libipa_hbac-devel-2.9.3-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13446 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libipa_hbac-devel-2.9.3-2.1 on GA media These are all security issues fixed in the libipa_hbac-devel-2.9.3-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13446 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13446 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-16838/ SUSE CVE CVE-2018-16838 page https://www.suse.com/security/cve/CVE-2019-3811/ SUSE CVE CVE-2019-3811 page https://www.suse.com/security/cve/CVE-2021-3621/ SUSE CVE CVE-2021-3621 page openSUSE Tumbleweed libipa_hbac-devel-2.9.3-2.1 libipa_hbac0-2.9.3-2.1 libnfsidmap-sss-2.9.3-2.1 libsss_certmap-devel-2.9.3-2.1 libsss_certmap0-2.9.3-2.1 libsss_idmap-devel-2.9.3-2.1 libsss_idmap0-2.9.3-2.1 libsss_nss_idmap-devel-2.9.3-2.1 libsss_nss_idmap0-2.9.3-2.1 python3-ipa_hbac-2.9.3-2.1 python3-sss-murmur-2.9.3-2.1 python3-sss_nss_idmap-2.9.3-2.1 python3-sssd-config-2.9.3-2.1 sssd-2.9.3-2.1 sssd-ad-2.9.3-2.1 sssd-dbus-2.9.3-2.1 sssd-ipa-2.9.3-2.1 sssd-kcm-2.9.3-2.1 sssd-krb5-2.9.3-2.1 sssd-krb5-common-2.9.3-2.1 sssd-ldap-2.9.3-2.1 sssd-proxy-2.9.3-2.1 sssd-tools-2.9.3-2.1 sssd-winbind-idmap-2.9.3-2.1 libipa_hbac-devel-2.9.3-2.1 as a component of openSUSE Tumbleweed libipa_hbac0-2.9.3-2.1 as a component of openSUSE Tumbleweed libnfsidmap-sss-2.9.3-2.1 as a component of openSUSE Tumbleweed libsss_certmap-devel-2.9.3-2.1 as a component of openSUSE Tumbleweed libsss_certmap0-2.9.3-2.1 as a component of openSUSE Tumbleweed libsss_idmap-devel-2.9.3-2.1 as a component of openSUSE Tumbleweed libsss_idmap0-2.9.3-2.1 as a component of openSUSE Tumbleweed libsss_nss_idmap-devel-2.9.3-2.1 as a component of openSUSE Tumbleweed libsss_nss_idmap0-2.9.3-2.1 as a component of openSUSE Tumbleweed python3-ipa_hbac-2.9.3-2.1 as a component of openSUSE Tumbleweed python3-sss-murmur-2.9.3-2.1 as a component of openSUSE Tumbleweed python3-sss_nss_idmap-2.9.3-2.1 as a component of openSUSE Tumbleweed python3-sssd-config-2.9.3-2.1 as a component of openSUSE Tumbleweed sssd-2.9.3-2.1 as a component of openSUSE Tumbleweed sssd-ad-2.9.3-2.1 as a component of openSUSE Tumbleweed sssd-dbus-2.9.3-2.1 as a component of openSUSE Tumbleweed sssd-ipa-2.9.3-2.1 as a component of openSUSE Tumbleweed sssd-kcm-2.9.3-2.1 as a component of openSUSE Tumbleweed sssd-krb5-2.9.3-2.1 as a component of openSUSE Tumbleweed sssd-krb5-common-2.9.3-2.1 as a component of openSUSE Tumbleweed sssd-ldap-2.9.3-2.1 as a component of openSUSE Tumbleweed sssd-proxy-2.9.3-2.1 as a component of openSUSE Tumbleweed sssd-tools-2.9.3-2.1 as a component of openSUSE Tumbleweed sssd-winbind-idmap-2.9.3-2.1 as a component of openSUSE Tumbleweed A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. CVE-2018-16838 openSUSE Tumbleweed:libipa_hbac-devel-2.9.3-2.1 openSUSE Tumbleweed:libipa_hbac0-2.9.3-2.1 openSUSE Tumbleweed:libnfsidmap-sss-2.9.3-2.1 openSUSE Tumbleweed:libsss_certmap-devel-2.9.3-2.1 openSUSE Tumbleweed:libsss_certmap0-2.9.3-2.1 openSUSE Tumbleweed:libsss_idmap-devel-2.9.3-2.1 openSUSE Tumbleweed:libsss_idmap0-2.9.3-2.1 openSUSE Tumbleweed:libsss_nss_idmap-devel-2.9.3-2.1 openSUSE Tumbleweed:libsss_nss_idmap0-2.9.3-2.1 openSUSE Tumbleweed:python3-ipa_hbac-2.9.3-2.1 