- Issued:
- 2012-02-20
- Updated:
- 2012-02-20
RHBA-2012:0164 - Bug Fix Advisory
Synopsis
sssd bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated sssd packages that fix several bugs and add various enhancements are now
available.
Description
The sssd packages contain a set of daemons to manage access to remote
directories and authentication mechanisms.
These updated sssd packages include numerous bug fixes and one enhancement.
Space precludes documenting all of these changes in this advisory. Users are
directed to the Red Hat Enterprise Linux 5.8 Technical Notes for information on
the most significant of these changes:
All users of SSSD should upgrade to these updated packages, which fix these bugs
and add these enhancements.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 680443 - Dynamic DNS update fails if multiple servers are given in ipa_server config option
- BZ - 692455 - rfc2307bis groups are being enumerated even when the gidNumber is out of the range of min_id,max_id.
- BZ - 694580 - SSSD's man pages are missing information
- BZ - 698724 - kpasswd fails when using sssd and kadmin server != kdc server
- BZ - 700168 - Users with a local group as their primary GID are denied access by the simple access provider
- BZ - 707975 - Unable to authenticate users when username contains "\0"
- BZ - 707999 - The IPA provider does not work with IPv6
- BZ - 708104 - "renew_all_tgts" and "renew_handlers" messages are being logged multiple times when the provider comes back online.
- BZ - 709352 - Typo in negative cache notification for initgroups()
- BZ - 719107 - Native AD password policy attributes break shadow entries on forced password change, preventing login
- BZ - 748818 - SSSD not functional after "self" reboot
- BZ - 748820 - RFC2307bis initgroups calls are slow
- BZ - 748821 - [RFE] Support overriding attribute value
- BZ - 748822 - SSSD is not populating nested groups in Active Directory
- BZ - 748833 - latest sssd fails if ldap_default_authtok_type is not mentioned
- BZ - 748834 - IPA provider fails initgroups() if user is not a member of any group
- BZ - 748835 - SSSD's async resolver only tries the first nameserver in /etc/resolv.conf
- BZ - 748836 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured.
- BZ - 748837 - RFE: SSSD should support paged LDAP lookups
- BZ - 748842 - Include valid "ldap_uri" formats in sssd-ldap man page
- BZ - 748844 - sssd.$arch should require sssd-client.$arch
- BZ - 748846 - During the change password operation the ccache is not replaced by a new one if the old one isn't active anymore.
- BZ - 748847 - sssd shuts down if inotify crashes
- BZ - 748848 - libsss_ldap segfault at login against OpenLDAP
- BZ - 748849 - Certificate validation fails with message "Connection error: TLS: hostname does not match CN in peer certificate"
- BZ - 748853 - IPA dynamic DNS update mangles AAAA records
- BZ - 748854 - Remove DENY rules from the HBAC access provider
- BZ - 748855 - sssd_pam leaks file descriptors.
- BZ - 748856 - sssd doesn't honor ldap supportedControls
- BZ - 748857 - "groups user" and "finger gecos" fails
- BZ - 748858 - sssd does not handle kerberos server IP change
- BZ - 748860 - LDAP+GSSAPI needs explicit Kerberos realm
- BZ - 748861 - Provide a mechanism for vetoing the use of certain shells
- BZ - 748864 - SSSD taking 5 minutes to log in
- BZ - 748865 - When non-posix groups are skipped, initgroups returns random GID
- BZ - 748866 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON
- BZ - 748867 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled
- BZ - 748869 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled.
- BZ - 748870 - sssd crashes during auth while there exists multiple external hosts along with managed host.
- BZ - 748872 - Authentication fails when there exists an empty hbacsvcgroup.
- BZ - 748873 - Improve password policy error message
- BZ - 748874 - Unable to enumerate rfc2307bis group with non-default attribute names.
- BZ - 748875 - SSSD should pick a user/group name when there are multi-valued names
- BZ - 748877 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid.
- BZ - 748878 - Lookup fails for non-primary usernames with multi-valued uid.
- BZ - 748879 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled.
- BZ - 748881 - Use an explicit base 10 when converting uidNumber to integer
- BZ - 748882 - Rework the example config
- BZ - 748883 - HBAC rule evaluation does not properly handle host groups
- BZ - 748893 - SSSD backend gets killed on slow systems
- BZ - 748895 - Only access sssd_nss internal hash table if it was initialized
- BZ - 748896 - sssd_pam segfaults on sssd restart
- BZ - 748897 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts.
