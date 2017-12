-----BEGIN PGP SIGNED MESSAGE-----

Red Hat Security Advisory



Synopsis: Moderate: sssd security and bug fix update

Advisory ID: RHSA-2017:3379-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2017:3379

Issue date: 2017-12-04

CVE Names: CVE-2017-12173

1. Summary:



An update for sssd is now available for Red Hat Enterprise Linux 7.



Red Hat Product Security has rated this update as having a security impact

of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

gives a detailed severity rating, is available for each vulnerability from

the CVE link(s) in the References section.



2. Relevant releases/architectures:



Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) -

aarch64, noarch, ppc64le

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v.

7) - aarch64, ppc64le



3. Description:



The System Security Services Daemon (SSSD) service provides a set of

daemons to manage access to remote directories and authentication

mechanisms. It also provides the Name Service Switch (NSS) and the

Pluggable Authentication Modules (PAM) interfaces toward the system, and a

pluggable back-end system to connect to multiple different account sources.



Security Fix(es):



* It was found that sssd's sysdb_search_user_by_upn_res() function did not

sanitize requests when querying its local cache and was vulnerable to

injection. In a centralized login environment, if a password hash was

locally cached for a given user, an authenticated attacker could use this

flaw to retrieve it. (CVE-2017-12173)



This issue was discovered by Sumit Bose (Red Hat).



Bug Fix(es):



* Previously, SSSD's krb5 provider did not respect changed UIDs in ID views

overriding the default view. Consequently, Kerberos credential caches were

created with the incorrect, original UID, and processes of the user were

not able to find the changed UID. With this update, SSSD's krb5 provider is

made aware of the proper ID view name and respects the ID override data. As

a result, the Kerberos credential cache is now created with the expected

UID, and the processes can find it. (BZ#1508972)



* Previously, the list of cache request domains was sometimes freed in the

middle of a cache request operation due to the refresh domains request, as

they both were using the same list. As a consequence, a segmentation fault

sometimes occurred in SSSD. With this update, SSSD uses a copy of the cache

request domains' list for each cache request. As a result, SSSD no longer

crashes in this case. (BZ#1509177)



* Previously, the calls provided by SSSD to send data to the Privilege

Attribute Certificate (PAC) responder did not use a mutex or any other

means to serialize access to the PAC responder from a single process. When

multithreaded applications overran the PAC responder with multiple parallel

requests, some threads did not receive a proper reply. Consequently, such

threads only resumed work after waiting 5 minutes for a response. This

update configures mutex to serialize access to the PAC responder socket for

multithreaded applications. As a result, all threads now get a proper and

timely reply. (BZ#1506682)



4. Solution:



For details on how to apply this update, which includes the changes

described in this advisory, refer to:



https://access.redhat.com/articles/11258



5. Bugs fixed (https://bugzilla.redhat.com/):



1498173 - CVE-2017-12173 sssd: unsanitized input when searching in local cache

database

1506142 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30)

[rhel-7.4.z]

1506682 - sssd_client: add mutex protected call to the PAC responder

[rhel-7.4.z]

1509177 - Race condition between refreshing the cr_domain list and a request

that is using the list can cause a segfault is sssd_nss [rhel-7.4.z]



6. Package List:



Red Hat Enterprise Linux Client (v. 7):



Source:

sssd-1.15.2-50.el7_4.8.src.rpm



noarch:

python-sssdconfig-1.15.2-50.el7_4.8.noarch.rpm



x86_64:

libipa_hbac-1.15.2-50.el7_4.8.i686.rpm

libipa_hbac-1.15.2-50.el7_4.8.x86_64.rpm

libsss_autofs-1.15.2-50.el7_4.8.x86_64.rpm

libsss_certmap-1.15.2-50.el7_4.8.i686.rpm

libsss_certmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_idmap-1.15.2-50.el7_4.8.i686.rpm

libsss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.i686.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.i686.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.x86_64.rpm

