Important: sssd

Issue Overview:

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3621)

Affected Packages:

sssd

Issue Correction:
Run yum update sssd to update your system.

New Packages:

i686:  
    sssd-libwbclient-devel-1.16.4-21.26.amzn1.i686  
    sssd-proxy-1.16.4-21.26.amzn1.i686  
    libsss_certmap-devel-1.16.4-21.26.amzn1.i686  
    libsss_certmap-1.16.4-21.26.amzn1.i686  
    sssd-winbind-idmap-1.16.4-21.26.amzn1.i686  
    sssd-ad-1.16.4-21.26.amzn1.i686  
    libsss_nss_idmap-devel-1.16.4-21.26.amzn1.i686  
    libsss_nss_idmap-1.16.4-21.26.amzn1.i686  
    sssd-dbus-1.16.4-21.26.amzn1.i686  
    sssd-krb5-common-1.16.4-21.26.amzn1.i686  
    libsss_sudo-1.16.4-21.26.amzn1.i686  
    libipa_hbac-devel-1.16.4-21.26.amzn1.i686  
    sssd-libwbclient-1.16.4-21.26.amzn1.i686  
    python27-libsss_nss_idmap-1.16.4-21.26.amzn1.i686  
    sssd-1.16.4-21.26.amzn1.i686  
    python27-sss-1.16.4-21.26.amzn1.i686  
    libsss_simpleifp-1.16.4-21.26.amzn1.i686  
    sssd-tools-1.16.4-21.26.amzn1.i686  
    libsss_autofs-1.16.4-21.26.amzn1.i686  
    python27-libipa_hbac-1.16.4-21.26.amzn1.i686  
    python27-sss-murmur-1.16.4-21.26.amzn1.i686  
    libsss_idmap-devel-1.16.4-21.26.amzn1.i686  
    libsss_simpleifp-devel-1.16.4-21.26.amzn1.i686  
    sssd-common-1.16.4-21.26.amzn1.i686  
    sssd-ipa-1.16.4-21.26.amzn1.i686  
    libsss_idmap-1.16.4-21.26.amzn1.i686  
    sssd-debuginfo-1.16.4-21.26.amzn1.i686  
    sssd-ldap-1.16.4-21.26.amzn1.i686  
    sssd-common-pac-1.16.4-21.26.amzn1.i686  
    libipa_hbac-1.16.4-21.26.amzn1.i686  
    sssd-client-1.16.4-21.26.amzn1.i686  
    sssd-krb5-1.16.4-21.26.amzn1.i686  
  
noarch:  
    python27-sssdconfig-1.16.4-21.26.amzn1.noarch  
  
src:  
    sssd-1.16.4-21.26.amzn1.src  
  
x86_64:  
    python27-libsss_nss_idmap-1.16.4-21.26.amzn1.x86_64  
    libsss_simpleifp-1.16.4-21.26.amzn1.x86_64  
    sssd-libwbclient-devel-1.16.4-21.26.amzn1.x86_64  
    libsss_certmap-1.16.4-21.26.amzn1.x86_64  
    sssd-common-pac-1.16.4-21.26.amzn1.x86_64  
    libsss_simpleifp-devel-1.16.4-21.26.amzn1.x86_64  
    sssd-client-1.16.4-21.26.amzn1.x86_64  
    python27-sss-1.16.4-21.26.amzn1.x86_64  
    sssd-krb5-1.16.4-21.26.amzn1.x86_64  
    sssd-1.16.4-21.26.amzn1.x86_64  
    libsss_idmap-devel-1.16.4-21.26.amzn1.x86_64  
    libipa_hbac-1.16.4-21.26.amzn1.x86_64  
    sssd-libwbclient-1.16.4-21.26.amzn1.x86_64  
    sssd-tools-1.16.4-21.26.amzn1.x86_64  
    sssd-krb5-common-1.16.4-21.26.amzn1.x86_64  
    libsss_autofs-1.16.4-21.26.amzn1.x86_64  
    libsss_idmap-1.16.4-21.26.amzn1.x86_64  
    sssd-winbind-idmap-1.16.4-21.26.amzn1.x86_64  
    libsss_nss_idmap-1.16.4-21.26.amzn1.x86_64  
    libsss_certmap-devel-1.16.4-21.26.amzn1.x86_64  
    sssd-ad-1.16.4-21.26.amzn1.x86_64  
    sssd-ipa-1.16.4-21.26.amzn1.x86_64  
    python27-sss-murmur-1.16.4-21.26.amzn1.x86_64  
    libsss_nss_idmap-devel-1.16.4-21.26.amzn1.x86_64  
    sssd-common-1.16.4-21.26.amzn1.x86_64  
    sssd-debuginfo-1.16.4-21.26.amzn1.x86_64  
    sssd-dbus-1.16.4-21.26.amzn1.x86_64  
    libipa_hbac-devel-1.16.4-21.26.amzn1.x86_64  
    sssd-proxy-1.16.4-21.26.amzn1.x86_64  
    python27-libipa_hbac-1.16.4-21.26.amzn1.x86_64  
    sssd-ldap-1.16.4-21.26.amzn1.x86_64  
    libsss_sudo-1.16.4-21.26.amzn1.x86_64  

Additional References

Red Hat: CVE-2021-3621

Mitre: CVE-2021-3621