Oval Definition:	oval:com.redhat.rhsa:def:20172285
Revision Date: 2017-08-01 Version: 638 Title: RHSA-2017:2285: authconfig security, bug fix, and enhancement update (Moderate) Description: The authconfig packages contain a command-line utility and a GUI application that can configure a workstation to be a client for certain network user information, authentication schemes, and other user information and authentication-related options. Security Fix(es): A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack. (CVE-2017-7488) This issue was discovered by Tomas Mraz (Red Hat) and Thorsten Scherf (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. Family: unix Class: patch Status: Reference(s): CVE-2017-7488 RHSA-2017:2285 RHSA-2017:2285-02 Platform(s): Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 (please do not use for >= RHEL-7.5) Product(s): Definition Synopsis Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 7 is installed AND authconfig is earlier than 0:6.2.8-30.el7 AND authconfig is signed with Red Hat redhatrelease2 key authconfig-gtk is earlier than 0:6.2.8-30.el7 AND authconfig-gtk is signed with Red Hat redhatrelease2 key Definition Synopsis Release Information Red Hat Enterprise Linux 7 Client is installed OR Red Hat Enterprise Linux 7 Server is installed OR Red Hat Enterprise Linux 7 Workstation is installed OR Red Hat Enterprise Linux 7 ComputeNode is installed AND Package Information authconfig-gtk is earlier than 0:6.2.8-30.el7 AND authconfig-gtk is signed with Red Hat redhatrelease2 key OR authconfig is earlier than 0:6.2.8-30.el7 AND authconfig is signed with Red Hat redhatrelease2 key
BACK