Amazon Linux 1 Security Advisory: ALAS-2018-1127
Advisory Release Date: 2019-01-22 18:00 Pacific
Advisory Updated Date: 2019-01-25 02:40 Pacific
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. (CVE-2018-10852)
Affected Packages:
sssd
Issue Correction:
Run yum update sssd to update your system.
i686:
python27-libipa_hbac-1.16.2-13.amzn1.i686
libsss_sudo-1.16.2-13.amzn1.i686
sssd-client-1.16.2-13.amzn1.i686
sssd-1.16.2-13.amzn1.i686
sssd-winbind-idmap-1.16.2-13.amzn1.i686
sssd-dbus-1.16.2-13.amzn1.i686
libipa_hbac-1.16.2-13.amzn1.i686
sssd-krb5-1.16.2-13.amzn1.i686
sssd-tools-1.16.2-13.amzn1.i686
sssd-common-1.16.2-13.amzn1.i686
sssd-proxy-1.16.2-13.amzn1.i686
libsss_idmap-devel-1.16.2-13.amzn1.i686
libsss_nss_idmap-1.16.2-13.amzn1.i686
python27-libsss_nss_idmap-1.16.2-13.amzn1.i686
sssd-krb5-common-1.16.2-13.amzn1.i686
python27-sss-murmur-1.16.2-13.amzn1.i686
libsss_autofs-1.16.2-13.amzn1.i686
libsss_certmap-devel-1.16.2-13.amzn1.i686
sssd-ipa-1.16.2-13.amzn1.i686
sssd-libwbclient-1.16.2-13.amzn1.i686
libsss_certmap-1.16.2-13.amzn1.i686
python27-sss-1.16.2-13.amzn1.i686
sssd-ad-1.16.2-13.amzn1.i686
sssd-libwbclient-devel-1.16.2-13.amzn1.i686
libsss_simpleifp-devel-1.16.2-13.amzn1.i686
libsss_simpleifp-1.16.2-13.amzn1.i686
libsss_nss_idmap-devel-1.16.2-13.amzn1.i686
libsss_idmap-1.16.2-13.amzn1.i686
libipa_hbac-devel-1.16.2-13.amzn1.i686
sssd-common-pac-1.16.2-13.amzn1.i686
sssd-ldap-1.16.2-13.amzn1.i686
sssd-debuginfo-1.16.2-13.amzn1.i686
noarch:
python27-sssdconfig-1.16.2-13.amzn1.noarch
src:
sssd-1.16.2-13.amzn1.src
x86_64:
sssd-1.16.2-13.amzn1.x86_64
libsss_certmap-1.16.2-13.amzn1.x86_64
sssd-proxy-1.16.2-13.amzn1.x86_64
sssd-ad-1.16.2-13.amzn1.x86_64
libsss_simpleifp-devel-1.16.2-13.amzn1.x86_64
sssd-libwbclient-1.16.2-13.amzn1.x86_64
python27-sss-1.16.2-13.amzn1.x86_64
python27-sss-murmur-1.16.2-13.amzn1.x86_64
libsss_simpleifp-1.16.2-13.amzn1.x86_64
sssd-client-1.16.2-13.amzn1.x86_64
libsss_autofs-1.16.2-13.amzn1.x86_64
sssd-krb5-common-1.16.2-13.amzn1.x86_64
sssd-ipa-1.16.2-13.amzn1.x86_64
sssd-debuginfo-1.16.2-13.amzn1.x86_64
sssd-libwbclient-devel-1.16.2-13.amzn1.x86_64
sssd-common-1.16.2-13.amzn1.x86_64
sssd-ldap-1.16.2-13.amzn1.x86_64
sssd-krb5-1.16.2-13.amzn1.x86_64
libsss_idmap-1.16.2-13.amzn1.x86_64
libsss_certmap-devel-1.16.2-13.amzn1.x86_64
sssd-common-pac-1.16.2-13.amzn1.x86_64
libsss_idmap-devel-1.16.2-13.amzn1.x86_64
python27-libipa_hbac-1.16.2-13.amzn1.x86_64
libipa_hbac-devel-1.16.2-13.amzn1.x86_64
libsss_sudo-1.16.2-13.amzn1.x86_64
sssd-dbus-1.16.2-13.amzn1.x86_64
python27-libsss_nss_idmap-1.16.2-13.amzn1.x86_64
libsss_nss_idmap-1.16.2-13.amzn1.x86_64
sssd-tools-1.16.2-13.amzn1.x86_64
libipa_hbac-1.16.2-13.amzn1.x86_64
libsss_nss_idmap-devel-1.16.2-13.amzn1.x86_64
sssd-winbind-idmap-1.16.2-13.amzn1.x86_64