CESA-2015:2019 -- centos 6 sssdID: oval:org.secpod.oval:def:203768 | Date: (C)2015-11-17 (M)2023-07-28 |
Class: PATCH | Family: unix |
The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. It was found that SSSD"s Privilege Attribute Certificate responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. This update also fixes the following bugs: * Previously, SSSD did not correctly handle sudo rules that applied to groups with names containing special characters, such as the "