Ubuntu
freeipa package

Depend on libnss-sss and libpam-sss

Bug #1600513 reported by Marlin Cremers on 2016-07-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	freeipa (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Currently libnss-sss and libpam-sss are marked as recommended on the sssd-common package. This however causes issues on systems that have installing recommended packages turned off (which I noticed was enabled on a VPS).

The fact that those libaries are not installed means that the client install is not able to get a working setup running. It would probably be best if freeipa-client had a dependency on libnss-sss and libpam-nss as they're essentially necessary to get a working setup.

Tags:

CVE References

2016-5404

Revision history for this message

Philippe Clérié (pclerie) wrote on 2016-09-28:

I strongly concur. I was about to file a bug on that.

Also add: libsss-sudo.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-12-26:

This bug was fixed in the package freeipa - 4.3.2-5

---------------
freeipa (4.3.2-5) unstable; urgency=medium

  * fix-cve-2016-5404.diff: Fix permission check bypass (Closes: #835131)
    - CVE-2016-5404
  * ipa-kdb-support-dal-version-5-and-6.diff: Support mit-krb5 1.15.
    (Closes: #844114)

-- Timo Aaltonen <email address hidden> Sat, 03 Dec 2016 01:02:40 +0200

Changed in freeipa (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntufreeipa package