Описание
Security update for sssd
This update for sssd fixes the following issues:
- CVE-2023-3758: Fixed race condition during authorization leads to GPO policies functioning inconsistently (bsc#1223100).
The following non-security bugs were fixed:
- Use the name from the cached entries when updating them to avoid capitalization problems (bsc#1223050).
- Extend sssctl command line tool to manage the cached GPOs; (jsc#PED-7677).
Список пакетов
Container suse/manager/5.0/x86_64/server:latest
libipa_hbac0-2.9.3-150600.3.3.1
libsss_certmap0-2.9.3-150600.3.3.1
libsss_idmap0-2.9.3-150600.3.3.1
libsss_nss_idmap0-2.9.3-150600.3.3.1
python3-sssd-config-2.9.3-150600.3.3.1
sssd-2.9.3-150600.3.3.1
sssd-ad-2.9.3-150600.3.3.1
sssd-dbus-2.9.3-150600.3.3.1
sssd-ipa-2.9.3-150600.3.3.1
sssd-krb5-2.9.3-150600.3.3.1
sssd-krb5-common-2.9.3-150600.3.3.1
sssd-ldap-2.9.3-150600.3.3.1
sssd-tools-2.9.3-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libipa_hbac-devel-2.9.3-150600.3.3.1
libipa_hbac0-2.9.3-150600.3.3.1
libsss_certmap-devel-2.9.3-150600.3.3.1
libsss_certmap0-2.9.3-150600.3.3.1
libsss_idmap-devel-2.9.3-150600.3.3.1
libsss_idmap0-2.9.3-150600.3.3.1
libsss_nss_idmap-devel-2.9.3-150600.3.3.1
libsss_nss_idmap0-2.9.3-150600.3.3.1
libsss_simpleifp-devel-2.9.3-150600.3.3.1
libsss_simpleifp0-2.9.3-150600.3.3.1
python3-sssd-config-2.9.3-150600.3.3.1
sssd-2.9.3-150600.3.3.1
sssd-32bit-2.9.3-150600.3.3.1
sssd-ad-2.9.3-150600.3.3.1
sssd-dbus-2.9.3-150600.3.3.1
sssd-ipa-2.9.3-150600.3.3.1
sssd-kcm-2.9.3-150600.3.3.1
sssd-krb5-2.9.3-150600.3.3.1
sssd-krb5-common-2.9.3-150600.3.3.1
sssd-ldap-2.9.3-150600.3.3.1
sssd-proxy-2.9.3-150600.3.3.1
sssd-tools-2.9.3-150600.3.3.1
sssd-winbind-idmap-2.9.3-150600.3.3.1
openSUSE Leap 15.6
libipa_hbac-devel-2.9.3-150600.3.3.1
libipa_hbac0-2.9.3-150600.3.3.1
libnfsidmap-sss-2.9.3-150600.3.3.1
libsss_certmap-devel-2.9.3-150600.3.3.1
libsss_certmap0-2.9.3-150600.3.3.1
libsss_idmap-devel-2.9.3-150600.3.3.1
libsss_idmap0-2.9.3-150600.3.3.1
libsss_nss_idmap-devel-2.9.3-150600.3.3.1
libsss_nss_idmap0-2.9.3-150600.3.3.1
libsss_simpleifp-devel-2.9.3-150600.3.3.1
libsss_simpleifp0-2.9.3-150600.3.3.1
python3-ipa_hbac-2.9.3-150600.3.3.1
python3-sss-murmur-2.9.3-150600.3.3.1
python3-sss_nss_idmap-2.9.3-150600.3.3.1
python3-sssd-config-2.9.3-150600.3.3.1
sssd-2.9.3-150600.3.3.1
sssd-ad-2.9.3-150600.3.3.1
sssd-dbus-2.9.3-150600.3.3.1
sssd-ipa-2.9.3-150600.3.3.1
sssd-kcm-2.9.3-150600.3.3.1
sssd-krb5-2.9.3-150600.3.3.1
sssd-krb5-common-2.9.3-150600.3.3.1
sssd-ldap-2.9.3-150600.3.3.1
sssd-proxy-2.9.3-150600.3.3.1
sssd-tools-2.9.3-150600.3.3.1
sssd-winbind-idmap-2.9.3-150600.3.3.1
Ссылки
- Link for SUSE-SU-2024:1941-1
- E-Mail link for SUSE-SU-2024:1941-1
- SUSE Security Ratings
- SUSE Bug 1223050
- SUSE Bug 1223100
- SUSE CVE CVE-2023-3758 page
Описание
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
Затронутые продукты
Container suse/manager/5.0/x86_64/server:latest:libipa_hbac0-2.9.3-150600.3.3.1
Container suse/manager/5.0/x86_64/server:latest:libsss_certmap0-2.9.3-150600.3.3.1
Container suse/manager/5.0/x86_64/server:latest:libsss_idmap0-2.9.3-150600.3.3.1
Container suse/manager/5.0/x86_64/server:latest:libsss_nss_idmap0-2.9.3-150600.3.3.1
Ссылки
- CVE-2023-3758
- SUSE Bug 1223100