sssd-1.15.2-50.el7.8
エラータID: AXSA:2017-2463:06
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.
Security Fix(es):
* It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. (CVE-2017-12173)
This issue was discovered by Sumit Bose (Asianux).
Bug Fix(es):
* Previously, SSSD's krb5 provider did not respect changed UIDs in ID views overriding the default view. Consequently, Kerberos credential caches were created with the incorrect, original UID, and processes of the user were not able to find the changed UID. With this update, SSSD's krb5 provider is made aware of the proper ID view name and respects the ID override data. As a result, the Kerberos credential cache is now created with the expected UID, and the processes can find it. (BZ#1508972)
* Previously, the list of cache request domains was sometimes freed in the middle of a cache request operation due to the refresh domains request, as they both were using the same list. As a consequence, a segmentation fault sometimes occurred in SSSD. With this update, SSSD uses a copy of the cache request domains' list for each cache request. As a result, SSSD no longer crashes in this case. (BZ#1509177)
* Previously, the calls provided by SSSD to send data to the Privilege Attribute Certificate (PAC) responder did not use a mutex or any other means to serialize access to the PAC responder from a single process. When multithreaded applications overran the PAC responder with multiple parallel requests, some threads did not receive a proper reply. Consequently, such threads only resumed work after waiting 5 minutes for a response. This update configures mutex to serialize access to the PAC responder socket for multithreaded applications. As a result, all threads now get a proper and timely reply. (BZ#1506682)
CVE-2017-12173
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
N/A
SRPMS
- sssd-1.15.2-50.el7.8.src.rpm
MD5: b9a4ebd1fb0359d3e23e999f2b34309f
SHA-256: bb8845990257a2206f2305b43b4ad9f5908bab86203d6be0526975596512e908
Size: 5.53 MB
Asianux Server 7 for x86_64
- libipa_hbac-1.15.2-50.el7.8.x86_64.rpm
MD5: 1b1cd890a39f24874d3456767f1035d3
SHA-256: fff948ffc2165e21dfbfe4a5883d117aa8d0b18ea1f035cc323943c66ac34f81
Size: 127.18 kB - libsss_autofs-1.15.2-50.el7.8.x86_64.rpm
MD5: e31b63f9b2e97ba933e21c513753df33
SHA-256: 67928d9e4725b034e9618590b648dc92892a070e73b7799c6484e8e541d4810a
Size: 128.99 kB - libsss_certmap-1.15.2-50.el7.8.x86_64.rpm
MD5: 2ea93c5f024f8b827147609e872cb497
SHA-256: 859c41dc6df3cade49467aafd9d2e4cf6de95ba7009e0847dfa0c946237aabda
Size: 149.69 kB - libsss_idmap-1.15.2-50.el7.8.x86_64.rpm
