sssd-1.13.3-60.AXS4, ding-libs-0.4.0-13.AXS4

エラータID: AXSA:2018-3221:01

リリース日: 
2018/06/27 Wednesday - 14:55
題名: 
sssd-1.13.3-60.AXS4, ding-libs-0.4.0-13.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- sssd の sysdb_search_user_by_upn_res() 関数はローカルキャッ
シュを問い合わせる際にリクエストをサニタイズしておらず,インジェク
ションの問題があります。任意のユーザに対するパスワードハッシュが
ローカルにキャッシュされている場合,集中ログイン環境では認証された攻撃
者がパスワードハッシュを取得する脆弱性があります。(CVE-2017-12173)

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2017-12173
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. ding-libs-0.4.0-13.AXS4.src.rpm
    MD5: d311df11ab8fc9246212a1d90b438531
    SHA-256: 11dd9fc8255b030a664c6f78be4f61aa36e280fe07659eab406a04a87b24cdad
    Size: 818.38 kB
  2. sssd-1.13.3-60.AXS4.src.rpm
    MD5: f92ab9be1b2955cad91e697d8435008d
    SHA-256: e819e541adbea07e9a960c09560d22c7463afdb8027fe574b68571f4e83c5c44
    Size: 4.81 MB

Asianux Server 4 for x86
  1. libbasicobjects-0.1.1-13.AXS4.i686.rpm
    MD5: b63ebf86ac9c6e38766ccba6601f1188
    SHA-256: 7eb94ba06b574ff2b697547bc90995aec23291d0425953119e675a09a3431eb9
    Size: 21.21 kB
  2. libcollection-0.6.2-13.AXS4.i686.rpm
    MD5: be8c5c666e7bfe089229e492cbc6bdc2
    SHA-256: b1cceaf52b799336cc523a8ab24a0efa14dae30d45ac3e9d82bf22f08333d927
    Size: 36.29 kB
  3. libdhash-0.4.3-13.AXS4.i686.rpm
    MD5: 35dbbc88fff75f81701dd24125f64fc1
    SHA-256: bab1de971ab9106b10f275cc6ee32cb0dc5fa40b7f3cd69bc8fa11c3cb7cd338
    Size: 23.77 kB
  4. libini_config-1.1.0-13.AXS4.i686.rpm
    MD5: cf9a22338e8dada2eadc9b1808f355e9
    SHA-256: 4954dda64344e6f59ebfe1c18a052c66d74f20534c8211925bcf0b039cc3da2c
    Size: 46.57 kB
  5. libpath_utils-0.2.1-13.AXS4.i686.rpm
    MD5: 021a4aaa9440fe9320d40acba5c690cd
    SHA-256: 8f02e8281c55b8103cf218dd84e62853bab43cfd3cf1f3a2d7929edc8915931a
    Size: 24.01 kB
  6. libref_array-0.1.4-13.AXS4.i686.rpm
    MD5: b07322e5754a811e3046db4fc479465a
    SHA-256: 9cdc127fe3536e6d6a6bee1f436cbcb339d3878edb405509b77fdcbfe03fa7cd
    Size: 22.52 kB
  7. libipa_hbac-1.13.3-60.AXS4.i686.rpm
    MD5: 3c8a2122328fdfe2f264e942234be358
    SHA-256: 1a33e205fa4edcd3dab14b2ba7ee0e70773f9c239de9c0a7e65c25bd97529e67
    Size: 118.14 kB
  8. libsss_idmap-1.13.3-60.AXS4.i686.rpm
    MD5: 76403bf8ebd46715e076e1cba6b4059f
    SHA-256: 77a8be5e43155f677778aeab5db68873dec2621a5c225e921c4fb734385b38d0
    Size: 124.29 kB
  9. python-libipa_hbac-1.13.3-60.AXS4.i686.rpm
    MD5: 67459862dbb96e4ab8836d15f7459ced
    SHA-256: 85e8f1bf2788a0029f2d144744eb791f5c9b3e7e79b2a4b2ae43bb2128d464f6
    Size: 112.39 kB
  10. python-sss-1.13.3-60.AXS4.i686.rpm
    MD5: 684510651d9854469581a3c093690025
    SHA-256: c33d2c365b1a9fc310f38034edaf390fc56fb347dfb2c3b90d2f0985c1245653
    Size: 124.57 kB
  11. python-sssdconfig-1.13.3-60.AXS4.noarch.rpm
