Bugzilla – Bug 1121759
VUL-1: CVE-2019-3811: sssd: fallback_homedir returns '/' for empty home directories in passwd file
Last modified: 2020-06-23 17:16:39 UTC
An issue was found in SSSD. The default option for fallback_homedir returns '/' for empty home directories in the passwd file. Upstream pull request: https://github.com/SSSD/sssd/pull/703 Upstream Patch: https://github.com/SSSD/sssd/pull/703/commits/fa0a6400ebd2f4056a057914355ec2ddefc14fe6 https://github.com/SSSD/sssd/pull/703/commits/fe11bd0d5b7dea9f1723c5a59ba0c47641802797 References: https://bugzilla.redhat.com/show_bug.cgi?id=1656618 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3811
This has been introduced with upstream commit 704cc1c7 and basically affects all released versions.
SUSE-SU-2019:0542-1: An update that solves one vulnerability and has four fixes is now available. Category: security (moderate) Bug References: 1004220,1087320,1120852,1121759,1125277 CVE References: CVE-2019-3811 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): sssd-1.16.1-3.15.1 SUSE Linux Enterprise Module for Basesystem 15 (src): sssd-1.16.1-3.15.1
SUSE-SU-2019:0552-1: An update that solves one vulnerability and has four fixes is now available. Category: security (moderate) Bug References: 1039567,1082568,1121759,976038,977224 CVE References: CVE-2019-3811 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): sssd-1.11.5.1-10.16.1
SUSE-SU-2019:0556-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1004220,1087320,1098377,1120852,1121759 CVE References: CVE-2018-10852,CVE-2019-3811 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): sssd-1.16.1-4.3.2 SUSE Linux Enterprise Server 12-SP4 (src): sssd-1.16.1-4.3.2 SUSE Linux Enterprise Desktop 12-SP4 (src): sssd-1.16.1-4.3.2
SUSE-SU-2019:0805-1: An update that solves one vulnerability and has four fixes is now available. Category: security (moderate) Bug References: 1109849,1110121,1121759,1125617,1127670 CVE References: CVE-2019-3811 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): sssd-1.13.4-34.31.1 SUSE Linux Enterprise Server 12-SP3 (src): adcli-0.8.2-1.3.1, sssd-1.13.4-34.31.1 SUSE Linux Enterprise Desktop 12-SP3 (src): adcli-0.8.2-1.3.1, sssd-1.13.4-34.31.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1174-1: An update that solves one vulnerability and has four fixes is now available. Category: security (moderate) Bug References: 1109849,1110121,1121759,1125617,1127670 CVE References: CVE-2019-3811 Sources used: openSUSE Leap 42.3 (src): sssd-1.13.4-15.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
released