sssd security and bug fix update

2024-05-1014:32:36

Rockylinux Product Errata

errata.rockylinux.org

sssd

security

bug fix

update

rocky linux 9

cvss

nss

pam

cve

race condition

gpo policies

socket leak

passkey

jira

authentication

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.1%

JSON

An update is available for sssd.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.

Security Fix(es):

sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758)

Bug Fix(es):

socket leak (JIRA:Rocky Linux-22340)
Passkey cannot fall back to password (JIRA:Rocky Linux-28161)
sssd: Race condition during authorization leads to GPO policies functioning inconsistently (JIRA:Rocky Linux-27209)

OSVersionArchitecturePackageVersionFilename
rocky9aarch64libipa_hbac< 2.9.4-6.el9_4libipa_hbac-0:2.9.4-6.el9_4.aarch64.rpm
rocky9i686libipa_hbac< 2.9.4-6.el9_4libipa_hbac-0:2.9.4-6.el9_4.i686.rpm
rocky9ppc64lelibipa_hbac< 2.9.4-6.el9_4libipa_hbac-0:2.9.4-6.el9_4.ppc64le.rpm
rocky9s390xlibipa_hbac< 2.9.4-6.el9_4libipa_hbac-0:2.9.4-6.el9_4.s390x.rpm
rocky9x86_64libipa_hbac< 2.9.4-6.el9_4libipa_hbac-0:2.9.4-6.el9_4.x86_64.rpm
rocky9aarch64libipa_hbac-debuginfo< 2.9.4-6.el9_4libipa_hbac-debuginfo-0:2.9.4-6.el9_4.aarch64.rpm
rocky9ppc64lelibipa_hbac-debuginfo< 2.9.4-6.el9_4libipa_hbac-debuginfo-0:2.9.4-6.el9_4.ppc64le.rpm
rocky9s390xlibipa_hbac-debuginfo< 2.9.4-6.el9_4libipa_hbac-debuginfo-0:2.9.4-6.el9_4.s390x.rpm
rocky9x86_64libipa_hbac-debuginfo< 2.9.4-6.el9_4libipa_hbac-debuginfo-0:2.9.4-6.el9_4.x86_64.rpm
rocky9aarch64libsss_autofs< 2.9.4-6.el9_4libsss_autofs-0:2.9.4-6.el9_4.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	9	aarch64	libipa_hbac	< 2.9.4-6.el9_4	libipa_hbac-0:2.9.4-6.el9_4.aarch64.rpm
rocky	9	i686	libipa_hbac	< 2.9.4-6.el9_4	libipa_hbac-0:2.9.4-6.el9_4.i686.rpm
rocky	9	ppc64le	libipa_hbac	< 2.9.4-6.el9_4	libipa_hbac-0:2.9.4-6.el9_4.ppc64le.rpm
rocky	9	s390x	libipa_hbac	< 2.9.4-6.el9_4	libipa_hbac-0:2.9.4-6.el9_4.s390x.rpm
rocky	9	x86_64	libipa_hbac	< 2.9.4-6.el9_4	libipa_hbac-0:2.9.4-6.el9_4.x86_64.rpm
rocky	9	aarch64	libipa_hbac-debuginfo	< 2.9.4-6.el9_4	libipa_hbac-debuginfo-0:2.9.4-6.el9_4.aarch64.rpm
rocky	9	ppc64le	libipa_hbac-debuginfo	< 2.9.4-6.el9_4	libipa_hbac-debuginfo-0:2.9.4-6.el9_4.ppc64le.rpm
rocky	9	s390x	libipa_hbac-debuginfo	< 2.9.4-6.el9_4	libipa_hbac-debuginfo-0:2.9.4-6.el9_4.s390x.rpm
rocky	9	x86_64	libipa_hbac-debuginfo	< 2.9.4-6.el9_4	libipa_hbac-debuginfo-0:2.9.4-6.el9_4.x86_64.rpm
rocky	9	aarch64	libsss_autofs	< 2.9.4-6.el9_4	libsss_autofs-0:2.9.4-6.el9_4.aarch64.rpm