- BZ - 748898 - SSSD can crash due to dbus server removing a UNIX socket
- BZ - 758168 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam()
- BZ - 773327 - The full dyndns update message should be logged into debug logs
CVEs
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
sssd-1.5.1-49.el5.src.rpm | SHA-256: 91bfbfd99861d0546eacda71d2dc14ec160aaabb31e9a320cdf24c3ec4b8d6c3 |
x86_64 | |
libipa_hbac-1.5.1-49.el5.i386.rpm | SHA-256: fe00079f7f7f375fc0ae8d0e193f3d77771a50a06205b53f1f13c9b2f6b8ba68 |
libipa_hbac-1.5.1-49.el5.x86_64.rpm | SHA-256: 119deb2b9bdb385b2cd6cc2eb2da8b303c353053d3ad739e6acaa242b8510c1f |
libipa_hbac-devel-1.5.1-49.el5.i386.rpm | SHA-256: 82651bf42d3ec0d1e118d2c836e6e024f3cc0c09741e06264c7222ce3aab8cd3 |
libipa_hbac-devel-1.5.1-49.el5.x86_64.rpm | SHA-256: 90b4b20b0e099d39f7448b42156397eddb8ea8f01112d6e90b53035ebe5edd9d |
libipa_hbac-python-1.5.1-49.el5.x86_64.rpm | SHA-256: bc4677dc2d6cd9cbe9840ec21d71588247273568b8699d862dfabd5867a2a4df |
sssd-1.5.1-49.el5.x86_64.rpm | SHA-256: 1b0b186f4e3bcef7337dfc0632a6a5de62ede6e7341a9b0d7d004863ee1d0676 |
sssd-client-1.5.1-49.el5.i386.rpm | SHA-256: 452998c3ea8828e5ad66ccf5d949524c0e68d273b812024f171f5af78ec75f14 |
sssd-client-1.5.1-49.el5.x86_64.rpm | SHA-256: c0b0e541adad024705af5e3bf5bfc900166965732c2c4992c3ea727a84e4c068 |
sssd-tools-1.5.1-49.el5.x86_64.rpm | SHA-256: 4c62b40fa0f1937bd4b479beaca0fc3b44a25870fd8ecf7eac90cb8b6b2befea |
ia64 | |
libipa_hbac-1.5.1-49.el5.ia64.rpm | SHA-256: fafb6c2cc6047b5b37419fe7d78b9f400cef77a711c06bc8ff9c0215376fe08e |
libipa_hbac-devel-1.5.1-49.el5.ia64.rpm | SHA-256: 3949fd50a541b3445384deaabfe55452e7e315402f99bd770800097e268b72a3 |
libipa_hbac-python-1.5.1-49.el5.ia64.rpm | SHA-256: c2a062c697b8a11111b889e6357a30bf16b6f6d5c17570d968dd1f255a5972bb |
sssd-1.5.1-49.el5.ia64.rpm | SHA-256: be8f19f9d2322c480b081326ce68f93f91c682d8462cbecc8a4ffd12bbc5cbb2 |
sssd-client-1.5.1-49.el5.i386.rpm | SHA-256: 452998c3ea8828e5ad66ccf5d949524c0e68d273b812024f171f5af78ec75f14 |
sssd-client-1.5.1-49.el5.ia64.rpm | SHA-256: 6e25c9e2dc614c1c1632072e527f829e98ecf16b1f3f943670c2547471d3d0e4 |
sssd-tools-1.5.1-49.el5.ia64.rpm | SHA-256: 14ad8ad092560ffd57d969e43494a4d6a74988e5e42ba2023885136435709857 |
i386 | |
libipa_hbac-1.5.1-49.el5.i386.rpm | SHA-256: fe00079f7f7f375fc0ae8d0e193f3d77771a50a06205b53f1f13c9b2f6b8ba68 |
libipa_hbac-devel-1.5.1-49.el5.i386.rpm | SHA-256: 82651bf42d3ec0d1e118d2c836e6e024f3cc0c09741e06264c7222ce3aab8cd3 |
libipa_hbac-python-1.5.1-49.el5.i386.rpm | SHA-256: 454c3deaf31e9cd02a2a8318dce9611cffa8144cab97235b241a79dbaffdba97 |
sssd-1.5.1-49.el5.i386.rpm | SHA-256: c00e75a8022ee210eea03a379d6995f5426e1b62908c77cabd96db39df824034 |
sssd-client-1.5.1-49.el5.i386.rpm | SHA-256: 452998c3ea8828e5ad66ccf5d949524c0e68d273b812024f171f5af78ec75f14 |
