sssd 1.16.1-1ubuntu1.8 source package in Ubuntu

Changelog

sssd (1.16.1-1ubuntu1.8) bionic-security; urgency=medium

  * SECURITY UPDATE: sudo rules read issue
    - debian/patches/CVE-2018-10852.patch: create the socket with stricter
      permissions in src/responder/sudo/sudosrv.c,
      src/sysv/systemd/sssd-sudo.socket.in.
    - CVE-2018-10852
  * SECURITY UPDATE: permissions issue in GPO implementation
    - debian/patches/CVE-2018-16838.patch: add option
      ad_gpo_ignore_unreadable in src/config/cfg_rules.ini,
      src/man/sssd-ad.5.xml, src/providers/ad/ad_common.h,
      src/providers/ad/ad_gpo.c, src/providers/ad/ad_opts.c.
    - CVE-2018-16838
  * SECURITY UPDATE: sssd returns / for emtpy home directories
    - debian/patches/CVE-2019-3811.patch: return empty string in
      src/confdb/confdb.c, src/man/include/ad_modified_defaults.xml,
      src/responder/nss/nss_protocol_pwent.c,
      src/tests/intg/test_files_provider.py.
    - CVE-2019-3811
  * SECURITY UPDATE: shell command injection in sssctl comment
    - debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
      avoid execution of user supplied command in
      src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
      src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
    - CVE-2021-3621

 -- Marc Deslauriers <email address hidden>  Wed, 18 Aug 2021 08:31:06 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates main utils
Bionic security main utils

Downloads

File Size SHA-256 Checksum
sssd_1.16.1.orig.tar.gz 5.7 MiB 2dbf677851afdefcdf57eccaf25d59eb682a2994ad2a2dbf419003930a0b506e
sssd_1.16.1-1ubuntu1.8.diff.gz 116.6 KiB 1d2a556427f457ad1f3cbff254df002431658faca71a540892b7889a30b417b0
sssd_1.16.1-1ubuntu1.8.dsc 4.8 KiB ed1a3cdd2d5fb04d2f5547db4740b6434e950851bfd9685c2041e0f61417a9c0

View changes file

Binary packages built by this source

libipa-hbac-dev: FreeIPA HBAC Evaluator library -- development files

 Utility library to validate FreeIPA HBAC rules for authorization requests.
 .
 This package contains header files and symlinks to develop programs which will
 use the libipa-hbac library.

libipa-hbac0: FreeIPA HBAC Evaluator library

 Utility library to validate FreeIPA HBAC rules for authorization requests.

libipa-hbac0-dbgsym: debug symbols for libipa-hbac0
libnss-sss: Nss library for the System Security Services Daemon

 Provides a set of daemons to manage access to remote directories and
 authentication mechanisms. It provides an NSS and PAM interface toward
 the system and a pluggable backend system to connect to multiple different
 account sources. It is also the basis to provide client auditing and policy
 services for projects like FreeIPA.
 .
 This package provide the nss library to connect to the sssd daemon.

libnss-sss-dbgsym: debug symbols for libnss-sss
libpam-sss: Pam module for the System Security Services Daemon

 Provides a set of daemons to manage access to remote directories and
 authentication mechanisms. It provides an NSS and PAM interface toward
 the system and a pluggable backend system to connect to multiple different
 account sources. It is also the basis to provide client auditing and policy
 services for projects like FreeIPA.
 .
 This package provide the pam module to connect to the sssd daemon.

libpam-sss-dbgsym: debug symbols for libpam-sss
libsss-certmap-dev: Certificate mapping library for SSSD -- development files

 Utility library to map certificates to users based on rules.
 .
 This package contains header files and symlinks to develop programs which will
 use the libsss-certmap library.

libsss-certmap0: Certificate mapping library for SSSD

 Library to map certificates to users based on rules.

libsss-certmap0-dbgsym: debug symbols for libsss-certmap0
libsss-idmap-dev: ID mapping library for SSSD -- development files

 Utility library to convert SIDs to Unix uids and gids.
 .
 This package contains header files and symlinks to develop programs which will
 use the libsss-idmap library.

libsss-idmap0: ID mapping library for SSSD

 Utility library to convert SIDs to Unix uids and gids.

libsss-idmap0-dbgsym: debug symbols for libsss-idmap0
libsss-nss-idmap-dev: SID based lookups library for SSSD -- development files

 Utility library for SID based lookups.
 .
 This package contains header files and symlinks to develop programs which will
 use the libsss-nss-idmap library.

libsss-nss-idmap0: SID based lookups library for SSSD

 Utility library for SID based lookups.

libsss-nss-idmap0-dbgsym: debug symbols for libsss-nss-idmap0
libsss-simpleifp-dev: SSSD D-Bus responder helper library -- development files

 Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
 .
 This package contains header files and symlinks to develop programs which will
 use the libsss-simpleifp0 library.

libsss-simpleifp0: SSSD D-Bus responder helper library

 Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.

libsss-simpleifp0-dbgsym: debug symbols for libsss-simpleifp0
libsss-sudo: Communicator library for sudo

 Utility library to allow communication between sudo and SSSD for caching
 sudo rules by SSSD.

libsss-sudo-dbgsym: debug symbols for libsss-sudo
libwbclient-sssd: SSSD libwbclient implementation

 The SSSD libwbclient implementation.

libwbclient-sssd-dbgsym: debug symbols for libwbclient-sssd
libwbclient-sssd-dev: SSSD libwbclient implementation -- development files

 The SSSD libwbclient implementation.
 .
 This package contains header files and symlinks to develop programs which will
 use the libwbclient-sssd library.

