Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:2763-1

Опубликовано: 10 авг. 2022
Источник: suse-cvrf

Описание

Security update for sssd

This update for sssd fixes the following issues:

  • CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommand (bsc#1189492).

  • Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte (bsc#1190775)

  • Fix 32-bit libraries package. Libraries were moved from sssd to sssd-common but baselibs.conf was not updated accordingly (bsc#1182058, bsc#1196166)

  • Remove caches only when performing a package downgrade. The sssd daemon takes care of upgrading the database format when necessary (bsc#1195552)

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP4
libipa_hbac-devel-2.5.2-150400.4.5.14
libipa_hbac0-2.5.2-150400.4.5.14
libsss_certmap-devel-2.5.2-150400.4.5.14
libsss_certmap0-2.5.2-150400.4.5.14
libsss_idmap-devel-2.5.2-150400.4.5.14
libsss_idmap0-2.5.2-150400.4.5.14
libsss_nss_idmap-devel-2.5.2-150400.4.5.14
libsss_nss_idmap0-2.5.2-150400.4.5.14
libsss_simpleifp-devel-2.5.2-150400.4.5.14
libsss_simpleifp0-2.5.2-150400.4.5.14
python3-sssd-config-2.5.2-150400.4.5.14
sssd-2.5.2-150400.4.5.14
sssd-ad-2.5.2-150400.4.5.14
sssd-common-2.5.2-150400.4.5.14
sssd-dbus-2.5.2-150400.4.5.14
sssd-ipa-2.5.2-150400.4.5.14
sssd-kcm-2.5.2-150400.4.5.14
sssd-krb5-2.5.2-150400.4.5.14
sssd-krb5-common-2.5.2-150400.4.5.14
sssd-ldap-2.5.2-150400.4.5.14
sssd-proxy-2.5.2-150400.4.5.14
sssd-tools-2.5.2-150400.4.5.14
sssd-winbind-idmap-2.5.2-150400.4.5.14
openSUSE Leap 15.4
libipa_hbac-devel-2.5.2-150400.4.5.14
libipa_hbac0-2.5.2-150400.4.5.14
libnfsidmap-sss-2.5.2-150400.4.5.14
libsss_certmap-devel-2.5.2-150400.4.5.14
libsss_certmap0-2.5.2-150400.4.5.14
libsss_idmap-devel-2.5.2-150400.4.5.14
libsss_idmap0-2.5.2-150400.4.5.14
libsss_nss_idmap-devel-2.5.2-150400.4.5.14
libsss_nss_idmap0-2.5.2-150400.4.5.14
libsss_simpleifp-devel-2.5.2-150400.4.5.14
libsss_simpleifp0-2.5.2-150400.4.5.14
python3-ipa_hbac-2.5.2-150400.4.5.14
python3-sss-murmur-2.5.2-150400.4.5.14
python3-sss_nss_idmap-2.5.2-150400.4.5.14
python3-sssd-config-2.5.2-150400.4.5.14
sssd-2.5.2-150400.4.5.14
sssd-ad-2.5.2-150400.4.5.14
sssd-common-2.5.2-150400.4.5.14
sssd-dbus-2.5.2-150400.4.5.14
sssd-ipa-2.5.2-150400.4.5.14
sssd-kcm-2.5.2-150400.4.5.14
sssd-krb5-2.5.2-150400.4.5.14
sssd-krb5-common-2.5.2-150400.4.5.14
sssd-ldap-2.5.2-150400.4.5.14
sssd-proxy-2.5.2-150400.4.5.14
sssd-tools-2.5.2-150400.4.5.14
sssd-winbind-idmap-2.5.2-150400.4.5.14

Ссылки

Описание

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP4:libipa_hbac-devel-2.5.2-150400.4.5.14
SUSE Linux Enterprise Module for Basesystem 15 SP4:libipa_hbac0-2.5.2-150400.4.5.14
SUSE Linux Enterprise Module for Basesystem 15 SP4:libsss_certmap-devel-2.5.2-150400.4.5.14
SUSE Linux Enterprise Module for Basesystem 15 SP4:libsss_certmap0-2.5.2-150400.4.5.14
Ссылки