4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.4%
CentOS Errata and Security Advisory CESA-2018:1877
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.
The ding-libs packages contain a set of libraries used by the System Security Services Daemon (SSSD) as well as other projects, and provide functions to manipulate file system path names (libpath_utils), a hash table to manage storage and access time properties (libdhash), a data type to collect data in a hierarchical structure (libcollection), a dynamically growing, reference-counted array (libref_array), and a library to process configuration files in initialization format (INI) into a library collection data structure (libini_config).
Security Fix(es):
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Sumit Bose (Red Hat).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2018-June/031515.html
https://lists.centos.org/pipermail/centos-cr-announce/2018-June/031570.html
Affected packages:
libbasicobjects
libbasicobjects-devel
libcollection
libcollection-devel
libdhash
libdhash-devel
libini_config
libini_config-devel
libipa_hbac
libipa_hbac-devel
libpath_utils
libpath_utils-devel
libref_array
libref_array-devel
libsss_idmap
libsss_idmap-devel
libsss_nss_idmap
libsss_nss_idmap-devel
libsss_simpleifp
libsss_simpleifp-devel
python-libipa_hbac
python-libsss_nss_idmap
python-sss
python-sss-murmur
python-sssdconfig
sssd
sssd-ad
sssd-client
sssd-common
sssd-common-pac
sssd-dbus
sssd-ipa
sssd-krb5
sssd-krb5-common
sssd-ldap
sssd-proxy
sssd-tools
Upstream details at:
https://access.redhat.com/errata/RHSA-2018:1877
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | libbasicobjects | < 0.1.1-13.el6 | libbasicobjects-0.1.1-13.el6.i686.rpm |
CentOS | 6 | i686 | libbasicobjects-devel | < 0.1.1-13.el6 | libbasicobjects-devel-0.1.1-13.el6.i686.rpm |
CentOS | 6 | i686 | libcollection | < 0.6.2-13.el6 | libcollection-0.6.2-13.el6.i686.rpm |
CentOS | 6 | i686 | libcollection-devel | < 0.6.2-13.el6 | libcollection-devel-0.6.2-13.el6.i686.rpm |
CentOS | 6 | i686 | libdhash | < 0.4.3-13.el6 | libdhash-0.4.3-13.el6.i686.rpm |
CentOS | 6 | i686 | libdhash-devel | < 0.4.3-13.el6 | libdhash-devel-0.4.3-13.el6.i686.rpm |
CentOS | 6 | i686 | libini_config | < 1.1.0-13.el6 | libini_config-1.1.0-13.el6.i686.rpm |
CentOS | 6 | i686 | libini_config-devel | < 1.1.0-13.el6 | libini_config-devel-1.1.0-13.el6.i686.rpm |
CentOS | 6 | i686 | libpath_utils | < 0.2.1-13.el6 | libpath_utils-0.2.1-13.el6.i686.rpm |
CentOS | 6 | i686 | libpath_utils-devel | < 0.2.1-13.el6 | libpath_utils-devel-0.2.1-13.el6.i686.rpm |
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.4%