ALAS-2016-635


Amazon Linux AMI Security Advisory: ALAS-2016-635
Advisory Release Date: 2016-01-18 11:00 Pacific
Severity: Low
References: CVE-2015-5292 

Issue Overview:

It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in.


Affected Packages:

sssd


Issue Correction:
Run yum update sssd to update your system.

New Packages:
i686:
    sssd-libwbclient-1.13.0-40.6.amzn1.i686
    libipa_hbac-devel-1.13.0-40.6.amzn1.i686
    libsss_simpleifp-1.13.0-40.6.amzn1.i686
    sssd-1.13.0-40.6.amzn1.i686
    sssd-common-pac-1.13.0-40.6.amzn1.i686
    sssd-ldap-1.13.0-40.6.amzn1.i686
    sssd-dbus-1.13.0-40.6.amzn1.i686
    sssd-ad-1.13.0-40.6.amzn1.i686
    sssd-proxy-1.13.0-40.6.amzn1.i686
    python27-sss-1.13.0-40.6.amzn1.i686
    python27-libsss_nss_idmap-1.13.0-40.6.amzn1.i686
    libsss_idmap-1.13.0-40.6.amzn1.i686
    sssd-ipa-1.13.0-40.6.amzn1.i686
    sssd-tools-1.13.0-40.6.amzn1.i686
    python27-libipa_hbac-1.13.0-40.6.amzn1.i686
    sssd-krb5-common-1.13.0-40.6.amzn1.i686
    sssd-common-1.13.0-40.6.amzn1.i686
    libsss_simpleifp-devel-1.13.0-40.6.amzn1.i686
    sssd-debuginfo-1.13.0-40.6.amzn1.i686
    sssd-krb5-1.13.0-40.6.amzn1.i686
    libsss_nss_idmap-1.13.0-40.6.amzn1.i686
    libsss_nss_idmap-devel-1.13.0-40.6.amzn1.i686
    libsss_idmap-devel-1.13.0-40.6.amzn1.i686
    libipa_hbac-1.13.0-40.6.amzn1.i686
    python27-sss-murmur-1.13.0-40.6.amzn1.i686
    sssd-libwbclient-devel-1.13.0-40.6.amzn1.i686
    sssd-client-1.13.0-40.6.amzn1.i686

noarch:
    python27-sssdconfig-1.13.0-40.6.amzn1.noarch

src:
    sssd-1.13.0-40.6.amzn1.src

x86_64:
    libsss_nss_idmap-devel-1.13.0-40.6.amzn1.x86_64
    sssd-debuginfo-1.13.0-40.6.amzn1.x86_64
    sssd-krb5-common-1.13.0-40.6.amzn1.x86_64
    libsss_idmap-1.13.0-40.6.amzn1.x86_64
    libsss_simpleifp-devel-1.13.0-40.6.amzn1.x86_64
    sssd-ipa-1.13.0-40.6.amzn1.x86_64
    sssd-client-1.13.0-40.6.amzn1.x86_64
    sssd-libwbclient-1.13.0-40.6.amzn1.x86_64
    libipa_hbac-1.13.0-40.6.amzn1.x86_64
    libsss_simpleifp-1.13.0-40.6.amzn1.x86_64
    python27-libsss_nss_idmap-1.13.0-40.6.amzn1.x86_64
    sssd-ldap-1.13.0-40.6.amzn1.x86_64
    sssd-common-1.13.0-40.6.amzn1.x86_64
    sssd-tools-1.13.0-40.6.amzn1.x86_64
    sssd-ad-1.13.0-40.6.amzn1.x86_64
    sssd-libwbclient-devel-1.13.0-40.6.amzn1.x86_64
    libsss_idmap-devel-1.13.0-40.6.amzn1.x86_64
    python27-sss-1.13.0-40.6.amzn1.x86_64
    sssd-dbus-1.13.0-40.6.amzn1.x86_64
    sssd-common-pac-1.13.0-40.6.amzn1.x86_64
    sssd-proxy-1.13.0-40.6.amzn1.x86_64
    libipa_hbac-devel-1.13.0-40.6.amzn1.x86_64
    python27-sss-murmur-1.13.0-40.6.amzn1.x86_64
    sssd-1.13.0-40.6.amzn1.x86_64
    sssd-krb5-1.13.0-40.6.amzn1.x86_64
    libsss_nss_idmap-1.13.0-40.6.amzn1.x86_64
    python27-libipa_hbac-1.13.0-40.6.amzn1.x86_64