ALAS-2016-636

Amazon Linux 1 Security Advisory: ALAS-2016-636
Advisory Release Date: 2016-01-18 11:00 Pacific
Advisory Updated Date: 2016-01-18 11:00 Pacific

Severity: Medium

References: CVE-2015-2704
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response.

Affected Packages:

realmd

Issue Correction:
Run yum update realmd to update your system.

New Packages:

i686:
    realmd-debuginfo-0.16.1-5.5.amzn1.i686
    realmd-0.16.1-5.5.amzn1.i686

noarch:
    realmd-devel-docs-0.16.1-5.5.amzn1.noarch

src:
    realmd-0.16.1-5.5.amzn1.src

x86_64:
    realmd-debuginfo-0.16.1-5.5.amzn1.x86_64
    realmd-0.16.1-5.5.amzn1.x86_64

Additional References

Red Hat: CVE-2015-2704

Mitre: CVE-2015-2704