sssd security and bug fix update

2013-10-06T00:00:00
ID ELSA-2013-1319
Type oraclelinux
Reporter Oracle
Modified 2013-10-06T00:00:00

Description

[1.5.1-70] - Fix IPA provider performance issue when storing large host groups - Resolves: rhbz#979047 - sssd_be goes to 99% CPU and causes significant login delays when client is under load

[1.5.1-69] - Fix startup with a broken configuration - Resolves: rhbz#974036 - sssd core process keeps running after backends quit

[1.5.1-68] - Add a forgotten break in a switch statement - Related: rhbz#886165 - sssd will stop functioning correctly if sssd_be hangs for a while

[1.5.1-67] - Fix initialization of the paging control - Related: rhbz#886165 - sssd segfaults (sssd_be & sssd_pam) and corrupts cache repeatedly

[1.5.1-66] - Resolves: rhbz#961680 - sssd components seem to mishandle sighup

[1.5.1-65] - Resolves: rhbz#959838 - CVE-2013-0219 sssd: TOCTOU race conditions by copying and removing directory trees

[1.5.1-64] - Free the LDAP control when following referrals - Resolves: rhbz#820908 - SSSD stops working due to memory problems

[1.5.1-63] - Restart services with a timeout in case they are restarted too often - Resolves: rhbz#950156 - sssd dead but pid file exists after heavy load presented

[1.5.1-62] - Use the LDAP paging control more sparingly - Related: rhbz#886165 - sssd segfaults (sssd_be & sssd_pam) and corrupts cache repeatedly

[1.5.1-61] - Resolves: rhbz#886165 - sssd segfaults (sssd_be & sssd_pam) and corrupts cache repeatedly

[1.5.1-60] - Resolves: rhbz#886165 - sssd will stop functioning correctly if sssd_be hangs for a while

[1.5.1-59] - Process pending requests on PAM reconnect - Resolves: rhbz#882414 - sssd will stop perform LDAP requests for user lookup (nss), authorization, and authentication

[1.5.1-58] - Initialize hbac_ctx to NULL - Resolves: rhbz#850722

[1.5.1-57] - Process all groups from a single nesting level - Resolves: rhbz#846664 - Backport the option to disable srchost processing - Resolves: rhbz#841677

[1.5.1-56] - Require libgssapiv2.so to pull in cyrus-sasl-gssapi - Resolves: rhbz#786443

[1.5.1-55] - Rebuild against newer libtdb - Related: rhbz#838130 - SSSD needs to be rebuilt against newer libtdb

[1.5.1-54] - Resolves: rhbz#797272 - sssd-1.5.1-37.el5 needs a dependency to dbus >= 1.1 - Resolves: rhbz#797300 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#833169 - Add support for terminating idle connections in sssd_nss - Resolves: rhbz#783081 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#786443 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#827469 - Unable to lookup user, group, netgroup aliases with case_sensitive=false

[1.5.1-53] - Resolves: rhbz#826237 - sssd_be segfaulting with IPA backend

[1.5.1-52] - Resolves: rhbz#817073 - sssd fails to use the last AD server if other AD servers are not reachable - Resolves: rhbz#828190 - Infinite loop checking Kerberos credentials

[1.5.1-51] - Resolves: rhbz#815154 - Raise limits for max num of files sssd_nss/sssd_pam can use

[1.5.1-50] - Add the ability to disable the LDAP simple paging control - Resolves: rhbz#782221 - Intermittent LDAP paging errors