Advisories » MGASA-2018-0350

Updated sssd packages fix security vulnerability

Publication date: 23 Aug 2018
Modification date: 23 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-10852

Description

Updated sssd packages fix security vulnerability:

The UNIX socket that is used for communication between the sudo utility
and the sssd-sudo responder had its permissions set to world-readable and
writable, which means that anyone who can send a message using the same
raw protocol that sudo and SSSD use can read the sudo rules available for
any user (CVE-2018-10852).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23381
• https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/XUCDLKDVH7HZKPSJ7GEJAVNZS5CW35EK/
• https://lists.opensuse.org/opensuse-updates/2018-08/msg00071.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10852

SRPMS

6/core

• sssd-1.13.4-9.2.mga6