sssd-tools-1.5.1-49.el5.i386.rpm | SHA-256: d56757b0cac04925ddb601bacf796e26b91d041e483a6ddbcdd06c2a6abbd309 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
sssd-1.5.1-49.el5.src.rpm | SHA-256: 91bfbfd99861d0546eacda71d2dc14ec160aaabb31e9a320cdf24c3ec4b8d6c3 |
x86_64 | |
libipa_hbac-1.5.1-49.el5.i386.rpm | SHA-256: fe00079f7f7f375fc0ae8d0e193f3d77771a50a06205b53f1f13c9b2f6b8ba68 |
libipa_hbac-1.5.1-49.el5.x86_64.rpm | SHA-256: 119deb2b9bdb385b2cd6cc2eb2da8b303c353053d3ad739e6acaa242b8510c1f |
libipa_hbac-devel-1.5.1-49.el5.i386.rpm | SHA-256: 82651bf42d3ec0d1e118d2c836e6e024f3cc0c09741e06264c7222ce3aab8cd3 |
libipa_hbac-devel-1.5.1-49.el5.x86_64.rpm | SHA-256: 90b4b20b0e099d39f7448b42156397eddb8ea8f01112d6e90b53035ebe5edd9d |
libipa_hbac-python-1.5.1-49.el5.x86_64.rpm | SHA-256: bc4677dc2d6cd9cbe9840ec21d71588247273568b8699d862dfabd5867a2a4df |
sssd-1.5.1-49.el5.x86_64.rpm | SHA-256: 1b0b186f4e3bcef7337dfc0632a6a5de62ede6e7341a9b0d7d004863ee1d0676 |
sssd-client-1.5.1-49.el5.i386.rpm | SHA-256: 452998c3ea8828e5ad66ccf5d949524c0e68d273b812024f171f5af78ec75f14 |
sssd-client-1.5.1-49.el5.x86_64.rpm | SHA-256: c0b0e541adad024705af5e3bf5bfc900166965732c2c4992c3ea727a84e4c068 |
sssd-tools-1.5.1-49.el5.x86_64.rpm | SHA-256: 4c62b40fa0f1937bd4b479beaca0fc3b44a25870fd8ecf7eac90cb8b6b2befea |
i386 | |
libipa_hbac-1.5.1-49.el5.i386.rpm | SHA-256: fe00079f7f7f375fc0ae8d0e193f3d77771a50a06205b53f1f13c9b2f6b8ba68 |
libipa_hbac-devel-1.5.1-49.el5.i386.rpm | SHA-256: 82651bf42d3ec0d1e118d2c836e6e024f3cc0c09741e06264c7222ce3aab8cd3 |
libipa_hbac-python-1.5.1-49.el5.i386.rpm | SHA-256: 454c3deaf31e9cd02a2a8318dce9611cffa8144cab97235b241a79dbaffdba97 |
sssd-1.5.1-49.el5.i386.rpm | SHA-256: c00e75a8022ee210eea03a379d6995f5426e1b62908c77cabd96db39df824034 |
sssd-client-1.5.1-49.el5.i386.rpm | SHA-256: 452998c3ea8828e5ad66ccf5d949524c0e68d273b812024f171f5af78ec75f14 |
sssd-tools-1.5.1-49.el5.i386.rpm | SHA-256: d56757b0cac04925ddb601bacf796e26b91d041e483a6ddbcdd06c2a6abbd309 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
sssd-1.5.1-49.el5.src.rpm | SHA-256: 91bfbfd99861d0546eacda71d2dc14ec160aaabb31e9a320cdf24c3ec4b8d6c3 |
x86_64 | |
libipa_hbac-1.5.1-49.el5.i386.rpm | SHA-256: fe00079f7f7f375fc0ae8d0e193f3d77771a50a06205b53f1f13c9b2f6b8ba68 |
libipa_hbac-1.5.1-49.el5.x86_64.rpm | SHA-256: 119deb2b9bdb385b2cd6cc2eb2da8b303c353053d3ad739e6acaa242b8510c1f |
libipa_hbac-devel-1.5.1-49.el5.i386.rpm | SHA-256: 82651bf42d3ec0d1e118d2c836e6e024f3cc0c09741e06264c7222ce3aab8cd3 |
libipa_hbac-devel-1.5.1-49.el5.x86_64.rpm | SHA-256: 90b4b20b0e099d39f7448b42156397eddb8ea8f01112d6e90b53035ebe5edd9d |
libipa_hbac-python-1.5.1-49.el5.x86_64.rpm | SHA-256: bc4677dc2d6cd9cbe9840ec21d71588247273568b8699d862dfabd5867a2a4df |