    MD5: b09656773c3de235396b6aed674442f9
    SHA-256: 582eb54177269e8e08ef91ac2f303b111dec99a392293889b2726ce6456c02d3
    Size: 146.52 kB
  12. python-sss-murmur-1.13.3-60.AXS4.i686.rpm
    MD5: 3e93296a8078870690fb809e1c360909
    SHA-256: fa1919e441d718b5b3d49e42478736c6874b977436f4beaebc420dc7083a3221
    Size: 103.01 kB
  13. sssd-1.13.3-60.AXS4.i686.rpm
    MD5: 9bb0ee454278657d477eb47ad854be6a
    SHA-256: 72e2247be8bada45d0fb61c2a12115f683d0d7b3a75e7e4098eaca93e9a5f793
    Size: 113.34 kB
  14. sssd-ad-1.13.3-60.AXS4.i686.rpm
    MD5: a0169e86c410c056b3e4564f09271371
    SHA-256: e5fa24cc59fc760f66f5eec61549e05713dd5a11529fe4090f7bc83fdf67dd37
    Size: 216.85 kB
  15. sssd-client-1.13.3-60.AXS4.i686.rpm
    MD5: b4c3befa51e4f8b0f134b1d4a5be2c35
    SHA-256: 2683047fadeb1ca25773e1b97e44c7ee57ed15382952605197a69466695411ad
    Size: 169.95 kB
  16. sssd-common-1.13.3-60.AXS4.i686.rpm
    MD5: 1b4fe088c2615b4cd332723ab99b4e28
    SHA-256: b65297c889ec0dd7510fd7526acc008eade3e8e5de9ef19d8c06ce83af5210c7
    Size: 1.07 MB
  17. sssd-common-pac-1.13.3-60.AXS4.i686.rpm
    MD5: f8fdaf1362b4f85004aeb36975c41d94
    SHA-256: fd5dd592bd8c6693bf897719e6fae5e0d85357a6a31d78b1dd90c41d27dee648
    Size: 151.42 kB
  18. sssd-dbus-1.13.3-60.AXS4.i686.rpm
    MD5: c945fac7619b29e618f82d027e4cf791
    SHA-256: 620e1d115c99f631ea433e4c5f081a15c1642dfb31573b57b48dd19cc0c89918
    Size: 165.30 kB
  19. sssd-ipa-1.13.3-60.AXS4.i686.rpm
    MD5: c0efab7b011beded2a0d91effedb708c
    SHA-256: b5907e00580713c511f12a2b3efcd71137c0e0a4ceed9e7033ce84a1fc3b9f99
    Size: 278.66 kB
  20. sssd-krb5-1.13.3-60.AXS4.i686.rpm
    MD5: 83e6f5c34159f3bd7568ee6087696996
    SHA-256: ef82ba38d9503a566748f905f27a60cba428b9ed0402da2b4d69c22a19d3fdf8
    Size: 148.41 kB
  21. sssd-krb5-common-1.13.3-60.AXS4.i686.rpm
    MD5: 17f9dc4d29ff05f72f2e3b722cc427bd
    SHA-256: 89b1ebc481076173bf0c6d8571cd03ad5cb5ce9e69af58c7bb897c5f27ad58a1
    Size: 167.08 kB
  22. sssd-ldap-1.13.3-60.AXS4.i686.rpm
    MD5: 4163eaa31471513805cddaf1ed316452
    SHA-256: 55eaaf78341ada6e0984f37184187501124ff4841fda3d0f288e10cdd5104952
    Size: 214.34 kB
  23. sssd-proxy-1.13.3-60.AXS4.i686.rpm
    MD5: 6e3e540ab1a077773ff251597c368bcf
    SHA-256: 59557f7e7f0e2b6105d2ef72a798abb4727f1c1963d358f1a75d7a3f12b00576
    Size: 141.38 kB

Asianux Server 4 for x86_64
  1. libbasicobjects-0.1.1-13.AXS4.x86_64.rpm
    MD5: c28cdb7ad658ce99bbc5e584ca1028cb
    SHA-256: bc38e9c7ef7e9a838ec6faad9c8455f5eb69f2a4291db154ac2a206032620f68
    Size: 20.71 kB
  2. libcollection-0.6.2-13.AXS4.x86_64.rpm
    MD5: 6c0120dea61a85e9891f3604391bfc72
    SHA-256: 6731fa1f4023283f2a29b0865223eb55891e49cccf9e8a30a76ff2dd96c864dd
    Size: 35.21 kB