libsss_sudo-1.15.2-50.el7_4.8.x86_64.rpm

python-libipa_hbac-1.15.2-50.el7_4.8.x86_64.rpm

python-sss-1.15.2-50.el7_4.8.x86_64.rpm

python-sss-murmur-1.15.2-50.el7_4.8.x86_64.rpm

sssd-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ad-1.15.2-50.el7_4.8.x86_64.rpm

sssd-client-1.15.2-50.el7_4.8.i686.rpm

sssd-client-1.15.2-50.el7_4.8.x86_64.rpm

sssd-common-1.15.2-50.el7_4.8.x86_64.rpm

sssd-common-pac-1.15.2-50.el7_4.8.x86_64.rpm

sssd-dbus-1.15.2-50.el7_4.8.x86_64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.i686.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ipa-1.15.2-50.el7_4.8.x86_64.rpm

sssd-kcm-1.15.2-50.el7_4.8.x86_64.rpm

sssd-krb5-1.15.2-50.el7_4.8.x86_64.rpm

sssd-krb5-common-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ldap-1.15.2-50.el7_4.8.x86_64.rpm

sssd-libwbclient-1.15.2-50.el7_4.8.x86_64.rpm

sssd-polkit-rules-1.15.2-50.el7_4.8.x86_64.rpm

sssd-proxy-1.15.2-50.el7_4.8.x86_64.rpm

sssd-tools-1.15.2-50.el7_4.8.x86_64.rpm

sssd-winbind-idmap-1.15.2-50.el7_4.8.x86_64.rpm



Red Hat Enterprise Linux Client Optional (v. 7):



x86_64:

libipa_hbac-devel-1.15.2-50.el7_4.8.i686.rpm

libipa_hbac-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.x86_64.rpm

python-libsss_nss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.i686.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.x86_64.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.i686.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.x86_64.rpm



Red Hat Enterprise Linux ComputeNode (v. 7):



Source:

sssd-1.15.2-50.el7_4.8.src.rpm



noarch:

python-sssdconfig-1.15.2-50.el7_4.8.noarch.rpm



x86_64:

libipa_hbac-1.15.2-50.el7_4.8.i686.rpm

libipa_hbac-1.15.2-50.el7_4.8.x86_64.rpm

libsss_autofs-1.15.2-50.el7_4.8.x86_64.rpm

libsss_certmap-1.15.2-50.el7_4.8.i686.rpm

libsss_certmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_idmap-1.15.2-50.el7_4.8.i686.rpm

libsss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.i686.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.i686.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.x86_64.rpm

libsss_sudo-1.15.2-50.el7_4.8.x86_64.rpm

python-libipa_hbac-1.15.2-50.el7_4.8.x86_64.rpm

python-sss-1.15.2-50.el7_4.8.x86_64.rpm

python-sss-murmur-1.15.2-50.el7_4.8.x86_64.rpm

sssd-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ad-1.15.2-50.el7_4.8.x86_64.rpm

sssd-client-1.15.2-50.el7_4.8.i686.rpm

sssd-client-1.15.2-50.el7_4.8.x86_64.rpm

sssd-common-1.15.2-50.el7_4.8.x86_64.rpm

sssd-common-pac-1.15.2-50.el7_4.8.x86_64.rpm

sssd-dbus-1.15.2-50.el7_4.8.x86_64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.i686.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ipa-1.15.2-50.el7_4.8.x86_64.rpm

sssd-kcm-1.15.2-50.el7_4.8.x86_64.rpm

sssd-krb5-1.15.2-50.el7_4.8.x86_64.rpm

sssd-krb5-common-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ldap-1.15.2-50.el7_4.8.x86_64.rpm

sssd-libwbclient-1.15.2-50.el7_4.8.x86_64.rpm

sssd-polkit-rules-1.15.2-50.el7_4.8.x86_64.rpm

sssd-proxy-1.15.2-50.el7_4.8.x86_64.rpm

sssd-tools-1.15.2-50.el7_4.8.x86_64.rpm

sssd-winbind-idmap-1.15.2-50.el7_4.8.x86_64.rpm



Red Hat Enterprise Linux ComputeNode Optional (v. 7):



x86_64:

libipa_hbac-devel-1.15.2-50.el7_4.8.i686.rpm

libipa_hbac-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.x86_64.rpm

python-libsss_nss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.i686.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.x86_64.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.i686.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.x86_64.rpm



