ALAS-2016-636


Amazon Linux AMI Security Advisory: ALAS-2016-636
Advisory Release Date: 2016-01-18 11:00 Pacific
Severity: Medium
References: CVE-2015-2704 

Issue Overview:

A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response.


Affected Packages:

realmd


Issue Correction:
Run yum update realmd to update your system.

New Packages:
i686:
    realmd-debuginfo-0.16.1-5.5.amzn1.i686
    realmd-0.16.1-5.5.amzn1.i686

noarch:
    realmd-devel-docs-0.16.1-5.5.amzn1.noarch

src:
    realmd-0.16.1-5.5.amzn1.src

x86_64:
    realmd-debuginfo-0.16.1-5.5.amzn1.x86_64
    realmd-0.16.1-5.5.amzn1.x86_64