfcd540be03e4a0afd4c
    SHA-256: 605026f46582445198baa325ae7c8a854d8ff297e43831696b7a393592910c68
    Size: 119.04 kB
  14. sssd-ad-1.15.2-50.el7.8.x86_64.rpm
    MD5: 97509a974c70709933784a017cd4e264
    SHA-256: 2ce885cc27c4988276eeb6eeaca4dd6fb2284a1d31039c7b7b7a6642b518aa5e
    Size: 224.56 kB
  15. sssd-client-1.15.2-50.el7.8.x86_64.rpm
    MD5: 5ebafa9b59e4ad86b0d56c690ef7e2b6
    SHA-256: 9154bb13a6c205a83995fafa4b1c3efcdefe1bf45725f20613eae9af22100719
    Size: 185.83 kB
  16. sssd-common-1.15.2-50.el7.8.x86_64.rpm
    MD5: 79de49c1d75da24c083500424ea2d973
    SHA-256: be3168f82e98fb0c5d9022e5600c125f1b81bb4576721c32b5249cc35b52339a
    Size: 1.29 MB
  17. sssd-common-pac-1.15.2-50.el7.8.x86_64.rpm
    MD5: fb5d6b2be228bdd8a5d3aea0796e66c6
    SHA-256: 346e11fddd71c2ded94d8d53c23da5b40933dfad1e7069d043bd6677743b900c
    Size: 181.14 kB
  18. sssd-dbus-1.15.2-50.el7.8.x86_64.rpm
    MD5: c49d15b87f79816fa04e707837644c94
    SHA-256: a5679e45ccf3bcce663723a17def022ffae00b3fa652bf8e323c937ae6ae514e
    Size: 217.43 kB
  19. sssd-ipa-1.15.2-50.el7.8.x86_64.rpm
    MD5: 72cd463a64f078150a2e92de5761d43d
    SHA-256: dbf861718a175d89d3c32edb6b675e2a5bb811c6a4286faa3d50b239b3376665
    Size: 316.97 kB
  20. sssd-kcm-1.15.2-50.el7.8.x86_64.rpm
    MD5: ac654ad0f9640a1145ea5c255837c469
    SHA-256: a27cb982b5d4e551ab6dd09e48e7528a7b33a7601411b61874d834a150cbe4b8
    Size: 222.32 kB
  21. sssd-krb5-1.15.2-50.el7.8.x86_64.rpm
    MD5: d8df144661929f5648cf141807878ae1
    SHA-256: e0b197dc59080193059a8af5c474ad5219b6a49d470a9b31396f95a1daf3bbb9
    Size: 157.67 kB
  22. sssd-krb5-common-1.15.2-50.el7.8.x86_64.rpm
    MD5: 02ade9c14a0cd4283d543deef350163a
    SHA-256: 7505208fc56d4232fcfdd9894334dcaa55d629e65b93e50f96449e658ad750ca
    Size: 192.20 kB
  23. sssd-ldap-1.15.2-50.el7.8.x86_64.rpm
    MD5: efcabde628e3c17ab1d5803a5ad6f009
    SHA-256: 4c3882b56efeebb01aee9b9e2b6644afb1b4350ef91adee3c3650a356842fe22
    Size: 225.83 kB
  24. sssd-libwbclient-1.15.2-50.el7.8.x86_64.rpm
    MD5: 4611cd4676593697f4692eabe247cb5c
    SHA-256: fb9ab81c686820c125d506f518d34226ac0ad874dc3be4ff0b1d6072c484612d
    Size: 120.82 kB
  25. sssd-polkit-rules-1.15.2-50.el7.8.x86_64.rpm
    MD5: 626eff83cf6541ddceb327ea9170ae30
    SHA-256: 8b36e04a810e14f00cb481b7640536a30f6f95ff4bc861bbf2e91350cf0c0ada
    Size: 107.01 kB
  26. sssd-proxy-1.15.2-50.el7.8.x86_64.rpm
    MD5: 3c1355542c9d0eeb1d02a35ecf2427a9
    SHA-256: d29b1976905b5959fe3759758fe7259aacd445f21f3061360485fbcc7ba4f9d4
    Size: 153.47 kB
  27. sssd-tools-1.15.2-50.el7.8.x86_64.rpm
    MD5: df80377a43c943e4b729627f46ac9de6
    SHA-256: 8ca1588e5c149d11b2c695f621321c99d0e28f107b5f8149e9d12c49987bc5b5
    Size: 413.46 kB
  28. sssd-winbind-idmap-1.15.2-50.el7.8.x86_64.rpm
    MD5: ede45ab107aa1e97aeb8bff9f4e3654b
    SHA-256: 3bd93c22c9bb346264ab4fb38742ade3f475834aea652ad89d93e9362a1b6f50
    Size: 112.27 kB
  29. libipa_hbac-1.15.2-50.el7.8.i686.rpm
    MD5: 5240c42dc1388dff4415095d183ee75a
    SHA-256: 347169969254b00b22306b6ca542eb1c05977b7bb3bbc6c213f4221d1c310198
    Size: 127.05 kB
  30. libsss_certmap-1.15.2-50.el7.8.i686.rpm
    MD5: 65e8c41dd975936908e15edba3b32f06
    SHA-256: db5a7d400dd84145df722a8ec59b78503f89f7e86f58be5d9449c787ac4be8e3
    Size: 149.07 kB
  31. libsss_idmap-1.15.2-50.el7.8.i686.rpm
    MD5: d62baec20d1f397017c9643a6872b4a1
    SHA-256: 95ff987da4f74e3d3a58c8a679e71281c490bd27c0d94267bf645e3ca534e432
    Size: 132.28 kB
  32. libsss_nss_idmap-1.15.2-50.el7.8.i686.rpm
    MD5: 186a648d33e65119e4e2f63af5882ca4
    SHA-256: e72554b97d9e33fcae424a7d1c356e6db9e4a6267a80f08ced17ad0e1ef4dd2a
    Size: 129.82 kB
  33. libsss_simpleifp-1.15.2-50.el7.8.i686.rpm
    MD5: ac7d31b042db59e9925c31b1822c64ff
    SHA-256: e831460c6b4d7707e050283403fb76b32ca2150fdada9d9cc3688f33340a95cb
    Size: 118.03 kB
  34. sssd-client-1.15.2-50.el7.8.i686.rpm
    MD5: 3bd2c86c98e19e7d40701ba710698aaf
    SHA-256: df5af27f5582b3b80d2a4abc998c1ef334d16457b9134148b029a6a110cbb442
    Size: 185.51 kB