| Revision Date: | 2017-08-01 | Version: | 638 |
| Title: | RHSA-2017:2285: authconfig security, bug fix, and enhancement update (Moderate) |
| Description: | The authconfig packages contain a command-line utility and a GUI application that can configure a workstation to be a client for certain network user information, authentication schemes, and other user information and authentication-related options.
Security Fix(es):
A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack. (CVE-2017-7488)
This issue was discovered by Tomas Mraz (Red Hat) and Thorsten Scherf (Red Hat).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2017-7488
RHSA-2017:2285
RHSA-2017:2285-02
|
| Platform(s): | Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 7 (please do not use for >= RHEL-7.5)
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 7 is installed
AND
authconfig is earlier than 0:6.2.8-30.el7
AND authconfig is signed with Red Hat redhatrelease2 key
authconfig-gtk is earlier than 0:6.2.8-30.el7
AND authconfig-gtk is signed with Red Hat redhatrelease2 key
|
| Definition Synopsis |
| Release Information
Red Hat Enterprise Linux 7 Client is installed
OR Red Hat Enterprise Linux 7 Server is installed
OR Red Hat Enterprise Linux 7 Workstation is installed
OR Red Hat Enterprise Linux 7 ComputeNode is installed
AND Package Information
authconfig-gtk is earlier than 0:6.2.8-30.el7
AND authconfig-gtk is signed with Red Hat redhatrelease2 key
OR
authconfig is earlier than 0:6.2.8-30.el7
AND authconfig is signed with Red Hat redhatrelease2 key
|