MD5: 10809a5f31906f84751d09b981182903
SHA-256: 21d17af64b29d5d0bc5d79270e222f1e24e0edcadf90aaa190132c74414fc14f
Size: 131.70 kB - libsss_nss_idmap-1.15.2-50.el7.8.x86_64.rpm
MD5: fc48dd49d8dee2d71f7467355805a419
SHA-256: a2e809dab53a830155eb1307ba1a7542928fa2bdbcfa7588c959e0d6ea114655
Size: 129.62 kB - libsss_simpleifp-1.15.2-50.el7.8.x86_64.rpm
MD5: c6a552fcd622b18fbd51fee89c37459f
SHA-256: 7626beddcc8e4e5bf68ef58782eb15a4480f119b9a2a50b44dc3da445f358bfd
Size: 117.91 kB - libsss_sudo-1.15.2-50.el7.8.x86_64.rpm
MD5: d9ea6833a70c226f4be6d0fedb01903e
SHA-256: 9171ae1d60c41d25be2e99039521717a6bc63e365f76a55632f062ad3e302ec2
Size: 127.38 kB - python-libipa_hbac-1.15.2-50.el7.8.x86_64.rpm
MD5: a4188ccb153fde6adacf3b631e859a13
SHA-256: 54b0d295ab7a21aeeab04380d30101a1899086b7f3033f9a3764e389d733ef61
Size: 120.17 kB - python-libsss_nss_idmap-1.15.2-50.el7.8.x86_64.rpm
MD5: b69d65fdb911e75ce311ff7936e186b9
SHA-256: 4f9ce7cc01897b943c07c38b2cb7e03af9cd3ea37a6ab9eb19fcb908c4110e65
Size: 112.94 kB - python-sss-1.15.2-50.el7.8.x86_64.rpm
MD5: 937167261b2728c200278291480f2600
SHA-256: cf9d99c357ad7f2541bd91d1ffcb7d4f54017ef6ab50b61a048cee2de2121a86
Size: 137.30 kB - python-sssdconfig-1.15.2-50.el7.8.noarch.rpm
MD5: 305300d18be52d01d9ad842f2aafd424
SHA-256: 5db98222e0c5a19f2371906cb62c0ef80e73ce2934cd94a2a186916774bca454
Size: 153.12 kB - python-sss-murmur-1.15.2-50.el7.8.x86_64.rpm
MD5: a2cf60fae820fa955ce314cca52fc5ce
SHA-256: 361d1ce1744de85e870981dbd948e558434e7c9ead359e09490eac4450a1eb04
Size: 110.11 kB - sssd-1.15.2-50.el7.8.x86_64.rpm
MD5: d6fb73488f7ebfcd540be03e4a0afd4c
SHA-256: 605026f46582445198baa325ae7c8a854d8ff297e43831696b7a393592910c68
Size: 119.04 kB - sssd-ad-1.15.2-50.el7.8.x86_64.rpm
MD5: 97509a974c70709933784a017cd4e264
SHA-256: 2ce885cc27c4988276eeb6eeaca4dd6fb2284a1d31039c7b7b7a6642b518aa5e
Size: 224.56 kB - sssd-client-1.15.2-50.el7.8.x86_64.rpm
MD5: 5ebafa9b59e4ad86b0d56c690ef7e2b6
SHA-256: 9154bb13a6c205a83995fafa4b1c3efcdefe1bf45725f20613eae9af22100719
Size: 185.83 kB - sssd-common-1.15.2-50.el7.8.x86_64.rpm
MD5: 79de49c1d75da24c083500424ea2d973
SHA-256: be3168f82e98fb0c5d9022e5600c125f1b81bb4576721c32b5249cc35b52339a
Size: 1.29 MB - sssd-common-pac-1.15.2-50.el7.8.x86_64.rpm
MD5: fb5d6b2be228bdd8a5d3aea0796e66c6
SHA-256: 346e11fddd71c2ded94d8d53c23da5b40933dfad1e7069d043bd6677743b900c
Size: 181.14 kB - sssd-dbus-1.15.2-50.el7.8.x86_64.rpm
MD5: c49d15b87f79816fa04e707837644c94
SHA-256: a5679e45ccf3bcce663723a17def022ffae00b3fa652bf8e323c937ae6ae514e
Size: 217.43 kB - sssd-ipa-1.15.2-50.el7.8.x86_64.rpm
MD5: 72cd463a64f078150a2e92de5761d43d
