Scientific Linux alert SL-sssd-20110721 (sssd) [LWN.net]


From:
    	       Troy Dawson <dawson@fnal.gov> 
To:
    	       "scientific-linux-errata@fnal.gov" <scientific-linux-errata@fnal.gov> 
Subject:
    	       Security ERRATA Low: sssd on SL5.x i386/x86_64 
Date:
    	       Tue, 23 Aug 2011 12:21:01 -0500
Message-ID:
    	       <4E53E17D.6060908@fnal.gov>
Archive-link:
    	       Article, Thread
              
Synopsis:    Low: sssd security, bug fix, and enhancement update
Issue Date:  2011-07-21
CVE Numbers: CVE-2010-4341


The System Security Services Daemon (SSSD) provides a set of daemons to
manage access to remote directories and authentication mechanisms. It
provides an NSS and PAM interface toward the system and a pluggable
back-end system to connect to multiple different account sources. It is
also the basis to provide client auditing and policy services for 
projects such as FreeIPA.

A flaw was found in the SSSD PAM responder that could allow a local
attacker to force SSSD to enter an infinite loop via a carefully-crafted
packet. With SSSD unresponsive, legitimate users could be denied the
ability to log in to the system. (CVE-2010-4341)

These updated sssd packages include a number of bug fixes and 
enhancements. Space precludes documenting all of these changes in this 
advisory.

All sssd users are advised to upgrade to these updated sssd packages, 
which upgrade SSSD to upstream version 1.5.1 to correct this issue, and 
fix the bugs and add the enhancements noted in the Technical Notes.

SL5:
   i386
      sssd-1.5.1-37.el5.i386.rpm
      sssd-client-1.5.1-37.el5.i386.rpm
      sssd-tools-1.5.1-37.el5.i386.rpm
   Dependancies:
c-ares-1.6.0-5.el5.i386.rpm
c-ares-devel-1.6.0-5.el5.i386.rpm
libcollection-0.6.0-10.el5.i386.rpm
libcollection-devel-0.6.0-10.el5.i386.rpm
libdhash-0.4.2-10.el5.i386.rpm
libdhash-devel-0.4.2-10.el5.i386.rpm
libini_config-0.6.1-10.el5.i386.rpm
libini_config-devel-0.6.1-10.el5.i386.rpm
libldb-0.9.10-33.el5.i386.rpm
libldb-devel-0.9.10-33.el5.i386.rpm
libpath_utils-0.2.1-10.el5.i386.rpm
libpath_utils-devel-0.2.1-10.el5.i386.rpm
libref_array-0.1.1-10.el5.i386.rpm
libref_array-devel-0.1.1-10.el5.i386.rpm
libtevent-0.9.8-10.el5.i386.rpm
libtevent-devel-0.9.8-10.el5.i386.rpm
openldap24-libs-2.4.23-5.el5.i386.rpm
openldap24-libs-devel-2.4.23-5.el5.i386.rpm

   x86_64
      sssd-1.5.1-37.el5.x86_64.rpm
      sssd-client-1.5.1-37.el5.i386.rpm
      sssd-client-1.5.1-37.el5.x86_64.rpm
      sssd-tools-1.5.1-37.el5.x86_64.rpm
   Dependancies:
c-ares-1.6.0-5.el5.i386.rpm
c-ares-1.6.0-5.el5.x86_64.rpm
c-ares-devel-1.6.0-5.el5.i386.rpm
c-ares-devel-1.6.0-5.el5.x86_64.rpm
libcollection-0.6.0-10.el5.i386.rpm
libcollection-0.6.0-10.el5.x86_64.rpm
libcollection-devel-0.6.0-10.el5.i386.rpm
libcollection-devel-0.6.0-10.el5.x86_64.rpm
libdhash-0.4.2-10.el5.i386.rpm
libdhash-0.4.2-10.el5.x86_64.rpm
libdhash-devel-0.4.2-10.el5.i386.rpm
libdhash-devel-0.4.2-10.el5.x86_64.rpm
libini_config-0.6.1-10.el5.i386.rpm
libini_config-0.6.1-10.el5.x86_64.rpm
libini_config-devel-0.6.1-10.el5.i386.rpm
libini_config-devel-0.6.1-10.el5.x86_64.rpm
libldb-0.9.10-33.el5.i386.rpm
libldb-0.9.10-33.el5.x86_64.rpm
libldb-devel-0.9.10-33.el5.i386.rpm
libldb-devel-0.9.10-33.el5.x86_64.rpm
libpath_utils-0.2.1-10.el5.i386.rpm
libpath_utils-0.2.1-10.el5.x86_64.rpm
libpath_utils-devel-0.2.1-10.el5.i386.rpm
libpath_utils-devel-0.2.1-10.el5.x86_64.rpm
libref_array-0.1.1-10.el5.i386.rpm
libref_array-0.1.1-10.el5.x86_64.rpm
libref_array-devel-0.1.1-10.el5.i386.rpm
libref_array-devel-0.1.1-10.el5.x86_64.rpm
libtevent-0.9.8-10.el5.i386.rpm
libtevent-0.9.8-10.el5.x86_64.rpm
libtevent-devel-0.9.8-10.el5.i386.rpm
libtevent-devel-0.9.8-10.el5.x86_64.rpm
openldap24-libs-2.4.23-5.el5.x86_64.rpm
openldap24-libs-devel-2.4.23-5.el5.x86_64.rpm


- Scientific Linux Development Team
(Log in to post comments)