  3. libdhash-0.4.3-13.AXS4.x86_64.rpm
    MD5: c35ff29d23feaa772c1dd1c87c3244e4
    SHA-256: ac02b0d7708e72be443a98a748399be1196887665deb911a546958bc469bc9f0
    Size: 23.13 kB
  4. libini_config-1.1.0-13.AXS4.x86_64.rpm
    MD5: 3d2d90bff690b67ce9e3aa8883eb7bfc
    SHA-256: 7829aef78ae6aa0bbb72c5a95749b35bd91ec996ae0101ecb56e9dc98acd5e1a
    Size: 45.46 kB
  5. libpath_utils-0.2.1-13.AXS4.x86_64.rpm
    MD5: d39f20bc1ed2b29491661af50901603b
    SHA-256: 7f2bb98cfdddf4eb84fca38727f35ca11347cbee278f05d4895626ae413483b3
    Size: 23.53 kB
  6. libref_array-0.1.4-13.AXS4.x86_64.rpm
    MD5: 456b0d2f3f5e1a79af9659b3399188b2
    SHA-256: 47feb3b621aedadc4d77c158feb86e1adcb5377a02c27cf7ab3de98bbf51b027
    Size: 22.12 kB
  7. libbasicobjects-0.1.1-13.AXS4.i686.rpm
    MD5: b63ebf86ac9c6e38766ccba6601f1188
    SHA-256: 7eb94ba06b574ff2b697547bc90995aec23291d0425953119e675a09a3431eb9
    Size: 21.21 kB
  8. libcollection-0.6.2-13.AXS4.i686.rpm
    MD5: be8c5c666e7bfe089229e492cbc6bdc2
    SHA-256: b1cceaf52b799336cc523a8ab24a0efa14dae30d45ac3e9d82bf22f08333d927
    Size: 36.29 kB
  9. libdhash-0.4.3-13.AXS4.i686.rpm
    MD5: 35dbbc88fff75f81701dd24125f64fc1
    SHA-256: bab1de971ab9106b10f275cc6ee32cb0dc5fa40b7f3cd69bc8fa11c3cb7cd338
    Size: 23.77 kB
  10. libini_config-1.1.0-13.AXS4.i686.rpm
    MD5: cf9a22338e8dada2eadc9b1808f355e9
    SHA-256: 4954dda64344e6f59ebfe1c18a052c66d74f20534c8211925bcf0b039cc3da2c
    Size: 46.57 kB
  11. libpath_utils-0.2.1-13.AXS4.i686.rpm
    MD5: 021a4aaa9440fe9320d40acba5c690cd
    SHA-256: 8f02e8281c55b8103cf218dd84e62853bab43cfd3cf1f3a2d7929edc8915931a
    Size: 24.01 kB
  12. libref_array-0.1.4-13.AXS4.i686.rpm
    MD5: b07322e5754a811e3046db4fc479465a
    SHA-256: 9cdc127fe3536e6d6a6bee1f436cbcb339d3878edb405509b77fdcbfe03fa7cd
    Size: 22.52 kB
  13. libipa_hbac-1.13.3-60.AXS4.x86_64.rpm
    MD5: 921e142e2ce478118c4ae0d4d0caaccf
    SHA-256: 85603ef90e78c507280b0d66464877af6776579042fa97162ee74537b28a0ea0
    Size: 117.66 kB
  14. libsss_idmap-1.13.3-60.AXS4.x86_64.rpm
    MD5: 5157285d10a30cbdcd6ff8984b791543
    SHA-256: 2d32cc052ac9ccd89482cb450a02591f99feb2ad647dcdf9c425dc9b2d38f5ac
    Size: 123.59 kB
  15. python-libipa_hbac-1.13.3-60.AXS4.x86_64.rpm
    MD5: 58238444fcd1d7690734680d69a371df
    SHA-256: 2d43928b1dfc36fedd5516a8c29852779b1a89ece4f3b238135572e60a1edd43
    Size: 112.41 kB
  16. python-sss-1.13.3-60.AXS4.x86_64.rpm
    MD5: e2aec63274f678c2da621cf541a6f3b1
    SHA-256: e3e89db4524c1b4bb390d40314d3fd961e47a7e8f7622b51f0e25bc1653966b3
    Size: 125.13 kB
  17. python-sssdconfig-1.13.3-60.AXS4.noarch.rpm
    MD5: 789d2360a61a91f8877dab05c891101a
    SHA-256: c196d7d806b7d7a776adb771cc19a0290367a4aee8a68abe8e06a6f5dc6ed7a1
    Size: 146.07 kB
