Issued:

2010-11-10

Updated:

2010-11-10

RHBA-2010:0852 - sssd bug fix update

Synopsis

sssd bug fix update

Type/Severity

Bug Fix Advisory (none)

Topic

An updated sssd package that addresses group assignment and multilib issues is now available for Red Hat Enterprise Linux 6.

Description

The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.

These updated packages fix the following bugs:

• Previously, Kerberos applications running on the secondary architecture of a multilib platform (e.g. i686 on x86_64) would not be able to identify the Kerberos server for authentication. With this update, the Kerberos locator plugin is located in the sssd-client package to allow installation of both the 32-bit and 64-bit versions on 64-bit systems. (BZ#637070)

• Previously, users would not always be assigned to all initgroups for which they were a member in LDAP. This could cause several issues related to group-based permissions. With this update, the initgroups() call always returns all groups for the specified user. (BZ#642412)

• Previously, SSSD could remove legitimate groups that were only identified as a user's primary group when the cache cleanup routine ran. This could cause issues with group-based access control permissions such as access.conf and sudoers. With this update, SSSD checks also whether there are users who have this group as their primary group ID. (BZ#649312)

All SSSD users are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Updated Packages

• libdhash-devel-0.4.0-28.el6_0.2.x86_64.rpm
• sssd-debuginfo-1.2.1-28.el6_0.2.s390.rpm
• libcollection-devel-0.5.0-28.el6_0.2.s390.rpm
• libini_config-0.5.1-28.el6_0.2.s390.rpm
• libdhash-devel-0.4.0-28.el6_0.2.s390x.rpm
• libpath_utils-0.2.0-28.el6_0.2.ppc.rpm
• sssd-client-1.2.1-28.el6_0.2.ppc64.rpm
• libref_array-0.1.0-28.el6_0.2.s390.rpm
• sssd-debuginfo-1.2.1-28.el6_0.2.x86_64.rpm
• libdhash-0.4.0-28.el6_0.2.i686.rpm
• libref_array-devel-0.1.0-28.el6_0.2.s390.rpm
• libdhash-0.4.0-28.el6_0.2.s390x.rpm
• libpath_utils-0.2.0-28.el6_0.2.x86_64.rpm
• libref_array-0.1.0-28.el6_0.2.x86_64.rpm
• libref_array-devel-0.1.0-28.el6_0.2.x86_64.rpm
• libcollection-devel-0.5.0-28.el6_0.2.i686.rpm
• libref_array-0.1.0-28.el6_0.2.i686.rpm
• libpath_utils-0.2.0-28.el6_0.2.s390x.rpm
• sssd-debuginfo-1.2.1-28.el6_0.2.s390x.rpm
• libpath_utils-devel-0.2.0-28.el6_0.2.ppc.rpm
• libref_array-0.1.0-28.el6_0.2.ppc.rpm
• libdhash-0.4.0-28.el6_0.2.s390.rpm
• libdhash-0.4.0-28.el6_0.2.ppc64.rpm
• libdhash-0.4.0-28.el6_0.2.x86_64.rpm
• sssd-client-1.2.1-28.el6_0.2.i686.rpm
• libcollection-0.5.0-28.el6_0.2.i686.rpm
• libini_config-devel-0.5.1-28.el6_0.2.i686.rpm
• libpath_utils-devel-0.2.0-28.el6_0.2.i686.rpm
• sssd-1.2.1-28.el6_0.2.src.rpm
• libref_array-devel-0.1.0-28.el6_0.2.ppc64.rpm
• libpath_utils-0.2.0-28.el6_0.2.i686.rpm
• libini_config-devel-0.5.1-28.el6_0.2.x86_64.rpm
• libini_config-devel-0.5.1-28.el6_0.2.ppc64.rpm
• libdhash-0.4.0-28.el6_0.2.ppc.rpm
• libcollection-devel-0.5.0-28.el6_0.2.x86_64.rpm
• libcollection-devel-0.5.0-28.el6_0.2.ppc64.rpm
• libpath_utils-devel-0.2.0-28.el6_0.2.s390x.rpm
• libini_config-0.5.1-28.el6_0.2.ppc64.rpm
• sssd-client-1.2.1-28.el6_0.2.s390x.rpm
• libini_config-devel-0.5.1-28.el6_0.2.ppc.rpm
• libref_array-0.1.0-28.el6_0.2.ppc64.rpm
• sssd-1.2.1-28.el6_0.2.i686.rpm
• libini_config-devel-0.5.1-28.el6_0.2.s390x.rpm
• libref_array-0.1.0-28.el6_0.2.s390x.rpm
• libdhash-devel-0.4.0-28.el6_0.2.s390.rpm
• libini_config-0.5.1-28.el6_0.2.ppc.rpm
• libref_array-devel-0.1.0-28.el6_0.2.i686.rpm
• libcollection-devel-0.5.0-28.el6_0.2.ppc.rpm
• libref_array-devel-0.1.0-28.el6_0.2.ppc.rpm
• libini_config-0.5.1-28.el6_0.2.x86_64.rpm
• libcollection-0.5.0-28.el6_0.2.ppc.rpm
• libdhash-devel-0.4.0-28.el6_0.2.ppc64.rpm
• libcollection-0.5.0-28.el6_0.2.x86_64.rpm
• libpath_utils-devel-0.2.0-28.el6_0.2.ppc64.rpm
• sssd-debuginfo-1.2.1-28.el6_0.2.ppc64.rpm
• libcollection-0.5.0-28.el6_0.2.ppc64.rpm
• sssd-1.2.1-28.el6_0.2.ppc64.rpm
• sssd-1.2.1-28.el6_0.2.x86_64.rpm
• libini_config-devel-0.5.1-28.el6_0.2.s390.rpm
• libpath_utils-0.2.0-28.el6_0.2.s390.rpm
• sssd-client-1.2.1-28.el6_0.2.s390.rpm
• libpath_utils-devel-0.2.0-28.el6_0.2.x86_64.rpm
• sssd-debuginfo-1.2.1-28.el6_0.2.ppc.rpm
• libcollection-0.5.0-28.el6_0.2.s390x.rpm
• sssd-client-1.2.1-28.el6_0.2.ppc.rpm
• libini_config-0.5.1-28.el6_0.2.s390x.rpm
• libcollection-0.5.0-28.el6_0.2.s390.rpm
• libini_config-0.5.1-28.el6_0.2.i686.rpm
• libpath_utils-0.2.0-28.el6_0.2.ppc64.rpm
• libdhash-devel-0.4.0-28.el6_0.2.i686.rpm
• sssd-client-1.2.1-28.el6_0.2.x86_64.rpm
• libpath_utils-devel-0.2.0-28.el6_0.2.s390.rpm
• libcollection-devel-0.5.0-28.el6_0.2.s390x.rpm
• sssd-debuginfo-1.2.1-28.el6_0.2.i686.rpm
• sssd-1.2.1-28.el6_0.2.s390x.rpm
• libdhash-devel-0.4.0-28.el6_0.2.ppc.rpm
• libref_array-devel-0.1.0-28.el6_0.2.s390x.rpm

Fixes

• This content is not included.BZ - 637070
• This content is not included.BZ - 642412
• This content is not included.BZ - 649312

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.