Accepting request 160207 from home:rhafer:branches:network:ldap

CVE-2013-0287 (bnc#809153) OBS-URL: https://build.opensuse.org/request/show/160207 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=91
2013-03-20 10:22:42 +00:00
parent 52a4425360
commit ee4fd091b3
6 changed files with 2338 additions and 1 deletions
--- a/sssd.changes
+++ b/sssd.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Mar 20 10:05:00 UTC 2013 - rhafer@suse.com
+
+- Fixed security issue: CVE-2013-0287 (bnc#809153):
+  When SSSD is configured as an Active Directory client by using
+  the new Active Directory provider or equivalent configuration
+  of the LDAP provider, the Simple Access Provider does not
+  handle access control correctly.  If any groups are specified
+  with the simple_deny_groups option, the group members are
+  permitted access. New patches:
+  * Provide-a-be_get_account_info_send-function.patch
+  * Add-unit-tests-for-simple-access-test-by-groups.patch
+  * Do-not-compile-main-in-DP-if-UNIT_TESTING-is-defined.patch
+  * Resolve-GIDs-in-the-simple-access-provider.patch
+
 -------------------------------------------------------------------
 Tue Feb 26 08:29:43 UTC 2013 - jengelh@inai.de