  18. python-sss-murmur-1.13.3-60.AXS4.x86_64.rpm
    MD5: 6bdae59f48714ef017c53cc641f6f423
    SHA-256: 099a506cf7c291216c1454e805a59dadb22e3767851e7bb7c0e8e9d891c263c5
    Size: 102.64 kB
  19. sssd-1.13.3-60.AXS4.x86_64.rpm
    MD5: d749ede79dba0a36a105bd85fdd7f85e
    SHA-256: 521dcd0f7b211c566afc1813cc3e3c4895403d8ae9b23c07e783e47e8a5b73f9
    Size: 112.89 kB
  20. sssd-ad-1.13.3-60.AXS4.x86_64.rpm
    MD5: 9da5dccd01c0ca31a6f402a13cc3d3b1
    SHA-256: f622a079a4a426c9c97c1de0c313b887ab0ff7f01e8a9e7745fcc6b0e2393f04
    Size: 218.45 kB
  21. sssd-client-1.13.3-60.AXS4.x86_64.rpm
    MD5: 97ea504c3f2408bc0d87cf3b96886e44
    SHA-256: a82bfcb58828b3cee6957baca26acdfc52eb586a7b4ea8458485fdfae5a02f29
    Size: 169.68 kB
  22. sssd-common-1.13.3-60.AXS4.x86_64.rpm
    MD5: fb0f2caa56a28dc3351bf323ec2070ca
    SHA-256: 1e774dbd7287b013505e974a2c2f13b3e30b042504ed3654440c93058e98fd61
    Size: 1.08 MB
  23. sssd-common-pac-1.13.3-60.AXS4.x86_64.rpm
    MD5: 9c963819851f107faec7feb4d2f85a57
    SHA-256: bbb90097c6a1857cb457e59b1e0a1666d6a9739af7bf448140e5d6555b7acbb0
    Size: 152.52 kB
  24. sssd-dbus-1.13.3-60.AXS4.x86_64.rpm
    MD5: aaea68008415849867b417673801dc2b
    SHA-256: df6ec8459923851b3efedfe84bc567f4c2eb6a200782d2bda53ca23c641eb6a9
    Size: 166.66 kB
  25. sssd-ipa-1.13.3-60.AXS4.x86_64.rpm
    MD5: 71905a2049b3df8b564a3fb731672405
    SHA-256: bc1918127500033252447c06e6a1f7843cc2a1d05a04d3e2f3be90a342f9a9ed
    Size: 283.79 kB
  26. sssd-krb5-1.13.3-60.AXS4.x86_64.rpm
    MD5: 41aa9b5444e0fc2ea47bfcb88bd924ff
    SHA-256: 5cf2fdd3079c5dbd95b1e6121bb985cea81ff863fe0e67dd952bc736ee0a938a
    Size: 148.25 kB
  27. sssd-krb5-common-1.13.3-60.AXS4.x86_64.rpm
    MD5: 07ad927dc7d458d90684e8d02ca89150
    SHA-256: 44d6cf4c39092cc753b928d989d31b02cc4e62b3423da2cd9ea7c42577528127
    Size: 169.07 kB
  28. sssd-ldap-1.13.3-60.AXS4.x86_64.rpm
    MD5: 140ed8ea8942597341f0b4bd53b5200b
    SHA-256: 7ec4176784bd5fc6456462f1e95a5a4c9e6ccfdfbaef058cae233ee018586075
    Size: 214.37 kB
  29. sssd-proxy-1.13.3-60.AXS4.x86_64.rpm
    MD5: 7df261036ec6f243296c5d3f62893349
    SHA-256: b04356d1c849aa2ced9dc6ece6bc01a0359957692be3aaa009d9df3be7b283cf
    Size: 142.03 kB
  30. libipa_hbac-1.13.3-60.AXS4.i686.rpm
    MD5: 3c8a2122328fdfe2f264e942234be358
    SHA-256: 1a33e205fa4edcd3dab14b2ba7ee0e70773f9c239de9c0a7e65c25bd97529e67
    Size: 118.14 kB
  31. libsss_idmap-1.13.3-60.AXS4.i686.rpm
    MD5: 76403bf8ebd46715e076e1cba6b4059f
    SHA-256: 77a8be5e43155f677778aeab5db68873dec2621a5c225e921c4fb734385b38d0
    Size: 124.29 kB
  32. sssd-client-1.13.3-60.AXS4.i686.rpm
    MD5: b4c3befa51e4f8b0f134b1d4a5be2c35
    SHA-256: 2683047fadeb1ca25773e1b97e44c7ee57ed15382952605197a69466695411ad
    Size: 169.95 kB