Bug 24513

Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC'ing two submitters.

Assignee: bugsquad => pkg-bugs
CC: (none) => bruno, geiger.david68210, marja11

openSUSE has issued an advisory for this today (March 18):
https://lists.opensuse.org/opensuse-updates/2019-03/msg00075.html

Hi,

For Cauldron, sssd-1.16.3-3.mga7 should solve that issue.

Best regards,

Nico.

CC: (none) => nicolas.salguero

Suggested advisory:
========================

The updated packages fix a security vulnerability:

If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. (CVE-2019-3811)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3811
http://lists.suse.com/pipermail/sle-security-updates/2019-March/005173.html
https://lists.opensuse.org/opensuse-updates/2019-03/msg00075.html
========================

Updated packages in core/updates_testing:
========================
sssd-1.13.4-9.5.mga6
sssd-common-1.13.4-9.5.mga6
sssd-client-1.13.4-9.5.mga6
libsss_sudo-1.13.4-9.5.mga6
libsss_autofs-1.13.4-9.5.mga6
sssd-tools-1.13.4-9.5.mga6
python-sssdconfig-1.13.4-9.5.mga6
python3-sssdconfig-1.13.4-9.5.mga6
python-sss-1.13.4-9.5.mga6
python3-sss-1.13.4-9.5.mga6
python-sss-murmur-1.13.4-9.5.mga6
python3-sss-murmur-1.13.4-9.5.mga6
sssd-ldap-1.13.4-9.5.mga6
sssd-krb5-common-1.13.4-9.5.mga6
sssd-krb5-1.13.4-9.5.mga6
sssd-common-pac-1.13.4-9.5.mga6
sssd-ipa-1.13.4-9.5.mga6
sssd-ad-1.13.4-9.5.mga6
sssd-proxy-1.13.4-9.5.mga6
libsss_idmap-1.13.4-9.5.mga6
libsss_idmap-devel-1.13.4-9.5.mga6
libipa_hbac-1.13.4-9.5.mga6
libipa_hbac-devel-1.13.4-9.5.mga6
python-libipa_hbac-1.13.4-9.5.mga6
python3-libipa_hbac-1.13.4-9.5.mga6
libsss_nss_idmap-1.13.4-9.5.mga6
libsss_nss_idmap-devel-1.13.4-9.5.mga6
python-libsss_nss_idmap-1.13.4-9.5.mga6
python3-libsss_nss_idmap-1.13.4-9.5.mga6
sssd-dbus-1.13.4-9.5.mga6
libsss_simpleifp-1.13.4-9.5.mga6
libsss_simpleifp-devel-1.13.4-9.5.mga6
sssd-libwbclient-1.13.4-9.5.mga6
sssd-libwbclient-devel-1.13.4-9.5.mga6

from SRPMS:
sssd-1.13.4-9.5.mga6.src.rpm

Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Source RPM: sssd-1.16.3-2.mga7.src.rpm => sssd-1.13.4-9.4.mga6.src.rpm
CVE: (none) => CVE-2019-3811

MGA6-32 MATE on IBM Thinkpad R50e
No installation issues
Provided a /etc/sssd/sssd.conf file as in bug 23381 Comment 10, and then at CLI:
# systemctl start sssd

# systemctl -l status sssd
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
   Active: active (running) since di 2019-04-16 13:56:32 CEST; 4s ago
  Process: 3048 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=0/SUCCESS)
 Main PID: 3049 (sssd)
   CGroup: /system.slice/sssd.service
           ├─3049 /usr/sbin/sssd -D -f
           └─3050 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files

apr 16 13:56:31 mach6.hviaene.thuis systemd[1]: Starting System Security Services Daemon...
apr 16 13:56:32 mach6.hviaene.thuis sssd[3049]: Starting up
apr 16 13:56:32 mach6.hviaene.thuis sssd[pam][3050]: Starting up
apr 16 13:56:32 mach6.hviaene.thuis systemd[1]: Started System Security Services Daemon.

# sss_useradd prutser

# sss_groupshow prutser
Magic Private Groep: prutser
GID nummer: 1000
Lid gebruikers: 
Is lid van: 
Lid groepen: 

Looks OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA6-32-OK

Validating. Advisory in Comment 4.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Combined info from this bug with the update for sssd in bug 24478.
Closing this bug as fixed.

Resolution: (none) => FIXED
CC: (none) => davidwhodgins
Status: ASSIGNED => RESOLVED