OracleLinuxELSA-2021-3336sssd security and bug fix update
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
[1.16.5-10.0.1]
- Revert Redhat’s change of disallowing duplicated incomplete gid
when ‘id_provider=ldap’ is used, which caused regression in AD
environment. [Orabug: 29286774] [Doc ID 2605732.1]
[1.16.5-10.10] - Resolves: rhbz#1973796 - SSSD is NOT able to contact the Global Catalog when local site is down
[1.16.5-10.9] - Resolves: rhbz#1988463 - Missing search index for [rhel-7.9.z]
- Resolves: rhbz#1968330 - id lookup is failing intermittently
- Resolves: rhbz#1964415 - Memory leak in the simple access provider
- Resolves: rhbz#1985457 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-7.9.z]
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C