sssd-1.5.1-49.el5.x86_64.rpm | SHA-256: 1b0b186f4e3bcef7337dfc0632a6a5de62ede6e7341a9b0d7d004863ee1d0676 |
sssd-client-1.5.1-49.el5.i386.rpm | SHA-256: 452998c3ea8828e5ad66ccf5d949524c0e68d273b812024f171f5af78ec75f14 |
sssd-client-1.5.1-49.el5.x86_64.rpm | SHA-256: c0b0e541adad024705af5e3bf5bfc900166965732c2c4992c3ea727a84e4c068 |
sssd-tools-1.5.1-49.el5.x86_64.rpm | SHA-256: 4c62b40fa0f1937bd4b479beaca0fc3b44a25870fd8ecf7eac90cb8b6b2befea |
i386 | |
libipa_hbac-1.5.1-49.el5.i386.rpm | SHA-256: fe00079f7f7f375fc0ae8d0e193f3d77771a50a06205b53f1f13c9b2f6b8ba68 |
libipa_hbac-devel-1.5.1-49.el5.i386.rpm | SHA-256: 82651bf42d3ec0d1e118d2c836e6e024f3cc0c09741e06264c7222ce3aab8cd3 |
libipa_hbac-python-1.5.1-49.el5.i386.rpm | SHA-256: 454c3deaf31e9cd02a2a8318dce9611cffa8144cab97235b241a79dbaffdba97 |
sssd-1.5.1-49.el5.i386.rpm | SHA-256: c00e75a8022ee210eea03a379d6995f5426e1b62908c77cabd96db39df824034 |
sssd-client-1.5.1-49.el5.i386.rpm | SHA-256: 452998c3ea8828e5ad66ccf5d949524c0e68d273b812024f171f5af78ec75f14 |
sssd-tools-1.5.1-49.el5.i386.rpm | SHA-256: d56757b0cac04925ddb601bacf796e26b91d041e483a6ddbcdd06c2a6abbd309 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
sssd-1.5.1-49.el5.src.rpm | SHA-256: 91bfbfd99861d0546eacda71d2dc14ec160aaabb31e9a320cdf24c3ec4b8d6c3 |
s390x | |
libipa_hbac-1.5.1-49.el5.s390.rpm | SHA-256: 67ab146a52d34601ec897e0e94163c2b652478dfa7ec2780e3dd20dce3612b26 |
libipa_hbac-1.5.1-49.el5.s390x.rpm | SHA-256: 4c3c01ba4bbbb1c46998661d4c5a1e1939d97932d65cf2c03c9b20e50f6b5eaa |
libipa_hbac-devel-1.5.1-49.el5.s390.rpm | SHA-256: f5f7f208559d3b370cea2925714ae0e5ac824095d0db25ffa9d043e0814b7290 |
libipa_hbac-devel-1.5.1-49.el5.s390x.rpm | SHA-256: ad67981be7a49ed159d619118e4cd5e1172da0daef092aa4333eaf39f40dc14f |
libipa_hbac-python-1.5.1-49.el5.s390x.rpm | SHA-256: 677a223dfa03663f8a69484e16699ebc99972929fb2ce7d7dae0f4ba9ad794f3 |
sssd-1.5.1-49.el5.s390x.rpm | SHA-256: 4d90bae8b885ab2b4a329dd819b301161293dcf077ab4eafc8b292a389ab2685 |
sssd-client-1.5.1-49.el5.s390.rpm | SHA-256: c531933dbcb8d9790b44a0da69338b3fe2f6d25d1d4417c2d3e8cf3063d6cbb1 |
sssd-client-1.5.1-49.el5.s390x.rpm | SHA-256: 4cc94e3876f0ea8ed7b4f50f2ae56a933bb09f78befaba774b37533d606201a7 |
sssd-tools-1.5.1-49.el5.s390x.rpm | SHA-256: 6c1618ce9c8575593de2ddcccf71f4a6b85904dacd0590ff128c524c112b111c |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
sssd-1.5.1-49.el5.src.rpm | SHA-256: 91bfbfd99861d0546eacda71d2dc14ec160aaabb31e9a320cdf24c3ec4b8d6c3 |
ppc | |
libipa_hbac-1.5.1-49.el5.ppc.rpm | SHA-256: 91681c8320998fee527ddcccc1e11435359a7c7cce69b6c4101531ec59c438f8 |
libipa_hbac-1.5.1-49.el5.ppc64.rpm | SHA-256: 0316929e060f1f0828d01c90722db584a515c38feee32e7950220100a0c15173 |
