Recommended update for adcli, sssd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1174-1 Final 1 1 2019-04-08T09:12:34Z current 2019-04-08T09:12:34Z 2019-04-08T09:12:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for adcli, sssd This update for adcli and sssd provides the following improvement: Security vulnerability fixed: - CVE-2019-3811: Fix fallback_homedir returning '/' for empty home directories (bsc#1121759) Other fixes: - Add an option to disable checking for trusted domains in the subdomains provider (bsc#1125617) - Clear pid file in corner cases (bsc#1127670) - Fix child unable to write to log file after SIGHUP (bsc#1127670) - Include adcli in SUSE Linux Enterprise 12 SP3 for sssd-ad. (fate#326619, bsc#1109849) The adcli enables sssd to do password renewal when using Active Directory. This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html E-Mail link for openSUSE-SU-2019:1174-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libipa_hbac-devel-1.13.4-15.1 libipa_hbac0-1.13.4-15.1 libsss_idmap-devel-1.13.4-15.1 libsss_idmap0-1.13.4-15.1 libsss_nss_idmap-devel-1.13.4-15.1 libsss_nss_idmap0-1.13.4-15.1 libsss_sudo-1.13.4-15.1 python-ipa_hbac-1.13.4-15.1 python-sss_nss_idmap-1.13.4-15.1 python-sssd-config-1.13.4-15.1 sssd-1.13.4-15.1 sssd-32bit-1.13.4-15.1 sssd-ad-1.13.4-15.1 sssd-ipa-1.13.4-15.1 sssd-krb5-1.13.4-15.1 sssd-krb5-common-1.13.4-15.1 sssd-ldap-1.13.4-15.1 sssd-proxy-1.13.4-15.1 sssd-tools-1.13.4-15.1 libipa_hbac-devel-1.13.4-15.1 as a component of openSUSE Leap 42.3 libipa_hbac0-1.13.4-15.1 as a component of openSUSE Leap 42.3 libsss_idmap-devel-1.13.4-15.1 as a component of openSUSE Leap 42.3 libsss_idmap0-1.13.4-15.1 as a component of openSUSE Leap 42.3 libsss_nss_idmap-devel-1.13.4-15.1 as a component of openSUSE Leap 42.3 libsss_nss_idmap0-1.13.4-15.1 as a component of openSUSE Leap 42.3 libsss_sudo-1.13.4-15.1 as a component of openSUSE Leap 42.3 python-ipa_hbac-1.13.4-15.1 as a component of openSUSE Leap 42.3 python-sss_nss_idmap-1.13.4-15.1 as a component of openSUSE Leap 42.3 python-sssd-config-1.13.4-15.1 as a component of openSUSE Leap 42.3 sssd-1.13.4-15.1 as a component of openSUSE Leap 42.3 sssd-32bit-1.13.4-15.1 as a component of openSUSE Leap 42.3 sssd-ad-1.13.4-15.1 as a component of openSUSE Leap 42.3 sssd-ipa-1.13.4-15.1 as a component of openSUSE Leap 42.3 sssd-krb5-1.13.4-15.1 as a component of openSUSE Leap 42.3 sssd-krb5-common-1.13.4-15.1 as a component of openSUSE Leap 42.3 sssd-ldap-1.13.4-15.1 as a component of openSUSE Leap 42.3 sssd-proxy-1.13.4-15.1 as a component of openSUSE Leap 42.3 sssd-tools-1.13.4-15.1 as a component of openSUSE Leap 42.3 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. CVE-2019-3811 openSUSE Leap 42.3:libipa_hbac-devel-1.13.4-15.1 openSUSE Leap 42.3:libipa_hbac0-1.13.4-15.1 openSUSE Leap 42.3:libsss_idmap-devel-1.13.4-15.1 openSUSE Leap 42.3:libsss_idmap0-1.13.4-15.1 openSUSE Leap 42.3:libsss_nss_idmap-devel-1.13.4-15.1 openSUSE Leap 42.3:libsss_nss_idmap0-1.13.4-15.1 openSUSE Leap 42.3:libsss_sudo-1.13.4-15.1 openSUSE Leap 42.3:python-ipa_hbac-1.13.4-15.1 openSUSE Leap 42.3:python-sss_nss_idmap-1.13.4-15.1 openSUSE Leap 42.3:python-sssd-config-1.13.4-15.1 openSUSE Leap 42.3:sssd-1.13.4-15.1 openSUSE Leap 42.3:sssd-32bit-1.13.4-15.1 openSUSE Leap 42.3:sssd-ad-1.13.4-15.1 openSUSE Leap 42.3:sssd-ipa-1.13.4-15.1 openSUSE Leap 42.3:sssd-krb5-1.13.4-15.1 openSUSE Leap 42.3:sssd-krb5-common-1.13.4-15.1 openSUSE Leap 42.3:sssd-ldap-1.13.4-15.1 openSUSE Leap 42.3:sssd-proxy-1.13.4-15.1 openSUSE Leap 42.3:sssd-tools-1.13.4-15.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html https://www.suse.com/security/cve/CVE-2019-3811.html CVE-2019-3811 https://bugzilla.suse.com/1121759 SUSE Bug 1121759