python-libipa-hbac: Python bindings for the FreeIPA HBAC Evaluator library

 The libipa_hbac-python contains the bindings so that libipa_hbac can be
 used by Python applications.
 .
 This package installs the library for Python 2.

python-libipa-hbac-dbgsym: debug symbols for python-libipa-hbac
python-libsss-nss-idmap: Python bindings for the SID lookups library

 This package contains the bindings for libnss_sss_idmap to be used by
 Python applications.
 .
 This package installs the library for Python 2.

python-libsss-nss-idmap-dbgsym: debug symbols for python-libsss-nss-idmap
python-sss: Python module for the System Security Services Daemon

 Provides a set of daemons to manage access to remote directories and
 authentication mechanisms. It provides an NSS and PAM interface toward
 the system and a pluggable backend system to connect to multiple different
 account sources. It is also the basis to provide client auditing and policy
 services for projects like FreeIPA.
 .
 This package provide a module to access the configuration of the sssd daemon.
 .
 This package installs the library for Python 2.

python-sss-dbgsym: debug symbols for python-sss
python3-libipa-hbac: Python3 bindings for the FreeIPA HBAC Evaluator library

 The libipa_hbac-python contains the bindings so that libipa_hbac can be
 used by Python applications.
 .
 This package installs the library for Python 3.

python3-libipa-hbac-dbgsym: debug symbols for python3-libipa-hbac
python3-libsss-nss-idmap: Python3 bindings for the SID lookups library

 This package contains the bindings for libnss_sss_idmap to be used by
 Python applications.
 .
 This package installs the library for Python 3.

python3-libsss-nss-idmap-dbgsym: debug symbols for python3-libsss-nss-idmap
python3-sss: Python3 module for the System Security Services Daemon

 Provides a set of daemons to manage access to remote directories and
 authentication mechanisms. It provides an NSS and PAM interface toward
 the system and a pluggable backend system to connect to multiple different
 account sources. It is also the basis to provide client auditing and policy
 services for projects like FreeIPA.
 .
 This package provide a module to access the configuration of the sssd daemon.
 .
 This package installs the library for Python 3.

python3-sss-dbgsym: debug symbols for python3-sss
sssd: System Security Services Daemon -- metapackage

 Provides a set of daemons to manage access to remote directories and
 authentication mechanisms. It provides an NSS and PAM interface toward
 the system and a pluggable backend system to connect to multiple different
 account sources. It is also the basis to provide client auditing and policy
 services for projects like FreeIPA.
 .
 This package is a metapackage which installs the daemon and existing
 authentication back ends.

sssd-ad: System Security Services Daemon -- Active Directory back end

 Provides the Active Directory back end that the SSSD can utilize to fetch
 identity data from and authenticate against an Active Directory server.

sssd-ad-common: System Security Services Daemon -- PAC responder

 Provides the PAC responder that the AD and IPA backends can use for
 fetching additional attributes from the kerberos ticket.

sssd-ad-common-dbgsym: debug symbols for sssd-ad-common
sssd-ad-dbgsym: debug symbols for sssd-ad
sssd-common: System Security Services Daemon -- common files

 Provides a set of daemons to manage access to remote directories and
 authentication mechanisms. It provides an NSS and PAM interface toward
 the system and a pluggable backend system to connect to multiple different
 account sources. It is also the basis to provide client auditing and policy
 services for projects like FreeIPA.
 .
 This package provides the daemon and other common files needed by the
 authentication back ends.

sssd-common-dbgsym: debug symbols for sssd-common
sssd-dbus: System Security Services Daemon -- D-Bus responder

 Provides the D-Bus responder called InfoPipe, that allows the information
 from the SSSD to be transmitted over the system bus.

sssd-dbus-dbgsym: debug symbols for sssd-dbus
sssd-ipa: System Security Services Daemon -- IPA back end

 Provides the IPA back end that the SSSD can utilize to fetch identity data
 from and authenticate against an IPA server.

sssd-ipa-dbgsym: debug symbols for sssd-ipa
sssd-kcm: System Security Services Daemon -- Kerberos KCM server implementation

 Provides an implementation of a Kerberos KCM server. Use this package if
 you want to use the KCM: Kerberos credentials cache.

sssd-kcm-dbgsym: debug symbols for sssd-kcm
sssd-krb5: System Security Services Daemon -- Kerberos back end

 Provides the Kerberos back end that the SSSD can utilize authenticate
 against a Kerberos server.

sssd-krb5-common: System Security Services Daemon -- Kerberos helpers

 Provides helper processes that the LDAP and Kerberos back ends can use for
 Kerberos user or host authentication.

sssd-krb5-common-dbgsym: debug symbols for sssd-krb5-common
sssd-krb5-dbgsym: debug symbols for sssd-krb5
sssd-ldap: System Security Services Daemon -- LDAP back end

 Provides the LDAP back end that the SSSD can utilize to fetch identity data
 from and authenticate against an LDAP server.

sssd-ldap-dbgsym: debug symbols for sssd-ldap
sssd-proxy: System Security Services Daemon -- proxy back end

 Provides the proxy back end which can be used to wrap an existing NSS and/or
 PAM modules to leverage SSSD caching.

sssd-proxy-dbgsym: debug symbols for sssd-proxy
sssd-tools: System Security Services Daemon -- tools

 Provides a set of daemons to manage access to remote directories and
 authentication mechanisms. It provides an NSS and PAM interface toward
 the system and a pluggable backend system to connect to multiple different
 account sources. It is also the basis to provide client auditing and policy
 services for projects like FreeIPA.
 .
 This package provides tools to manage users, groups and nested groups when
 using the local id provider.

sssd-tools-dbgsym: debug symbols for sssd-tools