Bug 1101751 (CVE-2014-0249)
Summary: | CVE-2014-0249 sssd: incorrect expansion of group membership when encountering a non-POSIX group | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | abokovoy, fweimer, grajaiya, jgalipea, jhrozek, jkurik, lslebodn, mkosek, osoukup, pbrezina, redhat, sbose, sgallagh, ssorce |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sssd 1.11.7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-01-10 15:01:34 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 995389, 1101756, 1103487, 1103488 | ||
Bug Blocks: | 1101758 |
Description
Vincent Danen
2014-05-27 20:21:59 UTC
Created sssd tracking bugs for this issue: Affects: fedora-all [bug 1101756] Statement: This issue affects the version of sssd package as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having Low security impact, a future update may address this flaw. Upstream bug: https://fedorahosted.org/sssd/ticket/2343 Fixed upstream in version 1.11.7: https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.7 Upstream commits: https://git.fedorahosted.org/cgit/sssd.git/commit/?id=0b6b4b7669b46d3d0b0ebefbc0e1621965444717 https://git.fedorahosted.org/cgit/sssd.git/commit/?id=4da27d52078497c5c095f4a4cd9975fe5c83c330 https://git.fedorahosted.org/cgit/sssd.git/commit/?id=191d7f7ce3de10d9e19eaa0a6ab3319bcd4ca95d This issue was already fixed in sssd updates in Red Hat Enterprise Linux 6 (in 6.6, via RHBA-2014:1375) and Red Hat Enterprise Linux 7 (in 7.1, via RHBA-2015:0441). https://rhn.redhat.com/errata/RHBA-2014-1375.html https://rhn.redhat.com/errata/RHBA-2015-0441.html |