Package "sssd-proxy"

Name: sssd-proxy


System Security Services Daemon -- proxy back end

Latest version: 1.16.1-1ubuntu1.8
Release: bionic (18.04)
Level: security
Repository: main
Head package: sssd
Homepage: https://pagure.io/SSSD/sssd/


Download "sssd-proxy"

Other versions of "sssd-proxy" in Bionic

Repository Area Version
base main 1.16.1-1ubuntu1
updates main 1.16.1-1ubuntu1.8


Version: 1.16.1-1ubuntu1.8 2021-09-08 13:06:37 UTC

  sssd (1.16.1-1ubuntu1.8) bionic-security; urgency=medium

  * SECURITY UPDATE: sudo rules read issue
    - debian/patches/CVE-2018-10852.patch: create the socket with stricter
      permissions in src/responder/sudo/sudosrv.c,
    - CVE-2018-10852
  * SECURITY UPDATE: permissions issue in GPO implementation
    - debian/patches/CVE-2018-16838.patch: add option
      ad_gpo_ignore_unreadable in src/config/cfg_rules.ini,
      src/man/sssd-ad.5.xml, src/providers/ad/ad_common.h,
      src/providers/ad/ad_gpo.c, src/providers/ad/ad_opts.c.
    - CVE-2018-16838
  * SECURITY UPDATE: sssd returns / for emtpy home directories
    - debian/patches/CVE-2019-3811.patch: return empty string in
      src/confdb/confdb.c, src/man/include/ad_modified_defaults.xml,
    - CVE-2019-3811
  * SECURITY UPDATE: shell command injection in sssctl comment
    - debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
      avoid execution of user supplied command in
      src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
      src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
    - CVE-2021-3621

 -- Marc Deslauriers <email address hidden> Wed, 18 Aug 2021 08:31:06 -0400

Source diff to previous version
CVE-2018-10852 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can s
CVE-2018-16838 A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the ser
CVE-2019-3811 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the
CVE-2021-3621 shell command injection in sssctl

Version: 1.16.1-1ubuntu1.7 2020-12-03 13:07:05 UTC

  sssd (1.16.1-1ubuntu1.7) bionic; urgency=medium

  * Enable support for "ad_use_ldaps" for new Active Directory
    requirement ADV190023 (LP: #1868703):
    - d/p/lp-1868703-01-sdap-inherit-SDAP_SASL_MECH-if-not-set-explicitly.patch
    - d/p/lp-1868703-02-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch
    - d/p/lp-1868703-03-ad-add-ad_use_ldaps.patch
    - d/p/lp-1868703-04-ldap-add-new-option-ldap_sasl_maxssf.patch
    - d/p/lp-1868703-05-ad-set-min-and-max-ssf-for-ldaps.patch

 -- Matthew Ruffell <email address hidden> Tue, 10 Nov 2020 12:10:04 +1300

About   -   Send Feedback to @ubuntu_updates