Overview

File _patchinfo of Package patchinfo.3328

<patchinfo incident="3328">
  <packager>guohouzuo</packager>
  <issue tracker="bnc" id="1004220">sssd missing logrotate</issue>
  <issue tracker="bnc" id="880245">VUL-1: CVE-2014-0249: sssd: incorrect expansion of group membership when encountering a non-POSIX group</issue>
  <issue tracker="bnc" id="993582">L3: statically compiled binary crashes when loading libpthread</issue>
  <issue tracker="cve" id="2014-0249"></issue>
  <issue tracker="bnc" id="1002973">L3-Question: sssd sudoOrder not honored as expected</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for sssd</summary>
  <description>
This update for sssd fixes one security issue and three bugs.

The following vulnerability was fixed:

- CVE-2014-0249: Incorrect expansion of group membership when encountering a non-POSIX group.
  (bsc#880245)

The following non-security fixes were also included:

- Prevent crashes of statically linked binaries using getpwuid when sssd is used and nscd is
  turned off or has caching disabled. (bsc#993582)
- Add logrotate configuration to prevent log files from growing too large when running with
  debug mode enabled. (bsc#1004220)
- Order sudo rules by the same logic used by the native LDAP support from sudo. (bsc#1002973)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places