Amazon Linux 1 Security Advisory: ALAS-2016-636
Advisory Release Date: 2016-01-18 11:00 Pacific
Advisory Updated Date: 2016-01-18 11:00 Pacific
A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response.
Affected Packages:
realmd
Issue Correction:
Run yum update realmd to update your system.
i686:
realmd-debuginfo-0.16.1-5.5.amzn1.i686
realmd-0.16.1-5.5.amzn1.i686
noarch:
realmd-devel-docs-0.16.1-5.5.amzn1.noarch
src:
realmd-0.16.1-5.5.amzn1.src
x86_64:
realmd-debuginfo-0.16.1-5.5.amzn1.x86_64
realmd-0.16.1-5.5.amzn1.x86_64