ELSA-2021-3336

Опубликовано: 01 сент. 2021

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2021-3336: sssd security and bug fix update (IMPORTANT)

[1.16.5-10.0.1]

Revert Redhat's change of disallowing duplicated incomplete gid when 'id_provider=ldap' is used, which caused regression in AD environment. [Orabug: 29286774] [Doc ID 2605732.1]

[1.16.5-10.10]

Resolves: rhbz#1973796 - SSSD is NOT able to contact the Global Catalog when local site is down

[1.16.5-10.9]

Resolves: rhbz#1988463 - Missing search index for [rhel-7.9.z]
Resolves: rhbz#1968330 - id lookup is failing intermittently
Resolves: rhbz#1964415 - Memory leak in the simple access provider
Resolves: rhbz#1985457 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-7.9.z]

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

libipa_hbac

1.16.5-10.0.1.el7_9.10

libipa_hbac-devel

1.16.5-10.0.1.el7_9.10

libsss_autofs

1.16.5-10.0.1.el7_9.10

libsss_certmap

1.16.5-10.0.1.el7_9.10

libsss_certmap-devel

1.16.5-10.0.1.el7_9.10

libsss_idmap

1.16.5-10.0.1.el7_9.10

libsss_idmap-devel

1.16.5-10.0.1.el7_9.10

libsss_nss_idmap

1.16.5-10.0.1.el7_9.10

libsss_nss_idmap-devel

1.16.5-10.0.1.el7_9.10

libsss_simpleifp

1.16.5-10.0.1.el7_9.10

libsss_simpleifp-devel

1.16.5-10.0.1.el7_9.10

libsss_sudo

1.16.5-10.0.1.el7_9.10

python-libipa_hbac

1.16.5-10.0.1.el7_9.10

python-libsss_nss_idmap

1.16.5-10.0.1.el7_9.10

python-sss

1.16.5-10.0.1.el7_9.10

python-sss-murmur

1.16.5-10.0.1.el7_9.10

python-sssdconfig

1.16.5-10.0.1.el7_9.10

sssd

1.16.5-10.0.1.el7_9.10

sssd-ad

1.16.5-10.0.1.el7_9.10

sssd-client

1.16.5-10.0.1.el7_9.10

sssd-common

1.16.5-10.0.1.el7_9.10

sssd-common-pac

1.16.5-10.0.1.el7_9.10

sssd-dbus

1.16.5-10.0.1.el7_9.10

sssd-ipa

1.16.5-10.0.1.el7_9.10

sssd-kcm

1.16.5-10.0.1.el7_9.10

sssd-krb5

1.16.5-10.0.1.el7_9.10

sssd-krb5-common

1.16.5-10.0.1.el7_9.10

sssd-ldap

1.16.5-10.0.1.el7_9.10

sssd-libwbclient

1.16.5-10.0.1.el7_9.10

sssd-libwbclient-devel

1.16.5-10.0.1.el7_9.10

sssd-polkit-rules

1.16.5-10.0.1.el7_9.10

sssd-proxy

1.16.5-10.0.1.el7_9.10

sssd-tools

1.16.5-10.0.1.el7_9.10

sssd-winbind-idmap

1.16.5-10.0.1.el7_9.10

Oracle Linux x86_64

libipa_hbac

1.16.5-10.0.1.el7_9.10

libipa_hbac-devel

1.16.5-10.0.1.el7_9.10

libsss_autofs

1.16.5-10.0.1.el7_9.10

libsss_certmap

1.16.5-10.0.1.el7_9.10

libsss_certmap-devel

1.16.5-10.0.1.el7_9.10

libsss_idmap

1.16.5-10.0.1.el7_9.10

libsss_idmap-devel

1.16.5-10.0.1.el7_9.10

libsss_nss_idmap

1.16.5-10.0.1.el7_9.10

libsss_nss_idmap-devel

1.16.5-10.0.1.el7_9.10

libsss_simpleifp

1.16.5-10.0.1.el7_9.10

libsss_simpleifp-devel

1.16.5-10.0.1.el7_9.10

libsss_sudo

1.16.5-10.0.1.el7_9.10

python-libipa_hbac

1.16.5-10.0.1.el7_9.10

python-libsss_nss_idmap

1.16.5-10.0.1.el7_9.10

python-sss

1.16.5-10.0.1.el7_9.10

python-sss-murmur

1.16.5-10.0.1.el7_9.10

python-sssdconfig

1.16.5-10.0.1.el7_9.10

sssd

1.16.5-10.0.1.el7_9.10

sssd-ad

1.16.5-10.0.1.el7_9.10

sssd-client

1.16.5-10.0.1.el7_9.10

sssd-common

1.16.5-10.0.1.el7_9.10

sssd-common-pac

1.16.5-10.0.1.el7_9.10

sssd-dbus

1.16.5-10.0.1.el7_9.10

sssd-ipa

1.16.5-10.0.1.el7_9.10

sssd-kcm

1.16.5-10.0.1.el7_9.10

sssd-krb5

1.16.5-10.0.1.el7_9.10

sssd-krb5-common

1.16.5-10.0.1.el7_9.10

sssd-ldap

1.16.5-10.0.1.el7_9.10

sssd-libwbclient

1.16.5-10.0.1.el7_9.10

sssd-libwbclient-devel

1.16.5-10.0.1.el7_9.10

sssd-polkit-rules

1.16.5-10.0.1.el7_9.10

sssd-proxy

1.16.5-10.0.1.el7_9.10

sssd-tools

1.16.5-10.0.1.el7_9.10

sssd-winbind-idmap

1.16.5-10.0.1.el7_9.10

Связанные CVE

CVE-2021-3621

Ссылки на источники

Связанные уязвимости

CVE-2021-3621

CVSS3: 8.8

ubuntu

больше 3 лет назад

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.