Red Hat Enterprise Linux Server (v. 7):



Source:

sssd-1.15.2-50.el7_4.8.src.rpm



noarch:

python-sssdconfig-1.15.2-50.el7_4.8.noarch.rpm



ppc64:

libipa_hbac-1.15.2-50.el7_4.8.ppc.rpm

libipa_hbac-1.15.2-50.el7_4.8.ppc64.rpm

libsss_autofs-1.15.2-50.el7_4.8.ppc64.rpm

libsss_certmap-1.15.2-50.el7_4.8.ppc.rpm

libsss_certmap-1.15.2-50.el7_4.8.ppc64.rpm

libsss_idmap-1.15.2-50.el7_4.8.ppc.rpm

libsss_idmap-1.15.2-50.el7_4.8.ppc64.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.ppc.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.ppc64.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.ppc.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.ppc64.rpm

libsss_sudo-1.15.2-50.el7_4.8.ppc64.rpm

python-libipa_hbac-1.15.2-50.el7_4.8.ppc64.rpm

python-sss-1.15.2-50.el7_4.8.ppc64.rpm

python-sss-murmur-1.15.2-50.el7_4.8.ppc64.rpm

sssd-1.15.2-50.el7_4.8.ppc64.rpm

sssd-ad-1.15.2-50.el7_4.8.ppc64.rpm

sssd-client-1.15.2-50.el7_4.8.ppc.rpm

sssd-client-1.15.2-50.el7_4.8.ppc64.rpm

sssd-common-1.15.2-50.el7_4.8.ppc64.rpm

sssd-common-pac-1.15.2-50.el7_4.8.ppc64.rpm

sssd-dbus-1.15.2-50.el7_4.8.ppc64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.ppc.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.ppc64.rpm

sssd-ipa-1.15.2-50.el7_4.8.ppc64.rpm

sssd-kcm-1.15.2-50.el7_4.8.ppc64.rpm

sssd-krb5-1.15.2-50.el7_4.8.ppc64.rpm

sssd-krb5-common-1.15.2-50.el7_4.8.ppc64.rpm

sssd-ldap-1.15.2-50.el7_4.8.ppc64.rpm

sssd-libwbclient-1.15.2-50.el7_4.8.ppc64.rpm

sssd-polkit-rules-1.15.2-50.el7_4.8.ppc64.rpm

sssd-proxy-1.15.2-50.el7_4.8.ppc64.rpm

sssd-tools-1.15.2-50.el7_4.8.ppc64.rpm

sssd-winbind-idmap-1.15.2-50.el7_4.8.ppc64.rpm



ppc64le:

libipa_hbac-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_autofs-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_certmap-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_idmap-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_sudo-1.15.2-50.el7_4.8.ppc64le.rpm

python-libipa_hbac-1.15.2-50.el7_4.8.ppc64le.rpm

python-sss-1.15.2-50.el7_4.8.ppc64le.rpm

python-sss-murmur-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-ad-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-client-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-common-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-common-pac-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-dbus-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-ipa-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-kcm-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-krb5-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-krb5-common-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-ldap-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-libwbclient-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-polkit-rules-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-proxy-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-tools-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-winbind-idmap-1.15.2-50.el7_4.8.ppc64le.rpm



s390x:

libipa_hbac-1.15.2-50.el7_4.8.s390.rpm

libipa_hbac-1.15.2-50.el7_4.8.s390x.rpm

libsss_autofs-1.15.2-50.el7_4.8.s390x.rpm

libsss_certmap-1.15.2-50.el7_4.8.s390.rpm

libsss_certmap-1.15.2-50.el7_4.8.s390x.rpm

libsss_idmap-1.15.2-50.el7_4.8.s390.rpm

libsss_idmap-1.15.2-50.el7_4.8.s390x.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.s390.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.s390x.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.s390.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.s390x.rpm

