Описание
ELSA-2021-3151: sssd security update (IMPORTANT)
[2.4.0-9.0.1]
- Restore default debug level for sss_cache [Orabug: 32810448]
- Restore default debug level for shadow-utils tools [Orabug: 32810448]
- Revert Redhat's change of disallowing duplicated incomplete gid when 'id_provider=ldap' is used, which caused regression in AD environment. [Orabug: 29286774] [Doc ID 2605732.1]
[2.4.0-9.2]
- Resolves: rhbz#1985456 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8.4.0.z]
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
libipa_hbac
2.4.0-9.0.1.el8_4.2
libsss_autofs
2.4.0-9.0.1.el8_4.2
libsss_certmap
2.4.0-9.0.1.el8_4.2
libsss_idmap
2.4.0-9.0.1.el8_4.2
libsss_nss_idmap
2.4.0-9.0.1.el8_4.2
libsss_nss_idmap-devel
2.4.0-9.0.1.el8_4.2
libsss_simpleifp
2.4.0-9.0.1.el8_4.2
libsss_sudo
2.4.0-9.0.1.el8_4.2
python3-libipa_hbac
2.4.0-9.0.1.el8_4.2
python3-libsss_nss_idmap
2.4.0-9.0.1.el8_4.2
python3-sss
2.4.0-9.0.1.el8_4.2
python3-sss-murmur
2.4.0-9.0.1.el8_4.2
python3-sssdconfig
2.4.0-9.0.1.el8_4.2
sssd
2.4.0-9.0.1.el8_4.2
sssd-ad
2.4.0-9.0.1.el8_4.2
sssd-client
2.4.0-9.0.1.el8_4.2
sssd-common
2.4.0-9.0.1.el8_4.2
sssd-common-pac
2.4.0-9.0.1.el8_4.2
sssd-dbus
2.4.0-9.0.1.el8_4.2
sssd-ipa
2.4.0-9.0.1.el8_4.2
sssd-kcm
2.4.0-9.0.1.el8_4.2
sssd-krb5
2.4.0-9.0.1.el8_4.2
sssd-krb5-common
2.4.0-9.0.1.el8_4.2
sssd-ldap
2.4.0-9.0.1.el8_4.2
sssd-libwbclient
2.4.0-9.0.1.el8_4.2
sssd-nfs-idmap
2.4.0-9.0.1.el8_4.2
sssd-polkit-rules
2.4.0-9.0.1.el8_4.2
sssd-proxy
2.4.0-9.0.1.el8_4.2
sssd-tools
2.4.0-9.0.1.el8_4.2
sssd-winbind-idmap
2.4.0-9.0.1.el8_4.2
Oracle Linux x86_64
libipa_hbac
2.4.0-9.0.1.el8_4.2
libsss_autofs
2.4.0-9.0.1.el8_4.2
libsss_certmap
2.4.0-9.0.1.el8_4.2
libsss_idmap
2.4.0-9.0.1.el8_4.2
libsss_nss_idmap
2.4.0-9.0.1.el8_4.2
libsss_nss_idmap-devel
2.4.0-9.0.1.el8_4.2
libsss_simpleifp
2.4.0-9.0.1.el8_4.2
libsss_sudo
2.4.0-9.0.1.el8_4.2
python3-libipa_hbac
2.4.0-9.0.1.el8_4.2
python3-libsss_nss_idmap
2.4.0-9.0.1.el8_4.2
python3-sss
2.4.0-9.0.1.el8_4.2
python3-sss-murmur
2.4.0-9.0.1.el8_4.2
python3-sssdconfig
2.4.0-9.0.1.el8_4.2
sssd
2.4.0-9.0.1.el8_4.2
sssd-ad
2.4.0-9.0.1.el8_4.2
sssd-client
2.4.0-9.0.1.el8_4.2
sssd-common
2.4.0-9.0.1.el8_4.2
sssd-common-pac
2.4.0-9.0.1.el8_4.2
sssd-dbus
2.4.0-9.0.1.el8_4.2
sssd-ipa
2.4.0-9.0.1.el8_4.2
sssd-kcm
2.4.0-9.0.1.el8_4.2
sssd-krb5
2.4.0-9.0.1.el8_4.2
sssd-krb5-common
2.4.0-9.0.1.el8_4.2
sssd-ldap
2.4.0-9.0.1.el8_4.2
sssd-libwbclient
2.4.0-9.0.1.el8_4.2
sssd-nfs-idmap
2.4.0-9.0.1.el8_4.2
sssd-polkit-rules
2.4.0-9.0.1.el8_4.2
sssd-proxy
2.4.0-9.0.1.el8_4.2
sssd-tools
2.4.0-9.0.1.el8_4.2
sssd-winbind-idmap
2.4.0-9.0.1.el8_4.2
Связанные CVE
Связанные уязвимости
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
A flaw was found in SSSD, where the sssctl command was vulnerable to s ...
