[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1429-1] sssd security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : sssd
Version        : 1.11.7-3+deb8u1
CVE ID         : CVE-2018-10852
Debian Bug     : 902860


The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules
from SSSD has too wide permissions, which means that anyone who can send a
message using the same raw protocol that sudo and SSSD use can read the sudo
rules available for any user.

For Debian 8 "Jessie", these problems have been fixed in version
1.11.7-3+deb8u1.

We recommend that you upgrade your sssd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAltMS18ACgkQKpJZkldk
Svp6dQ/9FNSC/qoASnxmkFVDZQFCDfp1XPWR85b3o/MPLuw8K6VLXxwvfeJSvqyt
xgkMgTz0iTipPPaVMt2OsTG+GCr1g+Ao+54a8gEzv3ItkgKUnpPUHfSwY+NDDJ3p
8hj2HJfIK2WLyrUWZaVDOC5WcHCcG/Qcunj8uwfV8fQi6faqSDZg+fUlW37p3LoC
MvO70m+IFcPCHt5AY24yVuMBhmblbqFMZCfK21HypjKwngn/n1f+ERbL1aTEU512
JvyNM+wpa7iyknaJWJrBYdfFAJwamQuAdYz3XC+HUFJFyOpvceCbBrUm3fTslKjn
9c5XJ5KEFHSwlzNi2tGpHSxzt6s5fAFFEPShcOc/6gM9xIKHidmU6PR2BGYWTLqq
lhILzdlReKoNoCBmNu+Jsrufws77MmT3RiLPb1Uimi84aCIB0PTNtC4If1o0/BBT
s8XFHt99u3K+9gAxwznfsIXNwmp9B6NxPx9cK1SsZom4FZDYbhpUzwtUWSKki/KN
q4q9CQUhk8vq4FoZzrpG0uPFWdUMYJQgxLM2WUb9F9ScoRZY6fZfB/qWf6cnGES1
h2Tblk+eHc3A1dlW3ChlxCOURB8ScDqq2Ig7446n5SyiYed9gNaFpJ6obw53ApH9
zukeC3O3DFoah6ZKvmawQKKhmYO7lrzgsRz80g/twe78NNL6vsM=
=L03z
-----END PGP SIGNATURE-----


Reply to: