Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-2355)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.122786

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2015-2355)

Zusammenfassung: The remote host is missing an update for the 'sssd' package(s) announced via the ELSA-2015-2355 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'sssd' package(s) announced via the ELSA-2015-2355 advisory.

Vulnerability Insight:
[1.13.0-40]
- Resolves: rhbz#1270827 - local overrides: don't contact server with
overridden name/id

[1.13.0-39]
- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step

[1.13.0-38]
- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.

[1.13.0-37]
- Resolves: rhbz#1267836 - PAM responder crashed if user was not set

[1.13.0-36]
- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on
uninitialised value

[1.13.0-35]
- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA
subdomain code

[1.13.0-34]
- Fix a Coverity warning in dyndns code
- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead
of processing other commands

[1.13.0-33]
- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead
of processing other commands

[1.13.0-32]
- Resolves: rhbz#1263735 - Could not resolve AD user from root domain

[1.13.0-31]
- Remove -d from sss_override manpage
- Related: rhbz#1259512 - sss_override : The local override user is not found

[1.13.0-30]
- Patches required for better handling of failover with one-way trusts
- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain
code

[1.13.0-29]
- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307
and ghost users

[1.13.0-28]
- Resolves: rhbz#1259512 - sss_override : The local override user is not found

[1.13.0-27]
- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code

[1.13.0-26]
- Resolves: rhbz#1256398 - sssd cannot resolve user names containing
backslash with ldap provider

[1.13.0-25]
- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug
but is not listed in the man page or in
the arguments help

[1.13.0-24]
- Resolves: rhbz#1254518 - Fix crash in nss responder

[1.13.0-23]
- Support import/export for local overrides
- Support FQDNs for local overrides
- Resolves: rhbz#1254184 - sss_override does not work correctly when
'use_fully_qualified_names = True'

[1.13.0-22]
- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to
other cache attributes

[1.13.0-21]
- Resolves: rhbz#1250415 - sssd: p11_child hardening

[1.13.0-20]
- Related: rhbz#1250135 - Detect re-established trusts in the IPA
subdomain code

[1.13.0-19]
- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC
identity certificates

[1.13.0-18]
- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected

[1.13.0-17]
- Fix wildcard_limit=0
- Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface

[1.13.0-16]
- Fix race condition in invalidating the memory cache
- Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups

[1.13.0-15]
- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo
enabled

[1.13.0-14]
- Bump release number
- Related: rhbz#1246489 - sss_obfuscate fails with 'ImportError: No module
named ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'sssd' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-5292
1034038
http://www.securitytracker.com/id/1034038
77529
http://www.securityfocus.com/bid/77529
FEDORA-2015-202c127199
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html
FEDORA-2015-7b47df69d3
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html
FEDORA-2015-cdea5324a8
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html
RHSA-2015:2019
http://rhn.redhat.com/errata/RHSA-2015-2019.html
RHSA-2015:2355
http://rhn.redhat.com/errata/RHSA-2015-2355.html
[sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)
http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1267580
https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch
https://fedorahosted.org/sssd/ticket/2803
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.122786
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2015-2355)
Zusammenfassung:	The remote host is missing an update for the 'sssd' package(s) announced via the ELSA-2015-2355 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'sssd' package(s) announced via the ELSA-2015-2355 advisory. Vulnerability Insight: [1.13.0-40] - Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id [1.13.0-39] - Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step [1.13.0-38] - Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth. [1.13.0-37] - Resolves: rhbz#1267836 - PAM responder crashed if user was not set [1.13.0-36] - Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value [1.13.0-35] - Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code [1.13.0-34] - Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands [1.13.0-33] - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands [1.13.0-32] - Resolves: rhbz#1263735 - Could not resolve AD user from root domain [1.13.0-31] - Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found [1.13.0-30] - Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code [1.13.0-29] - Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users [1.13.0-28] - Resolves: rhbz#1259512 - sss_override : The local override user is not found [1.13.0-27] - Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code [1.13.0-26] - Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider [1.13.0-25] - Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help [1.13.0-24] - Resolves: rhbz#1254518 - Fix crash in nss responder [1.13.0-23] - Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True' [1.13.0-22] - Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes [1.13.0-21] - Resolves: rhbz#1250415 - sssd: p11_child hardening [1.13.0-20] - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code [1.13.0-19] - Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates [1.13.0-18] - Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected [1.13.0-17] - Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface [1.13.0-16] - Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups [1.13.0-15] - Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled [1.13.0-14] - Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with 'ImportError: No module named ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'sssd' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5292 1034038 http://www.securitytracker.com/id/1034038 77529 http://www.securityfocus.com/bid/77529 FEDORA-2015-202c127199 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html FEDORA-2015-7b47df69d3 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html FEDORA-2015-cdea5324a8 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html RHSA-2015:2019 http://rhn.redhat.com/errata/RHSA-2015-2019.html RHSA-2015:2355 http://rhn.redhat.com/errata/RHSA-2015-2355.html [sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292) http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1267580 https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch https://fedorahosted.org/sssd/ticket/2803 https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
Copyright	Copyright (C) 2015 Greenbone AG