[USN-6836-1] SSSD vulnerability
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jun 17 14:22:37 UTC 2024
==========================================================================
Ubuntu Security Notice USN-6836-1
June 17, 2024
sssd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
SSSD did not always correctly apply the GPO policy.
Software Description:
- sssd: System Security Services Daemon
Details:
It was discovered that SSSD did not always correctly apply the GPO policy
for authenticated users, contrary to expectations. This could result in
improper authorization or improper access to resources.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
sssd 2.9.4-1.1ubuntu6.1
Ubuntu 23.10
sssd 2.9.1-2ubuntu2.1
Ubuntu 22.04 LTS
sssd 2.6.3-1ubuntu3.3
Ubuntu 20.04 LTS
sssd 2.2.3-3ubuntu0.13
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6836-1
CVE-2023-3758
Package Information:
https://launchpad.net/ubuntu/+source/sssd/2.9.4-1.1ubuntu6.1
https://launchpad.net/ubuntu/+source/sssd/2.9.1-2ubuntu2.1
https://launchpad.net/ubuntu/+source/sssd/2.6.3-1ubuntu3.3
https://launchpad.net/ubuntu/+source/sssd/2.2.3-3ubuntu0.13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240617/23bf203f/attachment.sig>
More information about the ubuntu-security-announce
mailing list