NS-SA-2019-0241
2019-12-27 14:15:32
简介
moderate: unixODBC/sssd security update
严重级别
moderate
主题
An update for unixODBC/sssd is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
unixODBC: Install unixODBC if you want to access databases through ODBC. You will also need the mysql-connector-odbc package if you want to access a MySQL database, and/or the postgresql-odbc package for PostgreSQL.
sssd: The python-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can be used by Python applications.
Security Fix(es):
unixODBC: An argument order confusion flaw was found in the SQLWriteFileDSN API of unixODBC. This could only be exploited via a malicious ODBC database connector package with the maximum impact being a denial of service.(CVE-2018-7485)
unixODBC: A buffer overflow flaw was found in the unicode_to_ansi_copy() function of unixODBC. This overflow is not directly controllable by an attacker making the maximum potential impact a crash or denial of service.(CVE-2018-7409)
unixODBC: bugfix
sssd: A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot().(CVE-2019-3811)
sssd: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838)
sssd: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F7.
影响组件
影响产品
- CGSL MAIN 5.05
- CGSL CORE 5.05
更新包
{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["unixODBC-2.3.1-14.el7.x86_64.rpm","unixODBC-debuginfo-2.3.1-14.el7.x86_64.rpm","unixODBC-devel-2.3.1-14.el7.x86_64.rpm"],"source":"unixODBC-2.3.1-14.el7.src.rpm"},{"binary":["sssd-tools-1.16.4-21.el7.x86_64.rpm","sssd-winbind-idmap-1.16.4-21.el7.x86_64.rpm","libsss_autofs-1.16.4-21.el7.x86_64.rpm","libsss_certmap-1.16.4-21.el7.x86_64.rpm","python-libsss_nss_idmap-1.16.4-21.el7.x86_64.rpm","libsss_certmap-devel-1.16.4-21.el7.x86_64.rpm","libsss_idmap-1.16.4-21.el7.x86_64.rpm","libsss_idmap-devel-1.16.4-21.el7.x86_64.rpm","libsss_nss_idmap-1.16.4-21.el7.x86_64.rpm","libsss_nss_idmap-devel-1.16.4-21.el7.x86_64.rpm","libsss_simpleifp-1.16.4-21.el7.x86_64.rpm","libsss_simpleifp-devel-1.16.4-21.el7.x86_64.rpm","libsss_sudo-1.16.4-21.el7.x86_64.rpm","libipa_hbac-1.16.4-21.el7.x86_64.rpm","libipa_hbac-devel-1.16.4-21.el7.x86_64.rpm","python-sss-1.16.4-21.el7.x86_64.rpm","python-sss-murmur-1.16.4-21.el7.x86_64.rpm","python-sssdconfig-1.16.4-21.el7.noarch.rpm","sssd-1.16.4-21.el7.x86_64.rpm","sssd-ad-1.16.4-21.el7.x86_64.rpm","sssd-client-1.16.4-21.el7.x86_64.rpm","sssd-common-1.16.4-21.el7.x86_64.rpm","sssd-common-pac-1.16.4-21.el7.x86_64.rpm","sssd-dbus-1.16.4-21.el7.x86_64.rpm","sssd-debuginfo-1.16.4-21.el7.x86_64.rpm","python-libipa_hbac-1.16.4-21.el7.x86_64.rpm","sssd-ipa-1.16.4-21.el7.x86_64.rpm","sssd-kcm-1.16.4-21.el7.x86_64.rpm","sssd-krb5-1.16.4-21.el7.x86_64.rpm","sssd-krb5-common-1.16.4-21.el7.x86_64.rpm","sssd-ldap-1.16.4-21.el7.x86_64.rpm","sssd-libwbclient-1.16.4-21.el7.x86_64.rpm","sssd-libwbclient-devel-1.16.4-21.el7.x86_64.rpm","sssd-polkit-rules-1.16.4-21.el7.x86_64.rpm","sssd-proxy-1.16.4-21.el7.x86_64.rpm"],"source":"sssd-1.16.4-21.el7.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["unixODBC-2.3.1-14.el7.x86_64.rpm","unixODBC-debuginfo-2.3.1-14.el7.x86_64.rpm","unixODBC-devel-2.3.1-14.el7.x86_64.rpm"],"source":"unixODBC-2.3.1-14.el7.src.rpm"},{"binary":["python-sss-1.16.4-21.el7.x86_64.rpm","python-sss-murmur-1.16.4-21.el7.x86_64.rpm","python-sssdconfig-1.16.4-21.el7.noarch.rpm","libsss_autofs-1.16.4-21.el7.x86_64.rpm","libsss_certmap-1.16.4-21.el7.x86_64.rpm","libsss_certmap-devel-1.16.4-21.el7.x86_64.rpm","libsss_idmap-1.16.4-21.el7.x86_64.rpm","libsss_idmap-devel-1.16.4-21.el7.x86_64.rpm","libsss_nss_idmap-1.16.4-21.el7.x86_64.rpm","libsss_nss_idmap-devel-1.16.4-21.el7.x86_64.rpm","libsss_simpleifp-1.16.4-21.el7.x86_64.rpm","libsss_simpleifp-devel-1.16.4-21.el7.x86_64.rpm","libsss_sudo-1.16.4-21.el7.x86_64.rpm","libipa_hbac-1.16.4-21.el7.x86_64.rpm","python-libipa_hbac-1.16.4-21.el7.x86_64.rpm","libipa_hbac-devel-1.16.4-21.el7.x86_64.rpm","python-libsss_nss_idmap-1.16.4-21.el7.x86_64.rpm","sssd-1.16.4-21.el7.x86_64.rpm","sssd-ad-1.16.4-21.el7.x86_64.rpm","sssd-client-1.16.4-21.el7.x86_64.rpm","sssd-common-1.16.4-21.el7.x86_64.rpm","sssd-common-pac-1.16.4-21.el7.x86_64.rpm","sssd-dbus-1.16.4-21.el7.x86_64.rpm","sssd-debuginfo-1.16.4-21.el7.x86_64.rpm","sssd-ipa-1.16.4-21.el7.x86_64.rpm","sssd-kcm-1.16.4-21.el7.x86_64.rpm","sssd-krb5-1.16.4-21.el7.x86_64.rpm","sssd-krb5-common-1.16.4-21.el7.x86_64.rpm","sssd-ldap-1.16.4-21.el7.x86_64.rpm","sssd-libwbclient-1.16.4-21.el7.x86_64.rpm","sssd-libwbclient-devel-1.16.4-21.el7.x86_64.rpm","sssd-polkit-rules-1.16.4-21.el7.x86_64.rpm","sssd-proxy-1.16.4-21.el7.x86_64.rpm","sssd-tools-1.16.4-21.el7.x86_64.rpm","sssd-winbind-idmap-1.16.4-21.el7.x86_64.rpm"],"source":"sssd-1.16.4-21.el7.src.rpm"}]}]}
CVE
参考