Red Hat Local Security Checks : RedHat Update for sssd RHSA-2015:2355-01

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.871488

Kategorie: Red Hat Local Security Checks

Titel: RedHat Update for sssd RHSA-2015:2355-01

Zusammenfassung: The remote host is missing an update for the 'sssd'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'sssd'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The System Security Services Daemon (SSSD)
service provides a set of daemons to manage access to remote directories and
authentication mechanisms.

It was found that SSSD's Privilege Attribute Certificate (PAC) responder
plug-in would leak a small amount of memory on each authentication request.
A remote attacker could potentially use this flaw to exhaust all available
memory on the system by making repeated requests to a Kerberized daemon
application configured to authenticate using the PAC responder plug-in.
(CVE-2015-5292)

The sssd packages have been upgraded to upstream version 1.13.0, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#1205554)

Several enhancements are described in the Red Hat Enterprise Linux 7.2
Release Notes, linked to in the References section:

* SSSD smart card support (BZ#854396)

* Cache authentication in SSSD (BZ#910187)

* SSSD supports overriding automatically discovered AD site (BZ#1163806)

* SSSD can now deny SSH access to locked accounts (BZ#1175760)

* SSSD enables UID and GID mapping on individual clients (BZ#1183747)

* Background refresh of cached entries (BZ#1199533)

* Multi-step prompting for one-time and long-term passwords (BZ#1200873)

* Caching for initgroups operations (BZ#1206575)

Bugs fixed:

* When the SELinux user content on an IdM server was set to an empty
string, the SSSD SELinux evaluation utility returned an error. (BZ#1192314)

* If the ldap_child process failed to initialize credentials and exited
with an error multiple times, operations that create files in some cases
started failing due to an insufficient amount of i-nodes. (BZ#1198477)

* The SRV queries used a hard coded TTL timeout, and environments that
wanted the SRV queries to be valid for a certain time only were blocked.
Now, SSSD parses the TTL value out of the DNS packet. (BZ#1199541)

* Previously, initgroups operation took an excessive amount of time. Now,
logins and ID processing are faster for setups with AD back end and
disabled ID mapping. (BZ#1201840)

* When an IdM client with Red Hat Enterprise Linux 7.1 or later was
connecting to a server with Red Hat Enterprise Linux 7.0 or earlier,
authentication with an AD trusted domain caused the sssd_be process to
terminate unexpectedly. (BZ#1202170)

* If replication conflict entries appeared during HBAC processing, the user
was denied access. Now, the replication conflict entries are skipped and
users are permitted access. (BZ#1202245)

* The array of SIDs no longer contains an uninitialized value and SSSD no
longer crashes. (BZ#1204203)

* SSSD supports GPOs from diffe ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
sssd on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-5292
1034038
http://www.securitytracker.com/id/1034038
77529
http://www.securityfocus.com/bid/77529
FEDORA-2015-202c127199
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html
FEDORA-2015-7b47df69d3
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html
FEDORA-2015-cdea5324a8
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html
RHSA-2015:2019
http://rhn.redhat.com/errata/RHSA-2015-2019.html
RHSA-2015:2355
http://rhn.redhat.com/errata/RHSA-2015-2355.html
[sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)
http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1267580
https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch
https://fedorahosted.org/sssd/ticket/2803
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.871488
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Update for sssd RHSA-2015:2355-01
Zusammenfassung:	The remote host is missing an update for the 'sssd'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'sssd' package(s) announced via the referenced advisory. Vulnerability Insight: The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) The sssd packages have been upgraded to upstream version 1.13.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#1205554) Several enhancements are described in the Red Hat Enterprise Linux 7.2 Release Notes, linked to in the References section: * SSSD smart card support (BZ#854396) * Cache authentication in SSSD (BZ#910187) * SSSD supports overriding automatically discovered AD site (BZ#1163806) * SSSD can now deny SSH access to locked accounts (BZ#1175760) * SSSD enables UID and GID mapping on individual clients (BZ#1183747) * Background refresh of cached entries (BZ#1199533) * Multi-step prompting for one-time and long-term passwords (BZ#1200873) * Caching for initgroups operations (BZ#1206575) Bugs fixed: * When the SELinux user content on an IdM server was set to an empty string, the SSSD SELinux evaluation utility returned an error. (BZ#1192314) * If the ldap_child process failed to initialize credentials and exited with an error multiple times, operations that create files in some cases started failing due to an insufficient amount of i-nodes. (BZ#1198477) * The SRV queries used a hard coded TTL timeout, and environments that wanted the SRV queries to be valid for a certain time only were blocked. Now, SSSD parses the TTL value out of the DNS packet. (BZ#1199541) * Previously, initgroups operation took an excessive amount of time. Now, logins and ID processing are faster for setups with AD back end and disabled ID mapping. (BZ#1201840) * When an IdM client with Red Hat Enterprise Linux 7.1 or later was connecting to a server with Red Hat Enterprise Linux 7.0 or earlier, authentication with an AD trusted domain caused the sssd_be process to terminate unexpectedly. (BZ#1202170) * If replication conflict entries appeared during HBAC processing, the user was denied access. Now, the replication conflict entries are skipped and users are permitted access. (BZ#1202245) * The array of SIDs no longer contains an uninitialized value and SSSD no longer crashes. (BZ#1204203) * SSSD supports GPOs from diffe ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: sssd on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5292 1034038 http://www.securitytracker.com/id/1034038 77529 http://www.securityfocus.com/bid/77529 FEDORA-2015-202c127199 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html FEDORA-2015-7b47df69d3 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html FEDORA-2015-cdea5324a8 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html RHSA-2015:2019 http://rhn.redhat.com/errata/RHSA-2015-2019.html RHSA-2015:2355 http://rhn.redhat.com/errata/RHSA-2015-2355.html [sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292) http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1267580 https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch https://fedorahosted.org/sssd/ticket/2803 https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
Copyright	Copyright (C) 2015 Greenbone AG