Security update for sssd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:1477-1 Final 1 1 2019-06-12T13:06:28Z current 2019-06-12T13:06:28Z 2019-06-12T13:06:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for sssd This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194). Non-security issue fixed: - Create directory to download and cache GPOs (bsc#1132879) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-1477,SUSE-SLE-DESKTOP-12-SP3-2019-1477,SUSE-SLE-SDK-12-SP3-2019-1477,SUSE-SLE-SERVER-12-SP3-2019-1477 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20191477-1/ Link for SUSE-SU-2019:1477-1 https://lists.suse.com/pipermail/sle-security-updates/2019-June/005550.html E-Mail link for SUSE-SU-2019:1477-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1124194 SUSE Bug 1124194 https://bugzilla.suse.com/1132879 SUSE Bug 1132879 https://www.suse.com/security/cve/CVE-2018-16838/ SUSE CVE CVE-2018-16838 page SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 libipa_hbac-devel-1.13.4-34.37.1 libipa_hbac0-1.13.4-34.37.1 libsss_idmap-devel-1.13.4-34.37.1 libsss_idmap0-1.13.4-34.37.1 libsss_nss_idmap-devel-1.13.4-34.37.1 libsss_nss_idmap0-1.13.4-34.37.1 libsss_sudo-1.13.4-34.37.1 python-ipa_hbac-1.13.4-34.37.1 python-sss_nss_idmap-1.13.4-34.37.1 python-sssd-config-1.13.4-34.37.1 sssd-1.13.4-34.37.1 sssd-32bit-1.13.4-34.37.1 sssd-64bit-1.13.4-34.37.1 sssd-ad-1.13.4-34.37.1 sssd-ipa-1.13.4-34.37.1 sssd-krb5-1.13.4-34.37.1 sssd-krb5-common-1.13.4-34.37.1 sssd-ldap-1.13.4-34.37.1 sssd-proxy-1.13.4-34.37.1 sssd-tools-1.13.4-34.37.1 libipa_hbac0-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libsss_idmap0-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libsss_nss_idmap0-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libsss_sudo-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 python-sssd-config-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 sssd-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 sssd-ad-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 sssd-ipa-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 sssd-krb5-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 sssd-krb5-common-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 sssd-ldap-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 sssd-proxy-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 sssd-tools-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libipa_hbac0-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 libsss_idmap0-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 libsss_nss_idmap0-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 libsss_sudo-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 python-sssd-config-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 sssd-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 sssd-ad-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 sssd-ipa-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 sssd-krb5-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 sssd-krb5-common-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 sssd-ldap-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 sssd-proxy-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 sssd-tools-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server 12 SP3 libipa_hbac0-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libsss_idmap0-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libsss_nss_idmap0-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libsss_sudo-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 python-sssd-config-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 sssd-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 sssd-ad-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 sssd-ipa-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 sssd-krb5-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 sssd-krb5-common-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 sssd-ldap-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 sssd-proxy-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 sssd-tools-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libipa_hbac-devel-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 libsss_idmap-devel-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 libsss_nss_idmap-devel-1.13.4-34.37.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. CVE-2018-16838 SUSE Linux Enterprise Desktop 12 SP3:libipa_hbac0-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:libsss_idmap0-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:libsss_nss_idmap0-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:libsss_sudo-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:python-sssd-config-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:sssd-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:sssd-ad-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:sssd-ipa-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:sssd-krb5-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:sssd-krb5-common-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:sssd-ldap-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:sssd-proxy-1.13.4-34.37.1 SUSE Linux Enterprise Desktop 12 SP3:sssd-tools-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:libipa_hbac0-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:libsss_idmap0-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:libsss_nss_idmap0-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:libsss_sudo-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:python-sssd-config-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:sssd-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:sssd-ad-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:sssd-ipa-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:sssd-krb5-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:sssd-krb5-common-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:sssd-ldap-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:sssd-proxy-1.13.4-34.37.1 SUSE Linux Enterprise Server 12 SP3:sssd-tools-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libipa_hbac0-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libsss_idmap0-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libsss_nss_idmap0-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libsss_sudo-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-sssd-config-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:sssd-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:sssd-ad-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:sssd-ipa-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:sssd-krb5-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:sssd-krb5-common-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:sssd-ldap-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:sssd-proxy-1.13.4-34.37.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:sssd-tools-1.13.4-34.37.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libipa_hbac-devel-1.13.4-34.37.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libsss_idmap-devel-1.13.4-34.37.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libsss_nss_idmap-devel-1.13.4-34.37.1 moderate 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20191477-1/ https://www.suse.com/security/cve/CVE-2018-16838.html CVE-2018-16838 https://bugzilla.suse.com/1124194 SUSE Bug 1124194