SHA-256: dbf861718a175d89d3c32edb6b675e2a5bb811c6a4286faa3d50b239b3376665
Size: 316.97 kB - sssd-kcm-1.15.2-50.el7.8.x86_64.rpm
MD5: ac654ad0f9640a1145ea5c255837c469
SHA-256: a27cb982b5d4e551ab6dd09e48e7528a7b33a7601411b61874d834a150cbe4b8
Size: 222.32 kB - sssd-krb5-1.15.2-50.el7.8.x86_64.rpm
MD5: d8df144661929f5648cf141807878ae1
SHA-256: e0b197dc59080193059a8af5c474ad5219b6a49d470a9b31396f95a1daf3bbb9
Size: 157.67 kB - sssd-krb5-common-1.15.2-50.el7.8.x86_64.rpm
MD5: 02ade9c14a0cd4283d543deef350163a
SHA-256: 7505208fc56d4232fcfdd9894334dcaa55d629e65b93e50f96449e658ad750ca
Size: 192.20 kB - sssd-ldap-1.15.2-50.el7.8.x86_64.rpm
MD5: efcabde628e3c17ab1d5803a5ad6f009
SHA-256: 4c3882b56efeebb01aee9b9e2b6644afb1b4350ef91adee3c3650a356842fe22
Size: 225.83 kB - sssd-libwbclient-1.15.2-50.el7.8.x86_64.rpm
MD5: 4611cd4676593697f4692eabe247cb5c
SHA-256: fb9ab81c686820c125d506f518d34226ac0ad874dc3be4ff0b1d6072c484612d
Size: 120.82 kB - sssd-polkit-rules-1.15.2-50.el7.8.x86_64.rpm
MD5: 626eff83cf6541ddceb327ea9170ae30
SHA-256: 8b36e04a810e14f00cb481b7640536a30f6f95ff4bc861bbf2e91350cf0c0ada
Size: 107.01 kB - sssd-proxy-1.15.2-50.el7.8.x86_64.rpm
MD5: 3c1355542c9d0eeb1d02a35ecf2427a9
SHA-256: d29b1976905b5959fe3759758fe7259aacd445f21f3061360485fbcc7ba4f9d4
Size: 153.47 kB - sssd-tools-1.15.2-50.el7.8.x86_64.rpm
MD5: df80377a43c943e4b729627f46ac9de6
SHA-256: 8ca1588e5c149d11b2c695f621321c99d0e28f107b5f8149e9d12c49987bc5b5
Size: 413.46 kB - sssd-winbind-idmap-1.15.2-50.el7.8.x86_64.rpm
MD5: ede45ab107aa1e97aeb8bff9f4e3654b
SHA-256: 3bd93c22c9bb346264ab4fb38742ade3f475834aea652ad89d93e9362a1b6f50
Size: 112.27 kB - libipa_hbac-1.15.2-50.el7.8.i686.rpm
MD5: 5240c42dc1388dff4415095d183ee75a
SHA-256: 347169969254b00b22306b6ca542eb1c05977b7bb3bbc6c213f4221d1c310198
Size: 127.05 kB - libsss_certmap-1.15.2-50.el7.8.i686.rpm
MD5: 65e8c41dd975936908e15edba3b32f06
SHA-256: db5a7d400dd84145df722a8ec59b78503f89f7e86f58be5d9449c787ac4be8e3
Size: 149.07 kB - libsss_idmap-1.15.2-50.el7.8.i686.rpm
MD5: d62baec20d1f397017c9643a6872b4a1
SHA-256: 95ff987da4f74e3d3a58c8a679e71281c490bd27c0d94267bf645e3ca534e432
Size: 132.28 kB - libsss_nss_idmap-1.15.2-50.el7.8.i686.rpm
MD5: 186a648d33e65119e4e2f63af5882ca4
SHA-256: e72554b97d9e33fcae424a7d1c356e6db9e4a6267a80f08ced17ad0e1ef4dd2a
Size: 129.82 kB - libsss_simpleifp-1.15.2-50.el7.8.i686.rpm
MD5: ac7d31b042db59e9925c31b1822c64ff
SHA-256: e831460c6b4d7707e050283403fb76b32ca2150fdada9d9cc3688f33340a95cb
Size: 118.03 kB - sssd-client-1.15.2-50.el7.8.i686.rpm
MD5: 3bd2c86c98e19e7d40701ba710698aaf
SHA-256: df5af27f5582b3b80d2a4abc998c1ef334d16457b9134148b029a6a110cbb442
Size: 185.51 kB
日本語