Content-Type: |
text/plain; charset="utf-8" |
Date: |
Mon, 21 Dec 2015 23:16:31 +0000 |
Reply-To: |
|
Subject: |
|
MIME-Version: |
1.0 |
Message-ID: |
|
Content-Transfer-Encoding: |
7bit |
Sender: |
|
From: |
|
Parts/Attachments: |
|
|
Synopsis: Moderate: realmd security, bug fix, and enhancement update
Advisory ID: SLSA-2015:2184-7
Issue Date: 2015-11-19
CVE Numbers: CVE-2015-2704
--
A flaw was found in the way realmd parsed certain input when writing
configuration into the sssd.conf or smb.conf file. A remote attacker could
use this flaw to inject arbitrary configurations into these files via a
newline character in an LDAP response. (CVE-2015-2704)
It was found that the realm client would try to automatically join an
active directory domain without authentication, which could potentially
lead to privilege escalation within a specified domain.
The realmd packages have been upgraded to upstream version 0.16.1, which
provides a number of bug fixes and enhancements over the previous version.
This update also fixes the following bugs:
* Joining a Scientific Linux machine to a domain using the realm utility
creates /home/domainname/[username]/ directories for domain users.
Previously, SELinux labeled the domain users' directories incorrectly. As
a consequence, the domain users sometimes experienced problems with
SELinux policy. This update modifies the realmd service default behavior
so that the domain users' directories are compatible with the standard
SELinux policy.
* Previously, the realm utility was unable to join or discover domains
with domain names containing underscore (_). The realmd service has been
modified to process underscores in domain names correctly, which fixes the
described bug.
In addition, this update adds the following enhancement:
* The realmd utility now allows the user to disable automatic ID mapping
from the command line. To disable the mapping, pass the "--automatic-id-
mapping=no" option to the realmd utility.
--
SL7
x86_64
realmd-0.16.1-5.el7.x86_64.rpm
realmd-debuginfo-0.16.1-5.el7.x86_64.rpm
realmd-devel-docs-0.16.1-5.el7.x86_64.rpm
- Scientific Linux Development Team
|
|
|