You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2021-3621: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2023-3758: A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
Correction: as for CVE-2021-3621, Flatcar/Gentoo already has a custom patch, so it is not that urgent as I expected.
However, GLSA 202407-05 started to require 2.5.2-r1, so we could either update to the version or add to the allowlist to make GLSA tests pass.
That CVE is quite old. Gentoo patched 2.5.2 at the time and took Jeremi's patch for 2.3.1. Both patches were dropped after 2.6, which isn't vulnerable.
Of the other two patches, the test_ca one was from Gentoo and no longer needed, and the disable-nsupdate-realm one is tiny.
In short, updating to the latest should not be a problem.
Name: sssd
CVEs:
CVE-2021-3621, CVE-2023-3758CVSSs:
8.8, 7.1Action Needed:
CVE-2021-3621: update to >= 2.5.2-r1,CVE-2023-3758: update to >= 2.9.5Summary:
CVE-2021-3621: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.refmap.gentoo:
CVE-2021-3621: https://bugs.gentoo.org/808911, https://security.gentoo.org/glsa/202407-05The text was updated successfully, but these errors were encountered: