Package "sssd-ldap"

Name: sssd-ldap


System Security Services Daemon -- LDAP back end

Latest version: 1.16.1-1ubuntu1.8
Release: bionic (18.04)
Level: updates
Repository: main
Head package: sssd
Homepage: https://pagure.io/SSSD/sssd/


Download "sssd-ldap"

Other versions of "sssd-ldap" in Bionic

Repository Area Version
base main 1.16.1-1ubuntu1
security main 1.16.1-1ubuntu1.8


Version: 1.16.1-1ubuntu1.8 2021-09-08 15:06:17 UTC

  sssd (1.16.1-1ubuntu1.8) bionic-security; urgency=medium

  * SECURITY UPDATE: sudo rules read issue
    - debian/patches/CVE-2018-10852.patch: create the socket with stricter
      permissions in src/responder/sudo/sudosrv.c,
    - CVE-2018-10852
  * SECURITY UPDATE: permissions issue in GPO implementation
    - debian/patches/CVE-2018-16838.patch: add option
      ad_gpo_ignore_unreadable in src/config/cfg_rules.ini,
      src/man/sssd-ad.5.xml, src/providers/ad/ad_common.h,
      src/providers/ad/ad_gpo.c, src/providers/ad/ad_opts.c.
    - CVE-2018-16838
  * SECURITY UPDATE: sssd returns / for emtpy home directories
    - debian/patches/CVE-2019-3811.patch: return empty string in
      src/confdb/confdb.c, src/man/include/ad_modified_defaults.xml,
    - CVE-2019-3811
  * SECURITY UPDATE: shell command injection in sssctl comment
    - debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
      avoid execution of user supplied command in
      src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
      src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
    - CVE-2021-3621

 -- Marc Deslauriers <email address hidden> Wed, 18 Aug 2021 08:31:06 -0400

Source diff to previous version
CVE-2018-10852 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can s
CVE-2018-16838 A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the ser
CVE-2019-3811 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the
CVE-2021-3621 shell command injection in sssctl

Version: 1.16.1-1ubuntu1.7 2020-12-01 19:06:26 UTC

  sssd (1.16.1-1ubuntu1.7) bionic; urgency=medium

  * Enable support for "ad_use_ldaps" for new Active Directory
    requirement ADV190023 (LP: #1868703):
    - d/p/lp-1868703-01-sdap-inherit-SDAP_SASL_MECH-if-not-set-explicitly.patch
    - d/p/lp-1868703-02-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch
    - d/p/lp-1868703-03-ad-add-ad_use_ldaps.patch
    - d/p/lp-1868703-04-ldap-add-new-option-ldap_sasl_maxssf.patch
    - d/p/lp-1868703-05-ad-set-min-and-max-ssf-for-ldaps.patch

 -- Matthew Ruffell <email address hidden> Tue, 10 Nov 2020 12:10:04 +1300

Source diff to previous version

Version: 1.16.1-1ubuntu1.6 2020-06-09 14:07:18 UTC

  sssd (1.16.1-1ubuntu1.6) bionic; urgency=medium

  * d/p/monitor-propagate-error.patch,
    d/p/monitor-resolve-symlinks.patch: correctly monitor the
    /etc/resolv.conf symlink when its target changes from a non-existent
    file to one that exists (LP: #1723350)

 -- Andreas Hasenack <email address hidden> Mon, 11 May 2020 17:42:04 -0300

Source diff to previous version
1723350 sssd offline on boot, stays offline forever

Version: 1.16.1-1ubuntu1.5 2020-03-16 20:06:23 UTC

  sssd (1.16.1-1ubuntu1.5) bionic; urgency=medium

  * d/control: sssd-tools: Add missing python-sss dependency. (LP: #1862226)

 -- Dan Hill <email address hidden> Wed, 19 Feb 2020 16:17:19 -0700

Source diff to previous version
1862226 /usr/sbin/sss_obfuscate fails to run: ImportError: No module named pysss

Version: 1.16.1-1ubuntu1.4 2019-09-11 17:06:42 UTC
No changelog available yet.

About   -   Send Feedback to @ubuntu_updates