Security update for sssd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:1480-1 Final 1 1 2019-06-12T14:53:18Z current 2019-06-12T14:53:18Z 2019-06-12T14:53:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for sssd This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194) Non-security issues fixed: - Missing GPOs directory could have led to login problems (bsc#1132879) - Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657) - Allow defaults sudoRole without sudoUser attribute (bsc#1135247) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-1480,SUSE-SLE-DESKTOP-12-SP4-2019-1480,SUSE-SLE-SDK-12-SP4-2019-1480,SUSE-SLE-SERVER-12-SP4-2019-1480 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20191480-1/ Link for SUSE-SU-2019:1480-1 https://lists.suse.com/pipermail/sle-security-updates/2019-June/005552.html E-Mail link for SUSE-SU-2019:1480-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1124194 SUSE Bug 1124194 https://bugzilla.suse.com/1132657 SUSE Bug 1132657 https://bugzilla.suse.com/1132879 SUSE Bug 1132879 https://bugzilla.suse.com/1135247 SUSE Bug 1135247 https://www.suse.com/security/cve/CVE-2018-16838/ SUSE CVE CVE-2018-16838 page SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 libipa_hbac-devel-1.16.1-4.12.2 libipa_hbac0-1.16.1-4.12.2 libnfsidmap-sss-1.16.1-4.12.2 libsss_certmap-devel-1.16.1-4.12.2 libsss_certmap0-1.16.1-4.12.2 libsss_idmap-devel-1.16.1-4.12.2 libsss_idmap0-1.16.1-4.12.2 libsss_nss_idmap-devel-1.16.1-4.12.2 libsss_nss_idmap0-1.16.1-4.12.2 libsss_simpleifp-devel-1.16.1-4.12.2 libsss_simpleifp0-1.16.1-4.12.2 python-ipa_hbac-1.16.1-4.12.2 python-sss-murmur-1.16.1-4.12.2 python-sss_nss_idmap-1.16.1-4.12.2 python-sssd-config-1.16.1-4.12.2 sssd-1.16.1-4.12.2 sssd-32bit-1.16.1-4.12.2 sssd-64bit-1.16.1-4.12.2 sssd-ad-1.16.1-4.12.2 sssd-dbus-1.16.1-4.12.2 sssd-ipa-1.16.1-4.12.2 sssd-krb5-1.16.1-4.12.2 sssd-krb5-common-1.16.1-4.12.2 sssd-ldap-1.16.1-4.12.2 sssd-proxy-1.16.1-4.12.2 sssd-tools-1.16.1-4.12.2 libipa_hbac0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 libsss_certmap0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 libsss_idmap0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 libsss_nss_idmap0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 libsss_simpleifp0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 python-sssd-config-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 sssd-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 sssd-32bit-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 sssd-ad-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 sssd-ipa-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 sssd-krb5-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 sssd-krb5-common-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 sssd-ldap-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 sssd-proxy-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 sssd-tools-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Desktop 12 SP4 libipa_hbac0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 libsss_certmap0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 libsss_idmap0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 libsss_nss_idmap0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 libsss_simpleifp0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 python-sssd-config-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 sssd-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 sssd-32bit-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 sssd-ad-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 sssd-ipa-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 sssd-krb5-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 sssd-krb5-common-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 sssd-ldap-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 sssd-proxy-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 sssd-tools-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server 12 SP4 libipa_hbac0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libsss_certmap0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libsss_idmap0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libsss_nss_idmap0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libsss_simpleifp0-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 python-sssd-config-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 sssd-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 sssd-32bit-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 sssd-ad-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 sssd-ipa-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 sssd-krb5-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 sssd-krb5-common-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 sssd-ldap-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 sssd-proxy-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 sssd-tools-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libipa_hbac-devel-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 libsss_idmap-devel-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 libsss_nss_idmap-devel-1.16.1-4.12.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. CVE-2018-16838 SUSE Linux Enterprise Desktop 12 SP4:libipa_hbac0-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:libsss_certmap0-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:libsss_idmap0-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:libsss_nss_idmap0-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:libsss_simpleifp0-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:python-sssd-config-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:sssd-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:sssd-32bit-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:sssd-ad-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:sssd-ipa-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:sssd-krb5-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:sssd-krb5-common-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:sssd-ldap-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:sssd-proxy-1.16.1-4.12.2 SUSE Linux Enterprise Desktop 12 SP4:sssd-tools-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:libipa_hbac0-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:libsss_certmap0-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:libsss_idmap0-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:libsss_nss_idmap0-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:libsss_simpleifp0-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:python-sssd-config-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:sssd-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:sssd-32bit-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:sssd-ad-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:sssd-ipa-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:sssd-krb5-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:sssd-krb5-common-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:sssd-ldap-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:sssd-proxy-1.16.1-4.12.2 SUSE Linux Enterprise Server 12 SP4:sssd-tools-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libipa_hbac0-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libsss_certmap0-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libsss_idmap0-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libsss_nss_idmap0-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libsss_simpleifp0-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-sssd-config-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:sssd-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:sssd-32bit-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:sssd-ad-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:sssd-ipa-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:sssd-krb5-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:sssd-krb5-common-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:sssd-ldap-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:sssd-proxy-1.16.1-4.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP4:sssd-tools-1.16.1-4.12.2 SUSE Linux Enterprise Software Development Kit 12 SP4:libipa_hbac-devel-1.16.1-4.12.2 SUSE Linux Enterprise Software Development Kit 12 SP4:libsss_idmap-devel-1.16.1-4.12.2 SUSE Linux Enterprise Software Development Kit 12 SP4:libsss_nss_idmap-devel-1.16.1-4.12.2 moderate 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20191480-1/ https://www.suse.com/security/cve/CVE-2018-16838.html CVE-2018-16838 https://bugzilla.suse.com/1124194 SUSE Bug 1124194