libipa_hbac-devel-2.5.2-1.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11408 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libipa_hbac-devel-2.5.2-1.4 on GA media These are all security issues fixed in the libipa_hbac-devel-2.5.2-1.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11408 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11408 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-12173/ SUSE CVE CVE-2017-12173 page https://www.suse.com/security/cve/CVE-2018-10852/ SUSE CVE CVE-2018-10852 page openSUSE Tumbleweed libipa_hbac-devel-2.5.2-1.4 libipa_hbac0-2.5.2-1.4 libnfsidmap-sss-2.5.2-1.4 libsss_certmap-devel-2.5.2-1.4 libsss_certmap0-2.5.2-1.4 libsss_idmap-devel-2.5.2-1.4 libsss_idmap0-2.5.2-1.4 libsss_nss_idmap-devel-2.5.2-1.4 libsss_nss_idmap0-2.5.2-1.4 libsss_simpleifp-devel-2.5.2-1.4 libsss_simpleifp0-2.5.2-1.4 python3-ipa_hbac-2.5.2-1.4 python3-sss-murmur-2.5.2-1.4 python3-sss_nss_idmap-2.5.2-1.4 python3-sssd-config-2.5.2-1.4 sssd-2.5.2-1.4 sssd-32bit-2.5.2-1.4 sssd-ad-2.5.2-1.4 sssd-dbus-2.5.2-1.4 sssd-ipa-2.5.2-1.4 sssd-kcm-2.5.2-1.4 sssd-krb5-2.5.2-1.4 sssd-krb5-common-2.5.2-1.4 sssd-ldap-2.5.2-1.4 sssd-proxy-2.5.2-1.4 sssd-tools-2.5.2-1.4 sssd-winbind-idmap-2.5.2-1.4 libipa_hbac-devel-2.5.2-1.4 as a component of openSUSE Tumbleweed libipa_hbac0-2.5.2-1.4 as a component of openSUSE Tumbleweed libnfsidmap-sss-2.5.2-1.4 as a component of openSUSE Tumbleweed libsss_certmap-devel-2.5.2-1.4 as a component of openSUSE Tumbleweed libsss_certmap0-2.5.2-1.4 as a component of openSUSE Tumbleweed libsss_idmap-devel-2.5.2-1.4 as a component of openSUSE Tumbleweed libsss_idmap0-2.5.2-1.4 as a component of openSUSE Tumbleweed libsss_nss_idmap-devel-2.5.2-1.4 as a component of openSUSE Tumbleweed libsss_nss_idmap0-2.5.2-1.4 as a component of openSUSE Tumbleweed libsss_simpleifp-devel-2.5.2-1.4 as a component of openSUSE Tumbleweed libsss_simpleifp0-2.5.2-1.4 as a component of openSUSE Tumbleweed python3-ipa_hbac-2.5.2-1.4 as a component of openSUSE Tumbleweed python3-sss-murmur-2.5.2-1.4 as a component of openSUSE Tumbleweed python3-sss_nss_idmap-2.5.2-1.4 as a component of openSUSE Tumbleweed python3-sssd-config-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-32bit-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-ad-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-dbus-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-ipa-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-kcm-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-krb5-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-krb5-common-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-ldap-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-proxy-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-tools-2.5.2-1.4 as a component of openSUSE Tumbleweed sssd-winbind-idmap-2.5.2-1.4 as a component of