openSUSE Tumbleweed:python3-sss-murmur-2.9.3-2.1 openSUSE Tumbleweed:python3-sss_nss_idmap-2.9.3-2.1 openSUSE Tumbleweed:python3-sssd-config-2.9.3-2.1 openSUSE Tumbleweed:sssd-2.9.3-2.1 openSUSE Tumbleweed:sssd-ad-2.9.3-2.1 openSUSE Tumbleweed:sssd-dbus-2.9.3-2.1 openSUSE Tumbleweed:sssd-ipa-2.9.3-2.1 openSUSE Tumbleweed:sssd-kcm-2.9.3-2.1 openSUSE Tumbleweed:sssd-krb5-2.9.3-2.1 openSUSE Tumbleweed:sssd-krb5-common-2.9.3-2.1 openSUSE Tumbleweed:sssd-ldap-2.9.3-2.1 openSUSE Tumbleweed:sssd-proxy-2.9.3-2.1 openSUSE Tumbleweed:sssd-tools-2.9.3-2.1 openSUSE Tumbleweed:sssd-winbind-idmap-2.9.3-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16838.html CVE-2018-16838 https://bugzilla.suse.com/1124194 SUSE Bug 1124194 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. CVE-2019-3811 openSUSE Tumbleweed:libipa_hbac-devel-2.9.3-2.1 openSUSE Tumbleweed:libipa_hbac0-2.9.3-2.1 openSUSE Tumbleweed:libnfsidmap-sss-2.9.3-2.1 openSUSE Tumbleweed:libsss_certmap-devel-2.9.3-2.1 openSUSE Tumbleweed:libsss_certmap0-2.9.3-2.1 openSUSE Tumbleweed:libsss_idmap-devel-2.9.3-2.1 openSUSE Tumbleweed:libsss_idmap0-2.9.3-2.1 openSUSE Tumbleweed:libsss_nss_idmap-devel-2.9.3-2.1 openSUSE Tumbleweed:libsss_nss_idmap0-2.9.3-2.1 openSUSE Tumbleweed:python3-ipa_hbac-2.9.3-2.1 openSUSE Tumbleweed:python3-sss-murmur-2.9.3-2.1 openSUSE Tumbleweed:python3-sss_nss_idmap-2.9.3-2.1 openSUSE Tumbleweed:python3-sssd-config-2.9.3-2.1 openSUSE Tumbleweed:sssd-2.9.3-2.1 openSUSE Tumbleweed:sssd-ad-2.9.3-2.1 openSUSE Tumbleweed:sssd-dbus-2.9.3-2.1 openSUSE Tumbleweed:sssd-ipa-2.9.3-2.1 openSUSE Tumbleweed:sssd-kcm-2.9.3-2.1 openSUSE Tumbleweed:sssd-krb5-2.9.3-2.1 openSUSE Tumbleweed:sssd-krb5-common-2.9.3-2.1 openSUSE Tumbleweed:sssd-ldap-2.9.3-2.1 openSUSE Tumbleweed:sssd-proxy-2.9.3-2.1 openSUSE Tumbleweed:sssd-tools-2.9.3-2.1 openSUSE Tumbleweed:sssd-winbind-idmap-2.9.3-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-3811.html CVE-2019-3811 https://bugzilla.suse.com/1121759 SUSE Bug 1121759 A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2021-3621 openSUSE Tumbleweed:libipa_hbac-devel-2.9.3-2.1 openSUSE Tumbleweed:libipa_hbac0-2.9.3-2.1 openSUSE Tumbleweed:libnfsidmap-sss-2.9.3-2.1 openSUSE Tumbleweed:libsss_certmap-devel-2.9.3-2.1 openSUSE Tumbleweed:libsss_certmap0-2.9.3-2.1 openSUSE Tumbleweed:libsss_idmap-devel-2.9.3-2.1 openSUSE Tumbleweed:libsss_idmap0-2.9.3-2.1 openSUSE Tumbleweed:libsss_nss_idmap-devel-2.9.3-2.1 openSUSE Tumbleweed:libsss_nss_idmap0-2.9.3-2.1 openSUSE Tumbleweed:python3-ipa_hbac-2.9.3-2.1 openSUSE Tumbleweed:python3-sss-murmur-2.9.3-2.1 openSUSE Tumbleweed:python3-sss_nss_idmap-2.9.3-2.1 openSUSE Tumbleweed:python3-sssd-config-2.9.3-2.1 openSUSE Tumbleweed:sssd-2.9.3-2.1 openSUSE Tumbleweed:sssd-ad-2.9.3-2.1 openSUSE Tumbleweed:sssd-dbus-2.9.3-2.1 openSUSE Tumbleweed:sssd-ipa-2.9.3-2.1 openSUSE Tumbleweed:sssd-kcm-2.9.3-2.1 openSUSE Tumbleweed:sssd-krb5-2.9.3-2.1 openSUSE Tumbleweed:sssd-krb5-common-2.9.3-2.1 openSUSE Tumbleweed:sssd-ldap-2.9.3-2.1 openSUSE Tumbleweed:sssd-proxy-2.9.3-2.1 openSUSE Tumbleweed:sssd-tools-2.9.3-2.1 openSUSE Tumbleweed:sssd-winbind-idmap-2.9.3-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3621.html CVE-2021-3621 https://bugzilla.suse.com/1189492 SUSE Bug 1189492