Important: Red Hat Security Advisory: sssd security update

An update for sssd is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

sssd: Fix of CVE-2023-3758

CVE-2023-3758: fix race condition in adgpo...

DLA-4047-1 sssd - security update

Bulletin has no description...

RHSA-2021:3336 Red Hat Security Advisory: sssd security and bug fix update

Bulletin has no description...

SSSD: Command Injection

Background SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. Description A...

SUSE-SU-2023:0300-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libssscertmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. bsc1207474...

CVE-2022-4254

sssd: libssscertmap fails to sanitise certificate data used in LDAP filters...

SUSE-SU-2023:0204-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libssscertmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. bsc1207474...

Important: Red Hat Security Advisory: sssd security and bug fix update

An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

SUSE-SU-2022:2763-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommand bsc1189492. - Add 'ldapignoreunreadablereferences' parameter to skip unreadable objects referenced by 'member' attributte bsc1190775 - Fix 32-bi...

SUSE-SU-2021:2941-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands bsc1189492. - Add LDAPS support for the AD provider bsc1183735. - Improve logs to record the reason why internal watchdog terminates a process...

Security update for sssd (important)

openSUSE Security Update: Security update for sssd Announcement ID: openSUSE-SU-2021:2941-1 Rating: important References: 1183735 1187120 1189492 Cross-References: CVE-2021-3621 CVSS scores: CVE-2021-3621 SUSE: 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3...

SUSE: Security Advisory (SUSE-SU-2019:0556-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: sssd

Issue Overview: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.CVE-2018-16838 A vulnerability was found in sss...

SUSE-SU-2019:1477-1 Security update for sssd

This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194. Non-security issue fixed: - Create directory to download and cache GPOs bsc1132879...

Security update for sssd (moderate)

openSUSE Security Update: Security update for sssd Announcement ID: openSUSE-SU-2019:0344-1 Rating: moderate References: 1004220 1087320 1120852 1121759 1125277 Cross-References: CVE-2019-3811 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has four fixes is now...

SUSE-SU-2019:0552-1 Security update for sssd

This update for sssd fixes the following issues: Security vulnerability fixed: - CVE-2019-3811: Fix fallbackhomedir returning '/' for empty home directories bsc1121759 Other bug fixes and changes: - Skip sdapsavegrpmem if ignoregroupmembers is set. bsc1082568 - Only search for primary group if it...

[SECURITY] [DLA 1635-1] sssd security update

Package : sssd Version : 1.11.7-3+deb8u2 CVE ID : CVE-2019-3811 Debian Bug : 919051 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return / the root directory instead of the empty string / no home directory. This could impact services that...

openSUSE Security Update : sssd (openSUSE-2019-51)

This update for sssd provides the following fixes : This security issue was fixed : - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users bsc1098377 These non-security issues were fixed : - Fix a segmentation fault in...

SUSE-SU-2019:0081-1 Security update for sssd

This update for sssd provides the following fixes: This security issue was fixed: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users bsc1098377 These non-security issues were fixed: - Fix a segmentation fault in ssscac...