openSUSE Tumbleweed It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. CVE-2017-12173 openSUSE Tumbleweed:libipa_hbac-devel-2.5.2-1.4 openSUSE Tumbleweed:libipa_hbac0-2.5.2-1.4 openSUSE Tumbleweed:libnfsidmap-sss-2.5.2-1.4 openSUSE Tumbleweed:libsss_certmap-devel-2.5.2-1.4 openSUSE Tumbleweed:libsss_certmap0-2.5.2-1.4 openSUSE Tumbleweed:libsss_idmap-devel-2.5.2-1.4 openSUSE Tumbleweed:libsss_idmap0-2.5.2-1.4 openSUSE Tumbleweed:libsss_nss_idmap-devel-2.5.2-1.4 openSUSE Tumbleweed:libsss_nss_idmap0-2.5.2-1.4 openSUSE Tumbleweed:libsss_simpleifp-devel-2.5.2-1.4 openSUSE Tumbleweed:libsss_simpleifp0-2.5.2-1.4 openSUSE Tumbleweed:python3-ipa_hbac-2.5.2-1.4 openSUSE Tumbleweed:python3-sss-murmur-2.5.2-1.4 openSUSE Tumbleweed:python3-sss_nss_idmap-2.5.2-1.4 openSUSE Tumbleweed:python3-sssd-config-2.5.2-1.4 openSUSE Tumbleweed:sssd-2.5.2-1.4 openSUSE Tumbleweed:sssd-32bit-2.5.2-1.4 openSUSE Tumbleweed:sssd-ad-2.5.2-1.4 openSUSE Tumbleweed:sssd-dbus-2.5.2-1.4 openSUSE Tumbleweed:sssd-ipa-2.5.2-1.4 openSUSE Tumbleweed:sssd-kcm-2.5.2-1.4 openSUSE Tumbleweed:sssd-krb5-2.5.2-1.4 openSUSE Tumbleweed:sssd-krb5-common-2.5.2-1.4 openSUSE Tumbleweed:sssd-ldap-2.5.2-1.4 openSUSE Tumbleweed:sssd-proxy-2.5.2-1.4 openSUSE Tumbleweed:sssd-tools-2.5.2-1.4 openSUSE Tumbleweed:sssd-winbind-idmap-2.5.2-1.4 moderate 1.7 AV:L/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12173.html CVE-2017-12173 https://bugzilla.suse.com/1061832 SUSE Bug 1061832 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. CVE-2018-10852 openSUSE Tumbleweed:libipa_hbac-devel-2.5.2-1.4 openSUSE Tumbleweed:libipa_hbac0-2.5.2-1.4 openSUSE Tumbleweed:libnfsidmap-sss-2.5.2-1.4 openSUSE Tumbleweed:libsss_certmap-devel-2.5.2-1.4 openSUSE Tumbleweed:libsss_certmap0-2.5.2-1.4 openSUSE Tumbleweed:libsss_idmap-devel-2.5.2-1.4 openSUSE Tumbleweed:libsss_idmap0-2.5.2-1.4 openSUSE Tumbleweed:libsss_nss_idmap-devel-2.5.2-1.4 openSUSE Tumbleweed:libsss_nss_idmap0-2.5.2-1.4 openSUSE Tumbleweed:libsss_simpleifp-devel-2.5.2-1.4 openSUSE Tumbleweed:libsss_simpleifp0-2.5.2-1.4 openSUSE Tumbleweed:python3-ipa_hbac-2.5.2-1.4 openSUSE Tumbleweed:python3-sss-murmur-2.5.2-1.4 openSUSE Tumbleweed:python3-sss_nss_idmap-2.5.2-1.4 openSUSE Tumbleweed:python3-sssd-config-2.5.2-1.4 openSUSE Tumbleweed:sssd-2.5.2-1.4 openSUSE Tumbleweed:sssd-32bit-2.5.2-1.4 openSUSE Tumbleweed:sssd-ad-2.5.2-1.4 openSUSE Tumbleweed:sssd-dbus-2.5.2-1.4 openSUSE Tumbleweed:sssd-ipa-2.5.2-1.4 openSUSE Tumbleweed:sssd-kcm-2.5.2-1.4 openSUSE Tumbleweed:sssd-krb5-2.5.2-1.4 openSUSE Tumbleweed:sssd-krb5-common-2.5.2-1.4 openSUSE Tumbleweed:sssd-ldap-2.5.2-1.4 openSUSE Tumbleweed:sssd-proxy-2.5.2-1.4 openSUSE Tumbleweed:sssd-tools-2.5.2-1.4 openSUSE Tumbleweed:sssd-winbind-idmap-2.5.2-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-10852.html CVE-2018-10852 https://bugzilla.suse.com/1098377 SUSE Bug 1098377