libipa_hbac-devel-1.5.1-49.el5.ppc.rpm | SHA-256: 802895df79447516f6d73a70a71d32d042fa3e2acd307f7a5ab98a2faa62b008 |
libipa_hbac-devel-1.5.1-49.el5.ppc64.rpm | SHA-256: fdfa1eac3c2b57783896a01e5fc7eb707223d359e1d00e875462272532efbd62 |
libipa_hbac-python-1.5.1-49.el5.ppc.rpm | SHA-256: cb9c29d8137891478cff3d2f37304dd8558895ef2dab162575e813425c1ae496 |
sssd-1.5.1-49.el5.ppc.rpm | SHA-256: 570aa5bd20ad0eb39987a90a454da1cfa9b029cf058501ea004b61d5db82c386 |
sssd-client-1.5.1-49.el5.ppc.rpm | SHA-256: 4e9da4cd1714757dcdfa2b735aea5bff69899bead043c8fbefd9cdd3611dcb59 |
sssd-client-1.5.1-49.el5.ppc64.rpm | SHA-256: 97ddbdb229cb8087621ca204046e938bf529e52cb5fc668caeacba22fef47f91 |
sssd-tools-1.5.1-49.el5.ppc.rpm | SHA-256: 19f85ebbbd0c57d8b81a990e755f733d8886e3dcc13ae957d909d5962b275a99 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
sssd-1.5.1-49.el5.src.rpm | SHA-256: 91bfbfd99861d0546eacda71d2dc14ec160aaabb31e9a320cdf24c3ec4b8d6c3 |
x86_64 | |
libipa_hbac-1.5.1-49.el5.i386.rpm | SHA-256: fe00079f7f7f375fc0ae8d0e193f3d77771a50a06205b53f1f13c9b2f6b8ba68 |
libipa_hbac-1.5.1-49.el5.x86_64.rpm | SHA-256: 119deb2b9bdb385b2cd6cc2eb2da8b303c353053d3ad739e6acaa242b8510c1f |
libipa_hbac-devel-1.5.1-49.el5.i386.rpm | SHA-256: 82651bf42d3ec0d1e118d2c836e6e024f3cc0c09741e06264c7222ce3aab8cd3 |
libipa_hbac-devel-1.5.1-49.el5.x86_64.rpm | SHA-256: 90b4b20b0e099d39f7448b42156397eddb8ea8f01112d6e90b53035ebe5edd9d |
libipa_hbac-python-1.5.1-49.el5.x86_64.rpm | SHA-256: bc4677dc2d6cd9cbe9840ec21d71588247273568b8699d862dfabd5867a2a4df |
sssd-1.5.1-49.el5.x86_64.rpm | SHA-256: 1b0b186f4e3bcef7337dfc0632a6a5de62ede6e7341a9b0d7d004863ee1d0676 |
sssd-client-1.5.1-49.el5.i386.rpm | SHA-256: 452998c3ea8828e5ad66ccf5d949524c0e68d273b812024f171f5af78ec75f14 |
sssd-client-1.5.1-49.el5.x86_64.rpm | SHA-256: c0b0e541adad024705af5e3bf5bfc900166965732c2c4992c3ea727a84e4c068 |
sssd-tools-1.5.1-49.el5.x86_64.rpm | SHA-256: 4c62b40fa0f1937bd4b479beaca0fc3b44a25870fd8ecf7eac90cb8b6b2befea |
i386 | |
libipa_hbac-1.5.1-49.el5.i386.rpm | SHA-256: fe00079f7f7f375fc0ae8d0e193f3d77771a50a06205b53f1f13c9b2f6b8ba68 |
libipa_hbac-devel-1.5.1-49.el5.i386.rpm | SHA-256: 82651bf42d3ec0d1e118d2c836e6e024f3cc0c09741e06264c7222ce3aab8cd3 |
libipa_hbac-python-1.5.1-49.el5.i386.rpm | SHA-256: 454c3deaf31e9cd02a2a8318dce9611cffa8144cab97235b241a79dbaffdba97 |
sssd-1.5.1-49.el5.i386.rpm | SHA-256: c00e75a8022ee210eea03a379d6995f5426e1b62908c77cabd96db39df824034 |
sssd-client-1.5.1-49.el5.i386.rpm | SHA-256: 452998c3ea8828e5ad66ccf5d949524c0e68d273b812024f171f5af78ec75f14 |
sssd-tools-1.5.1-49.el5.i386.rpm | SHA-256: d56757b0cac04925ddb601bacf796e26b91d041e483a6ddbcdd06c2a6abbd309 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.