Mailinglist Archive: opensuse-updates (114 mails)

< Previous Next >
openSUSE-SU-2014:1407-1: moderate: sssd: security and bugfix update to 1.12.2
openSUSE Security Update: sssd: security and bugfix update to 1.12.2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:1407-1
Rating: moderate
References: #900159
Cross-References: CVE-2014-0249
Affected Products:
openSUSE 13.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:


sssd was updated to new upstream release 1.12.2 (bugfix release,
bnc#900159)

Changes:
* Fixed a regression where the IPA provider did not fetch User Private
Groups correctly
* An important bug in the GPO access control which resulted in a wrong
principal being used, was fixed.
* Several new options are available for deployments that need to restrict
a certain PAM service from connecting to a certain SSSD domain. For more
details, see the description of pam_trusted_users and pam_public_domains
options in the sssd.conf(5) man page and the domains option in the
pam_sss(8) man page.
* When SSSD is acting as an IPA client in setup with trusted AD domains,
it is able to return group members or full group memberships for users
from trusted AD domains.
* Support for the "views" feature of IPA.

* The GPO access control was further enhanced to allow the access control
decisions while offline and map the Windows logon rights onto Linux PAM
services.
* The SSSD now ships a plugin for the rpc.idmapd daemon, sss_rpcidmapd(5).
* A MIT Kerberos localauth plugin was added to SSSD. This plugin helps
translating principals to user names in IPA-AD trust scenarios, allowing
the krb5.conf configuration to be less complex.
* A libwbclient plugin implementation is now part of the SSSD. The main
purpose is to map Active Directory users and groups identified by their
SID to POSIX users and groups for the file-server use-case.
* Active Directory users ca nnow use their User Logon Name to log in.
* The sss_cache tool was enhanced to allow invalidating the SSH host keys.
* Groups without full POSIX information can now be used to enroll group
membership (CVE-2014-0249).
* Detection of transition from offline to online state was improved,
resulting in fewer timeouts when SSSD is offline.
* The Active Directory provider now correctly detects Windows Server 2012
R2. Previous versions would fall back to the slower non-AD path with
2012 R2.
* Several other bugs related to deployments where SSSD is acting as an AD
client were fixed.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2014-658

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

libipa_hbac-devel-1.12.2-3.4.1
libipa_hbac0-1.12.2-3.4.1
libipa_hbac0-debuginfo-1.12.2-3.4.1
libnfsidmap-sss-1.12.2-3.4.1
libnfsidmap-sss-debuginfo-1.12.2-3.4.1
libsss_idmap-devel-1.12.2-3.4.1
libsss_idmap0-1.12.2-3.4.1
libsss_idmap0-debuginfo-1.12.2-3.4.1
libsss_nss_idmap-devel-1.12.2-3.4.1
libsss_nss_idmap0-1.12.2-3.4.1
libsss_nss_idmap0-debuginfo-1.12.2-3.4.1
libsss_simpleifp-devel-1.12.2-3.4.1
libsss_simpleifp0-1.12.2-3.4.1
libsss_simpleifp0-debuginfo-1.12.2-3.4.1
libsss_sudo-1.12.2-3.4.1
libsss_sudo-debuginfo-1.12.2-3.4.1
python-ipa_hbac-1.12.2-3.4.1
python-ipa_hbac-debuginfo-1.12.2-3.4.1
python-sss_nss_idmap-1.12.2-3.4.1
python-sss_nss_idmap-debuginfo-1.12.2-3.4.1
python-sssd-config-1.12.2-3.4.1
python-sssd-config-debuginfo-1.12.2-3.4.1
sssd-1.12.2-3.4.1
sssd-ad-1.12.2-3.4.1
sssd-ad-debuginfo-1.12.2-3.4.1
sssd-dbus-1.12.2-3.4.1
sssd-dbus-debuginfo-1.12.2-3.4.1
sssd-debuginfo-1.12.2-3.4.1
sssd-debugsource-1.12.2-3.4.1
sssd-ipa-1.12.2-3.4.1
sssd-ipa-debuginfo-1.12.2-3.4.1
sssd-krb5-1.12.2-3.4.1
sssd-krb5-common-1.12.2-3.4.1
sssd-krb5-common-debuginfo-1.12.2-3.4.1
sssd-krb5-debuginfo-1.12.2-3.4.1
sssd-ldap-1.12.2-3.4.1
sssd-ldap-debuginfo-1.12.2-3.4.1
sssd-proxy-1.12.2-3.4.1
sssd-proxy-debuginfo-1.12.2-3.4.1
sssd-tools-1.12.2-3.4.1
sssd-tools-debuginfo-1.12.2-3.4.1
sssd-wbclient-1.12.2-3.4.1
sssd-wbclient-debuginfo-1.12.2-3.4.1
sssd-wbclient-devel-1.12.2-3.4.1

- openSUSE 13.2 (x86_64):

sssd-32bit-1.12.2-3.4.1
sssd-debuginfo-32bit-1.12.2-3.4.1


References:

http://support.novell.com/security/cve/CVE-2014-0249.html
https://bugzilla.suse.com/show_bug.cgi?id=900159


< Previous Next >
This Thread
  • No further messages