libsss_sudo-1.15.2-50.el7_4.8.s390x.rpm

python-libipa_hbac-1.15.2-50.el7_4.8.s390x.rpm

python-sss-1.15.2-50.el7_4.8.s390x.rpm

python-sss-murmur-1.15.2-50.el7_4.8.s390x.rpm

sssd-1.15.2-50.el7_4.8.s390x.rpm

sssd-ad-1.15.2-50.el7_4.8.s390x.rpm

sssd-client-1.15.2-50.el7_4.8.s390.rpm

sssd-client-1.15.2-50.el7_4.8.s390x.rpm

sssd-common-1.15.2-50.el7_4.8.s390x.rpm

sssd-common-pac-1.15.2-50.el7_4.8.s390x.rpm

sssd-dbus-1.15.2-50.el7_4.8.s390x.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.s390.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.s390x.rpm

sssd-ipa-1.15.2-50.el7_4.8.s390x.rpm

sssd-kcm-1.15.2-50.el7_4.8.s390x.rpm

sssd-krb5-1.15.2-50.el7_4.8.s390x.rpm

sssd-krb5-common-1.15.2-50.el7_4.8.s390x.rpm

sssd-ldap-1.15.2-50.el7_4.8.s390x.rpm

sssd-libwbclient-1.15.2-50.el7_4.8.s390x.rpm

sssd-polkit-rules-1.15.2-50.el7_4.8.s390x.rpm

sssd-proxy-1.15.2-50.el7_4.8.s390x.rpm

sssd-tools-1.15.2-50.el7_4.8.s390x.rpm

sssd-winbind-idmap-1.15.2-50.el7_4.8.s390x.rpm



x86_64:

libipa_hbac-1.15.2-50.el7_4.8.i686.rpm

libipa_hbac-1.15.2-50.el7_4.8.x86_64.rpm

libsss_autofs-1.15.2-50.el7_4.8.x86_64.rpm

libsss_certmap-1.15.2-50.el7_4.8.i686.rpm

libsss_certmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_idmap-1.15.2-50.el7_4.8.i686.rpm

libsss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.i686.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.i686.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.x86_64.rpm

libsss_sudo-1.15.2-50.el7_4.8.x86_64.rpm

python-libipa_hbac-1.15.2-50.el7_4.8.x86_64.rpm

python-libsss_nss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

python-sss-1.15.2-50.el7_4.8.x86_64.rpm

python-sss-murmur-1.15.2-50.el7_4.8.x86_64.rpm

sssd-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ad-1.15.2-50.el7_4.8.x86_64.rpm

sssd-client-1.15.2-50.el7_4.8.i686.rpm

sssd-client-1.15.2-50.el7_4.8.x86_64.rpm

sssd-common-1.15.2-50.el7_4.8.x86_64.rpm

sssd-common-pac-1.15.2-50.el7_4.8.x86_64.rpm

sssd-dbus-1.15.2-50.el7_4.8.x86_64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.i686.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ipa-1.15.2-50.el7_4.8.x86_64.rpm

sssd-kcm-1.15.2-50.el7_4.8.x86_64.rpm

sssd-krb5-1.15.2-50.el7_4.8.x86_64.rpm

sssd-krb5-common-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ldap-1.15.2-50.el7_4.8.x86_64.rpm

sssd-libwbclient-1.15.2-50.el7_4.8.x86_64.rpm

sssd-polkit-rules-1.15.2-50.el7_4.8.x86_64.rpm

sssd-proxy-1.15.2-50.el7_4.8.x86_64.rpm

sssd-tools-1.15.2-50.el7_4.8.x86_64.rpm

sssd-winbind-idmap-1.15.2-50.el7_4.8.x86_64.rpm



Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):



Source:

sssd-1.15.2-50.el7_4.8.src.rpm



aarch64:

libipa_hbac-1.15.2-50.el7_4.8.aarch64.rpm

libsss_autofs-1.15.2-50.el7_4.8.aarch64.rpm

libsss_certmap-1.15.2-50.el7_4.8.aarch64.rpm

libsss_idmap-1.15.2-50.el7_4.8.aarch64.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.aarch64.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.aarch64.rpm

libsss_sudo-1.15.2-50.el7_4.8.aarch64.rpm

python-libipa_hbac-1.15.2-50.el7_4.8.aarch64.rpm

python-libsss_nss_idmap-1.15.2-50.el7_4.8.aarch64.rpm

python-sss-1.15.2-50.el7_4.8.aarch64.rpm

python-sss-murmur-1.15.2-50.el7_4.8.aarch64.rpm

sssd-1.15.2-50.el7_4.8.aarch64.rpm

sssd-ad-1.15.2-50.el7_4.8.aarch64.rpm

sssd-client-1.15.2-50.el7_4.8.aarch64.rpm

sssd-common-1.15.2-50.el7_4.8.aarch64.rpm

sssd-common-pac-1.15.2-50.el7_4.8.aarch64.rpm

sssd-dbus-1.15.2-50.el7_4.8.aarch64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.aarch64.rpm

sssd-ipa-1.15.2-50.el7_4.8.aarch64.rpm

sssd-kcm-1.15.2-50.el7_4.8.aarch64.rpm

sssd-krb5-1.15.2-50.el7_4.8.aarch64.rpm

sssd-krb5-common-1.15.2-50.el7_4.8.aarch64.rpm

sssd-ldap-1.15.2-50.el7_4.8.aarch64.rpm

sssd-libwbclient-1.15.2-50.el7_4.8.aarch64.rpm

sssd-polkit-rules-1.15.2-50.el7_4.8.aarch64.rpm

sssd-proxy-1.15.2-50.el7_4.8.aarch64.rpm

sssd-tools-1.15.2-50.el7_4.8.aarch64.rpm

sssd-winbind-idmap-1.15.2-50.el7_4.8.aarch64.rpm



noarch:

python-sssdconfig-1.15.2-50.el7_4.8.noarch.rpm



ppc64le:

libipa_hbac-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_autofs-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_certmap-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_idmap-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_sudo-1.15.2-50.el7_4.8.ppc64le.rpm

python-libipa_hbac-1.15.2-50.el7_4.8.ppc64le.rpm

python-sss-1.15.2-50.el7_4.8.ppc64le.rpm

python-sss-murmur-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-ad-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-client-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-common-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-common-pac-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-dbus-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-ipa-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-kcm-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-krb5-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-krb5-common-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-ldap-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-libwbclient-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-polkit-rules-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-proxy-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-tools-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-winbind-idmap-1.15.2-50.el7_4.8.ppc64le.rpm



Red Hat Enterprise Linux Server Optional (v. 7):



ppc64:

libipa_hbac-devel-1.15.2-50.el7_4.8.ppc.rpm

libipa_hbac-devel-1.15.2-50.el7_4.8.ppc64.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.ppc.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.ppc64.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.ppc.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.ppc64.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.ppc.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.ppc64.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.ppc.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.ppc64.rpm

python-libsss_nss_idmap-1.15.2-50.el7_4.8.ppc64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.ppc.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.ppc64.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.ppc.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.ppc64.rpm



ppc64le:

libipa_hbac-devel-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.ppc64le.rpm

python-libsss_nss_idmap-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.ppc64le.rpm



s390x:

libipa_hbac-devel-1.15.2-50.el7_4.8.s390.rpm

libipa_hbac-devel-1.15.2-50.el7_4.8.s390x.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.s390.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.s390x.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.s390.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.s390x.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.s390.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.s390x.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.s390.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.s390x.rpm

python-libsss_nss_idmap-1.15.2-50.el7_4.8.s390x.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.s390.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.s390x.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.s390.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.s390x.rpm



x86_64:

libipa_hbac-devel-1.15.2-50.el7_4.8.i686.rpm

libipa_hbac-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.x86_64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.i686.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.x86_64.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.i686.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.x86_64.rpm



Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v.

7):



aarch64:

libipa_hbac-devel-1.15.2-50.el7_4.8.aarch64.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.aarch64.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.aarch64.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.aarch64.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.aarch64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.aarch64.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.aarch64.rpm



ppc64le:

libipa_hbac-devel-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.ppc64le.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.ppc64le.rpm

python-libsss_nss_idmap-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.ppc64le.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.ppc64le.rpm



Red Hat Enterprise Linux Workstation (v. 7):



Source:

sssd-1.15.2-50.el7_4.8.src.rpm



noarch:

python-sssdconfig-1.15.2-50.el7_4.8.noarch.rpm



x86_64:

libipa_hbac-1.15.2-50.el7_4.8.i686.rpm

libipa_hbac-1.15.2-50.el7_4.8.x86_64.rpm

libsss_autofs-1.15.2-50.el7_4.8.x86_64.rpm

libsss_certmap-1.15.2-50.el7_4.8.i686.rpm

libsss_certmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_idmap-1.15.2-50.el7_4.8.i686.rpm

libsss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.i686.rpm

libsss_nss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.i686.rpm

libsss_simpleifp-1.15.2-50.el7_4.8.x86_64.rpm

libsss_sudo-1.15.2-50.el7_4.8.x86_64.rpm

python-libipa_hbac-1.15.2-50.el7_4.8.x86_64.rpm

python-libsss_nss_idmap-1.15.2-50.el7_4.8.x86_64.rpm

python-sss-1.15.2-50.el7_4.8.x86_64.rpm

python-sss-murmur-1.15.2-50.el7_4.8.x86_64.rpm

sssd-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ad-1.15.2-50.el7_4.8.x86_64.rpm

sssd-client-1.15.2-50.el7_4.8.i686.rpm

sssd-client-1.15.2-50.el7_4.8.x86_64.rpm

sssd-common-1.15.2-50.el7_4.8.x86_64.rpm

sssd-common-pac-1.15.2-50.el7_4.8.x86_64.rpm

sssd-dbus-1.15.2-50.el7_4.8.x86_64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.i686.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ipa-1.15.2-50.el7_4.8.x86_64.rpm

sssd-kcm-1.15.2-50.el7_4.8.x86_64.rpm

sssd-krb5-1.15.2-50.el7_4.8.x86_64.rpm

sssd-krb5-common-1.15.2-50.el7_4.8.x86_64.rpm

sssd-ldap-1.15.2-50.el7_4.8.x86_64.rpm

sssd-libwbclient-1.15.2-50.el7_4.8.x86_64.rpm

sssd-polkit-rules-1.15.2-50.el7_4.8.x86_64.rpm

sssd-proxy-1.15.2-50.el7_4.8.x86_64.rpm

sssd-tools-1.15.2-50.el7_4.8.x86_64.rpm

sssd-winbind-idmap-1.15.2-50.el7_4.8.x86_64.rpm



Red Hat Enterprise Linux Workstation Optional (v. 7):



x86_64:

libipa_hbac-devel-1.15.2-50.el7_4.8.i686.rpm

libipa_hbac-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_certmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_idmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_nss_idmap-devel-1.15.2-50.el7_4.8.x86_64.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.i686.rpm

libsss_simpleifp-devel-1.15.2-50.el7_4.8.x86_64.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.i686.rpm

sssd-debuginfo-1.15.2-50.el7_4.8.x86_64.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.i686.rpm

sssd-libwbclient-devel-1.15.2-50.el7_4.8.x86_64.rpm



These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/



7. References:



https://access.redhat.com/security/cve/CVE-2017-12173

https://access.redhat.com/security/updates/classification/#moderate



8. Contact:



The Red Hat security contact is <secalert@redhat.com>. More contact

details at https://access.redhat.com/security/team/contact/



Copyright 2017 Red Hat, Inc.

