libipa_hbac-devel-1.14.2-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10427 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libipa_hbac-devel-1.14.2-3.1 on GA media These are all security issues fixed in the libipa_hbac-devel-1.14.2-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10427 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10427 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-4341/ SUSE CVE CVE-2010-4341 page https://www.suse.com/security/cve/CVE-2011-1758/ SUSE CVE CVE-2011-1758 page https://www.suse.com/security/cve/CVE-2013-0219/ SUSE CVE CVE-2013-0219 page https://www.suse.com/security/cve/CVE-2013-0220/ SUSE CVE CVE-2013-0220 page https://www.suse.com/security/cve/CVE-2013-0287/ SUSE CVE CVE-2013-0287 page https://www.suse.com/security/cve/CVE-2014-0249/ SUSE CVE CVE-2014-0249 page openSUSE Tumbleweed libipa_hbac-devel-1.14.2-3.1 libipa_hbac0-1.14.2-3.1 libnfsidmap-sss-1.14.2-3.1 libsss_idmap-devel-1.14.2-3.1 libsss_idmap0-1.14.2-3.1 libsss_nss_idmap-devel-1.14.2-3.1 libsss_nss_idmap0-1.14.2-3.1 libsss_simpleifp-devel-1.14.2-3.1 libsss_simpleifp0-1.14.2-3.1 python-ipa_hbac-1.14.2-3.1 python-sss-murmur-1.14.2-3.1 python-sss_nss_idmap-1.14.2-3.1 python-sssd-config-1.14.2-3.1 python3-ipa_hbac-1.14.2-3.1 python3-sss-murmur-1.14.2-3.1 python3-sss_nss_idmap-1.14.2-3.1 python3-sssd-config-1.14.2-3.1 sssd-1.14.2-3.1 sssd-32bit-1.14.2-3.1 sssd-ad-1.14.2-3.1 sssd-dbus-1.14.2-3.1 sssd-ipa-1.14.2-3.1 sssd-krb5-1.14.2-3.1 sssd-krb5-common-1.14.2-3.1 sssd-ldap-1.14.2-3.1 sssd-proxy-1.14.2-3.1 sssd-tools-1.14.2-3.1 sssd-wbclient-1.14.2-3.1 sssd-wbclient-devel-1.14.2-3.1 sssd-winbind-idmap-1.14.2-3.1 libipa_hbac-devel-1.14.2-3.1 as a component of openSUSE Tumbleweed libipa_hbac0-1.14.2-3.1 as a component of openSUSE Tumbleweed libnfsidmap-sss-1.14.2-3.1 as a component of openSUSE Tumbleweed libsss_idmap-devel-1.14.2-3.1 as a component of openSUSE Tumbleweed libsss_idmap0-1.14.2-3.1 as a component of openSUSE Tumbleweed libsss_nss_idmap-devel-1.14.2-3.1 as a component of openSUSE Tumbleweed libsss_nss_idmap0-1.14.2-3.1 as a component of openSUSE Tumbleweed libsss_simpleifp-devel-1.14.2-3.1 as a component of openSUSE Tumbleweed libsss_simpleifp0-1.14.2-3.1 as a component of openSUSE Tumbleweed python-ipa_hbac-1.14.2-3.1 as a component of openSUSE Tumbleweed python-sss-murmur-1.14.2-3.1 as a component of openSUSE Tumbleweed python-sss_nss_idmap-1.14.2-3.1 as a component of openSUSE Tumbleweed python-sssd-config-1.14.2-3.1 as a component of openSUSE Tumbleweed python3-ipa_hbac-1.14.2-3.1 as a component of openSUSE Tumbleweed python3-sss-murmur-1.14.2-3.1 as a component of openSUSE Tumbleweed python3-sss_nss_idmap-1.14.2-3.1 as a component of openSUSE Tumbleweed python3-sssd-config-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-32bit-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-ad-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-dbus-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-ipa-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-krb5-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-krb5-common-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-ldap-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-proxy-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-tools-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-wbclient-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-wbclient-devel-1.14.2-3.1 as a component of openSUSE Tumbleweed sssd-winbind-idmap-1.14.2-3.1 as a component of openSUSE Tumbleweed The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. CVE-2010-4341 openSUSE