Updated sssd packages fix security vulnerability
Publication date: 23 Aug 2018Modification date: 23 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-10852
Description
Updated sssd packages fix security vulnerability: The UNIX socket that is used for communication between the sudo utility and the sssd-sudo responder had its permissions set to world-readable and writable, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user (CVE-2018-10852).
References
SRPMS
6/core
- sssd-1.13.4-9.2.mga6