Security update for sssd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1563-1 Final 1 1 2024-05-09T09:01:09Z current 2024-05-09T09:01:09Z 2024-05-09T09:01:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for sssd This update for sssd fixes the following issues: - CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1563,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1563,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1563,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1563 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241563-1/ Link for SUSE-SU-2024:1563-1 https://lists.suse.com/pipermail/sle-updates/2024-May/035214.html E-Mail link for SUSE-SU-2024:1563-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1223100 SUSE Bug 1223100 https://www.suse.com/security/cve/CVE-2023-3758/ SUSE CVE CVE-2023-3758 page SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 libipa_hbac-devel-1.16.1-150200.17.32.1 libipa_hbac0-1.16.1-150200.17.32.1 libnfsidmap-sss-1.16.1-150200.17.32.1 libsss_certmap-devel-1.16.1-150200.17.32.1 libsss_certmap0-1.16.1-150200.17.32.1 libsss_idmap-devel-1.16.1-150200.17.32.1 libsss_idmap0-1.16.1-150200.17.32.1 libsss_nss_idmap-devel-1.16.1-150200.17.32.1 libsss_nss_idmap0-1.16.1-150200.17.32.1 libsss_simpleifp-devel-1.16.1-150200.17.32.1 libsss_simpleifp0-1.16.1-150200.17.32.1 python3-ipa_hbac-1.16.1-150200.17.32.1 python3-sss-murmur-1.16.1-150200.17.32.1 python3-sss_nss_idmap-1.16.1-150200.17.32.1 python3-sssd-config-1.16.1-150200.17.32.1 sssd-1.16.1-150200.17.32.1 sssd-ad-1.16.1-150200.17.32.1 sssd-common-1.16.1-150200.17.32.1 sssd-common-32bit-1.16.1-150200.17.32.1 sssd-common-64bit-1.16.1-150200.17.32.1 sssd-dbus-1.16.1-150200.17.32.1 sssd-ipa-1.16.1-150200.17.32.1 sssd-krb5-1.16.1-150200.17.32.1 sssd-krb5-common-1.16.1-150200.17.32.1 sssd-ldap-1.16.1-150200.17.32.1 sssd-proxy-1.16.1-150200.17.32.1 sssd-tools-1.16.1-150200.17.32.1 sssd-wbclient-1.16.1-150200.17.32.1 sssd-wbclient-devel-1.16.1-150200.17.32.1 sssd-winbind-idmap-1.16.1-150200.17.32.1 libipa_hbac-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libipa_hbac0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libsss_certmap-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libsss_certmap0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libsss_idmap-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libsss_idmap0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libsss_nss_idmap-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libsss_nss_idmap0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libsss_simpleifp-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libsss_simpleifp0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python3-sssd-config-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-ad-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-common-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-common-32bit-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-dbus-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-ipa-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-krb5-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-krb5-common-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-ldap-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-proxy-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-tools-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS sssd-winbind-idmap-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libipa_hbac-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libipa_hbac0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libsss_certmap-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libsss_certmap0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libsss_idmap-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libsss_idmap0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libsss_nss_idmap-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libsss_nss_idmap0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libsss_simpleifp-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libsss_simpleifp0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-sssd-config-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-ad-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-common-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-common-32bit-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-dbus-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-ipa-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-krb5-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-krb5-common-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-ldap-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-proxy-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-tools-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS sssd-winbind-idmap-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libipa_hbac-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libipa_hbac0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libsss_certmap-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libsss_certmap0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libsss_idmap-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libsss_idmap0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libsss_nss_idmap-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libsss_nss_idmap0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libsss_simpleifp-devel-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libsss_simpleifp0-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python3-sssd-config-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-ad-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-common-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-common-32bit-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-dbus-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-ipa-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-krb5-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-krb5-common-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-ldap-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-proxy-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-tools-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 sssd-winbind-idmap-1.16.1-150200.17.32.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. CVE-2023-3758 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libipa_hbac-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libipa_hbac0-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libsss_certmap-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libsss_certmap0-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libsss_idmap-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libsss_idmap0-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libsss_nss_idmap-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libsss_nss_idmap0-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libsss_simpleifp-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libsss_simpleifp0-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-sssd-config-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-ad-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-common-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-common-32bit-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-dbus-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-ipa-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-krb5-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-krb5-common-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-ldap-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-proxy-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-tools-1.16.1-150200.17.32.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:sssd-winbind-idmap-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libipa_hbac-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libipa_hbac0-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libsss_certmap-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libsss_certmap0-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libsss_idmap-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libsss_idmap0-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libsss_nss_idmap-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libsss_nss_idmap0-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libsss_simpleifp-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:libsss_simpleifp0-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-sssd-config-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-ad-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-common-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-common-32bit-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-dbus-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-ipa-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-krb5-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-krb5-common-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-ldap-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-proxy-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-tools-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server 15 SP2-LTSS:sssd-winbind-idmap-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libipa_hbac-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libipa_hbac0-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libsss_certmap-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libsss_certmap0-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libsss_idmap-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libsss_idmap0-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libsss_nss_idmap-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libsss_nss_idmap0-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libsss_simpleifp-devel-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libsss_simpleifp0-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-sssd-config-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-ad-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-common-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-common-32bit-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-dbus-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-ipa-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-krb5-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-krb5-common-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-ldap-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-proxy-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-tools-1.16.1-150200.17.32.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:sssd-winbind-idmap-1.16.1-150200.17.32.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241563-1/ https://www.suse.com/security/cve/CVE-2023-3758.html CVE-2023-3758 https://bugzilla.suse.com/1223100 SUSE Bug 1223100