Tumbleweed:libipa_hbac-devel-1.14.2-3.1 openSUSE Tumbleweed:libipa_hbac0-1.14.2-3.1 openSUSE Tumbleweed:libnfsidmap-sss-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp0-1.14.2-3.1 openSUSE Tumbleweed:python-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:python3-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python3-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python3-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python3-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:sssd-1.14.2-3.1 openSUSE Tumbleweed:sssd-32bit-1.14.2-3.1 openSUSE Tumbleweed:sssd-ad-1.14.2-3.1 openSUSE Tumbleweed:sssd-dbus-1.14.2-3.1 openSUSE Tumbleweed:sssd-ipa-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-common-1.14.2-3.1 openSUSE Tumbleweed:sssd-ldap-1.14.2-3.1 openSUSE Tumbleweed:sssd-proxy-1.14.2-3.1 openSUSE Tumbleweed:sssd-tools-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-devel-1.14.2-3.1 openSUSE Tumbleweed:sssd-winbind-idmap-1.14.2-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4341.html CVE-2010-4341 https://bugzilla.suse.com/660481 SUSE Bug 660481 The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. CVE-2011-1758 openSUSE Tumbleweed:libipa_hbac-devel-1.14.2-3.1 openSUSE Tumbleweed:libipa_hbac0-1.14.2-3.1 openSUSE Tumbleweed:libnfsidmap-sss-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp0-1.14.2-3.1 openSUSE Tumbleweed:python-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:python3-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python3-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python3-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python3-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:sssd-1.14.2-3.1 openSUSE Tumbleweed:sssd-32bit-1.14.2-3.1 openSUSE Tumbleweed:sssd-ad-1.14.2-3.1 openSUSE Tumbleweed:sssd-dbus-1.14.2-3.1 openSUSE Tumbleweed:sssd-ipa-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-common-1.14.2-3.1 openSUSE Tumbleweed:sssd-ldap-1.14.2-3.1 openSUSE Tumbleweed:sssd-proxy-1.14.2-3.1 openSUSE Tumbleweed:sssd-tools-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-devel-1.14.2-3.1 openSUSE Tumbleweed:sssd-winbind-idmap-1.14.2-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1758.html CVE-2011-1758 https://bugzilla.suse.com/691135 SUSE Bug 691135 System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. CVE-2013-0219 openSUSE Tumbleweed:libipa_hbac-devel-1.14.2-3.1 openSUSE Tumbleweed:libipa_hbac0-1.14.2-3.1 openSUSE Tumbleweed:libnfsidmap-sss-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp0-1.14.2-3.1 openSUSE Tumbleweed:python-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:python3-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python3-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python3-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python3-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:sssd-1.14.2-3.1 openSUSE Tumbleweed:sssd-32bit-1.14.2-3.1 openSUSE Tumbleweed:sssd-ad-1.14.2-3.1 openSUSE Tumbleweed:sssd-dbus-1.14.2-3.1 openSUSE Tumbleweed:sssd-ipa-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-common-1.14.2-3.1 openSUSE Tumbleweed:sssd-ldap-1.14.2-3.1 openSUSE Tumbleweed:sssd-proxy-1.14.2-3.1 openSUSE Tumbleweed:sssd-tools-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-devel-1.14.2-3.1 openSUSE Tumbleweed:sssd-winbind-idmap-1.14.2-3.1 moderate 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0219.html CVE-2013-0219 https://bugzilla.suse.com/801036 SUSE Bug 801036 The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet. CVE-2013-0220 openSUSE Tumbleweed:libipa_hbac-devel-1.14.2-3.1 openSUSE