ALAS-2019-1307


Amazon Linux AMI Security Advisory: ALAS-2019-1307
Advisory Release Date: 2019-10-09 23:12 Pacific
Severity: Medium

Issue Overview:

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838 )

A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot().(CVE-2019-3811 )


Affected Packages:

sssd


Issue Correction:
Run yum update sssd to update your system.

New Packages:
i686:
    sssd-libwbclient-1.16.4-21.25.amzn1.i686
    libsss_sudo-1.16.4-21.25.amzn1.i686
    sssd-winbind-idmap-1.16.4-21.25.amzn1.i686
    sssd-ldap-1.16.4-21.25.amzn1.i686
    libsss_simpleifp-1.16.4-21.25.amzn1.i686
    sssd-krb5-common-1.16.4-21.25.amzn1.i686
    sssd-dbus-1.16.4-21.25.amzn1.i686
    sssd-common-pac-1.16.4-21.25.amzn1.i686
    sssd-libwbclient-devel-1.16.4-21.25.amzn1.i686
    libsss_certmap-devel-1.16.4-21.25.amzn1.i686
    libsss_simpleifp-devel-1.16.4-21.25.amzn1.i686
    python27-libsss_nss_idmap-1.16.4-21.25.amzn1.i686
    sssd-common-1.16.4-21.25.amzn1.i686
    libsss_autofs-1.16.4-21.25.amzn1.i686
    sssd-tools-1.16.4-21.25.amzn1.i686
    sssd-ipa-1.16.4-21.25.amzn1.i686
    sssd-ad-1.16.4-21.25.amzn1.i686
    python27-sss-1.16.4-21.25.amzn1.i686
    libsss_idmap-1.16.4-21.25.amzn1.i686
    sssd-1.16.4-21.25.amzn1.i686
    libipa_hbac-1.16.4-21.25.amzn1.i686
    sssd-client-1.16.4-21.25.amzn1.i686
    libipa_hbac-devel-1.16.4-21.25.amzn1.i686
    libsss_nss_idmap-1.16.4-21.25.amzn1.i686
    sssd-proxy-1.16.4-21.25.amzn1.i686
    sssd-debuginfo-1.16.4-21.25.amzn1.i686
    libsss_certmap-1.16.4-21.25.amzn1.i686
    libsss_idmap-devel-1.16.4-21.25.amzn1.i686
    python27-libipa_hbac-1.16.4-21.25.amzn1.i686
    sssd-krb5-1.16.4-21.25.amzn1.i686
    libsss_nss_idmap-devel-1.16.4-21.25.amzn1.i686
    python27-sss-murmur-1.16.4-21.25.amzn1.i686

noarch:
    python27-sssdconfig-1.16.4-21.25.amzn1.noarch

src:
    sssd-1.16.4-21.25.amzn1.src

x86_64:
    sssd-tools-1.16.4-21.25.amzn1.x86_64
    sssd-ipa-1.16.4-21.25.amzn1.x86_64
    sssd-krb5-1.16.4-21.25.amzn1.x86_64
    libsss_simpleifp-devel-1.16.4-21.25.amzn1.x86_64
    sssd-winbind-idmap-1.16.4-21.25.amzn1.x86_64
    sssd-1.16.4-21.25.amzn1.x86_64
    sssd-libwbclient-devel-1.16.4-21.25.amzn1.x86_64
    libsss_idmap-1.16.4-21.25.amzn1.x86_64
    libsss_nss_idmap-devel-1.16.4-21.25.amzn1.x86_64
    libipa_hbac-1.16.4-21.25.amzn1.x86_64
    sssd-debuginfo-1.16.4-21.25.amzn1.x86_64
    libipa_hbac-devel-1.16.4-21.25.amzn1.x86_64
    libsss_nss_idmap-1.16.4-21.25.amzn1.x86_64
    libsss_sudo-1.16.4-21.25.amzn1.x86_64
    python27-libsss_nss_idmap-1.16.4-21.25.amzn1.x86_64
    python27-sss-murmur-1.16.4-21.25.amzn1.x86_64
    libsss_autofs-1.16.4-21.25.amzn1.x86_64
    sssd-common-pac-1.16.4-21.25.amzn1.x86_64
    sssd-ldap-1.16.4-21.25.amzn1.x86_64
    sssd-client-1.16.4-21.25.amzn1.x86_64
    python27-libipa_hbac-1.16.4-21.25.amzn1.x86_64
    sssd-libwbclient-1.16.4-21.25.amzn1.x86_64
    python27-sss-1.16.4-21.25.amzn1.x86_64
    sssd-krb5-common-1.16.4-21.25.amzn1.x86_64
    sssd-ad-1.16.4-21.25.amzn1.x86_64
    sssd-dbus-1.16.4-21.25.amzn1.x86_64
    libsss_certmap-1.16.4-21.25.amzn1.x86_64
    sssd-proxy-1.16.4-21.25.amzn1.x86_64
    sssd-common-1.16.4-21.25.amzn1.x86_64
    libsss_certmap-devel-1.16.4-21.25.amzn1.x86_64
    libsss_simpleifp-1.16.4-21.25.amzn1.x86_64
    libsss_idmap-devel-1.16.4-21.25.amzn1.x86_64