Security update for sssd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1577-1 Final 1 1 2024-05-09T13:46:18Z current 2024-05-09T13:46:18Z 2024-05-09T13:46:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for sssd This update for sssd fixes the following issues: Security fixes: - CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100) Other fixes: - Extend sssctl command line tool to manage the cached GPOs (jsc#PED-7677) - SSSD GPO host entries are ignored if computer cn does not match it's samaccountname (jsc#SLE-9298) (bsc#1160688) - SSSD should accept host entries from GPO's security filter (jsc#SLE-9298) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1577,SUSE-SLE-SDK-12-SP5-2024-1577,SUSE-SLE-SERVER-12-SP5-2024-1577 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241577-1/ Link for SUSE-SU-2024:1577-1 https://lists.suse.com/pipermail/sle-security-updates/2024-August/019272.html E-Mail link for SUSE-SU-2024:1577-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1160688 SUSE Bug 1160688 https://bugzilla.suse.com/1223100 SUSE Bug 1223100 https://www.suse.com/security/cve/CVE-2023-3758/ SUSE CVE CVE-2023-3758 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 libipa_hbac-devel-1.16.1-7.61.1 libipa_hbac0-1.16.1-7.61.1 libnfsidmap-sss-1.16.1-7.61.1 libsss_certmap-devel-1.16.1-7.61.1 libsss_certmap0-1.16.1-7.61.1 libsss_idmap-devel-1.16.1-7.61.1 libsss_idmap0-1.16.1-7.61.1 libsss_nss_idmap-devel-1.16.1-7.61.1 libsss_nss_idmap0-1.16.1-7.61.1 libsss_simpleifp-devel-1.16.1-7.61.1 libsss_simpleifp0-1.16.1-7.61.1 python-ipa_hbac-1.16.1-7.61.1 python-sss-murmur-1.16.1-7.61.1 python-sss_nss_idmap-1.16.1-7.61.1 python-sssd-config-1.16.1-7.61.1 sssd-1.16.1-7.61.1 sssd-ad-1.16.1-7.61.1 sssd-common-1.16.1-7.61.1 sssd-common-32bit-1.16.1-7.61.1 sssd-common-64bit-1.16.1-7.61.1 sssd-dbus-1.16.1-7.61.1 sssd-ipa-1.16.1-7.61.1 sssd-krb5-1.16.1-7.61.1 sssd-krb5-common-1.16.1-7.61.1 sssd-ldap-1.16.1-7.61.1 sssd-proxy-1.16.1-7.61.1 sssd-tools-1.16.1-7.61.1 libipa_hbac0-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 libsss_certmap0-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 libsss_idmap0-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 libsss_nss_idmap-devel-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 libsss_nss_idmap0-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 libsss_simpleifp0-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 python-sssd-config-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 sssd-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 sssd-ad-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 sssd-common-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 sssd-common-32bit-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 sssd-dbus-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 sssd-ipa-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 sssd-krb5-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 sssd-krb5-common-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 sssd-ldap-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 sssd-proxy-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 sssd-tools-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server 12 SP5 libipa_hbac0-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libsss_certmap0-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libsss_idmap0-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libsss_nss_idmap-devel-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libsss_nss_idmap0-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libsss_simpleifp0-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 python-sssd-config-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 sssd-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 sssd-ad-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 sssd-common-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 sssd-common-32bit-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 sssd-dbus-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 sssd-ipa-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 sssd-krb5-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 sssd-krb5-common-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 sssd-ldap-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 sssd-proxy-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 sssd-tools-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libipa_hbac-devel-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libsss_idmap-devel-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libsss_nss_idmap-devel-1.16.1-7.61.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. CVE-2023-3758 SUSE Linux Enterprise Server 12 SP5:libipa_hbac0-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:libsss_certmap0-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:libsss_idmap0-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:libsss_nss_idmap-devel-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:libsss_nss_idmap0-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:libsss_simpleifp0-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:python-sssd-config-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:sssd-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:sssd-ad-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:sssd-common-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:sssd-common-32bit-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:sssd-dbus-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:sssd-ipa-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:sssd-krb5-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:sssd-krb5-common-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:sssd-ldap-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:sssd-proxy-1.16.1-7.61.1 SUSE Linux Enterprise Server 12 SP5:sssd-tools-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libipa_hbac0-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libsss_certmap0-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libsss_idmap0-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libsss_nss_idmap-devel-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libsss_nss_idmap0-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libsss_simpleifp0-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-sssd-config-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sssd-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sssd-ad-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sssd-common-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sssd-common-32bit-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sssd-dbus-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sssd-ipa-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sssd-krb5-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sssd-krb5-common-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sssd-ldap-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sssd-proxy-1.16.1-7.61.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:sssd-tools-1.16.1-7.61.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libipa_hbac-devel-1.16.1-7.61.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libsss_idmap-devel-1.16.1-7.61.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libsss_nss_idmap-devel-1.16.1-7.61.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241577-1/ https://www.suse.com/security/cve/CVE-2023-3758.html CVE-2023-3758 https://bugzilla.suse.com/1223100 SUSE Bug 1223100