Tumbleweed:libipa_hbac0-1.14.2-3.1 openSUSE Tumbleweed:libnfsidmap-sss-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp0-1.14.2-3.1 openSUSE Tumbleweed:python-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:python3-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python3-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python3-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python3-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:sssd-1.14.2-3.1 openSUSE Tumbleweed:sssd-32bit-1.14.2-3.1 openSUSE Tumbleweed:sssd-ad-1.14.2-3.1 openSUSE Tumbleweed:sssd-dbus-1.14.2-3.1 openSUSE Tumbleweed:sssd-ipa-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-common-1.14.2-3.1 openSUSE Tumbleweed:sssd-ldap-1.14.2-3.1 openSUSE Tumbleweed:sssd-proxy-1.14.2-3.1 openSUSE Tumbleweed:sssd-tools-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-devel-1.14.2-3.1 openSUSE Tumbleweed:sssd-winbind-idmap-1.14.2-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0220.html CVE-2013-0220 https://bugzilla.suse.com/801036 SUSE Bug 801036 The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. CVE-2013-0287 openSUSE Tumbleweed:libipa_hbac-devel-1.14.2-3.1 openSUSE Tumbleweed:libipa_hbac0-1.14.2-3.1 openSUSE Tumbleweed:libnfsidmap-sss-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp0-1.14.2-3.1 openSUSE Tumbleweed:python-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:python3-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python3-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python3-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python3-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:sssd-1.14.2-3.1 openSUSE Tumbleweed:sssd-32bit-1.14.2-3.1 openSUSE Tumbleweed:sssd-ad-1.14.2-3.1 openSUSE Tumbleweed:sssd-dbus-1.14.2-3.1 openSUSE Tumbleweed:sssd-ipa-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-common-1.14.2-3.1 openSUSE Tumbleweed:sssd-ldap-1.14.2-3.1 openSUSE Tumbleweed:sssd-proxy-1.14.2-3.1 openSUSE Tumbleweed:sssd-tools-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-devel-1.14.2-3.1 openSUSE Tumbleweed:sssd-winbind-idmap-1.14.2-3.1 moderate 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0287.html CVE-2013-0287 https://bugzilla.suse.com/809153 SUSE Bug 809153 The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors. CVE-2014-0249 openSUSE Tumbleweed:libipa_hbac-devel-1.14.2-3.1 openSUSE Tumbleweed:libipa_hbac0-1.14.2-3.1 openSUSE Tumbleweed:libnfsidmap-sss-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_nss_idmap0-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp-devel-1.14.2-3.1 openSUSE Tumbleweed:libsss_simpleifp0-1.14.2-3.1 openSUSE Tumbleweed:python-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:python3-ipa_hbac-1.14.2-3.1 openSUSE Tumbleweed:python3-sss-murmur-1.14.2-3.1 openSUSE Tumbleweed:python3-sss_nss_idmap-1.14.2-3.1 openSUSE Tumbleweed:python3-sssd-config-1.14.2-3.1 openSUSE Tumbleweed:sssd-1.14.2-3.1 openSUSE Tumbleweed:sssd-32bit-1.14.2-3.1 openSUSE Tumbleweed:sssd-ad-1.14.2-3.1 openSUSE Tumbleweed:sssd-dbus-1.14.2-3.1 openSUSE Tumbleweed:sssd-ipa-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-1.14.2-3.1 openSUSE Tumbleweed:sssd-krb5-common-1.14.2-3.1 openSUSE Tumbleweed:sssd-ldap-1.14.2-3.1 openSUSE Tumbleweed:sssd-proxy-1.14.2-3.1 openSUSE Tumbleweed:sssd-tools-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-1.14.2-3.1 openSUSE Tumbleweed:sssd-wbclient-devel-1.14.2-3.1 openSUSE Tumbleweed:sssd-winbind-idmap-1.14.2-3.1 moderate 2.4 AV:L/AC:H/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0249.html CVE-2014-0249 https://bugzilla.suse.com/880245 SUSE Bug 880245