Security update for sssd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1579-1 Final 1 1 2024-05-09T13:48:41Z current 2024-05-09T13:48:41Z 2024-05-09T13:48:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for sssd This update for sssd fixes the following issues: - CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1579,SUSE-SLE-Micro-5.5-2024-1579,SUSE-SLE-Module-Basesystem-15-SP5-2024-1579,openSUSE-SLE-15.5-2024-1579 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241579-1/ Link for SUSE-SU-2024:1579-1 https://lists.suse.com/pipermail/sle-updates/2024-May/035216.html E-Mail link for SUSE-SU-2024:1579-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1223100 SUSE Bug 1223100 https://www.suse.com/security/cve/CVE-2023-3758/ SUSE CVE CVE-2023-3758 page SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Basesystem 15 SP5 openSUSE Leap 15.5 libipa_hbac-devel-2.5.2-150500.10.17.1 libipa_hbac0-2.5.2-150500.10.17.1 libnfsidmap-sss-2.5.2-150500.10.17.1 libsss_certmap-devel-2.5.2-150500.10.17.1 libsss_certmap0-2.5.2-150500.10.17.1 libsss_idmap-devel-2.5.2-150500.10.17.1 libsss_idmap0-2.5.2-150500.10.17.1 libsss_nss_idmap-devel-2.5.2-150500.10.17.1 libsss_nss_idmap0-2.5.2-150500.10.17.1 libsss_simpleifp-devel-2.5.2-150500.10.17.1 libsss_simpleifp0-2.5.2-150500.10.17.1 python3-ipa_hbac-2.5.2-150500.10.17.1 python3-sss-murmur-2.5.2-150500.10.17.1 python3-sss_nss_idmap-2.5.2-150500.10.17.1 python3-sssd-config-2.5.2-150500.10.17.1 sssd-2.5.2-150500.10.17.1 sssd-ad-2.5.2-150500.10.17.1 sssd-common-2.5.2-150500.10.17.1 sssd-common-32bit-2.5.2-150500.10.17.1 sssd-common-64bit-2.5.2-150500.10.17.1 sssd-dbus-2.5.2-150500.10.17.1 sssd-ipa-2.5.2-150500.10.17.1 sssd-kcm-2.5.2-150500.10.17.1 sssd-krb5-2.5.2-150500.10.17.1 sssd-krb5-common-2.5.2-150500.10.17.1 sssd-ldap-2.5.2-150500.10.17.1 sssd-proxy-2.5.2-150500.10.17.1 sssd-tools-2.5.2-150500.10.17.1 sssd-winbind-idmap-2.5.2-150500.10.17.1 libsss_certmap0-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Micro 5.5 libsss_idmap0-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Micro 5.5 libsss_nss_idmap0-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Micro 5.5 sssd-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Micro 5.5 sssd-common-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Micro 5.5 sssd-krb5-common-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Micro 5.5 sssd-ldap-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Micro 5.5 libipa_hbac-devel-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libipa_hbac0-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libsss_certmap-devel-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libsss_certmap0-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libsss_idmap-devel-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libsss_idmap0-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libsss_nss_idmap-devel-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libsss_nss_idmap0-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libsss_simpleifp-devel-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libsss_simpleifp0-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 python3-sssd-config-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-ad-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-common-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-common-32bit-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-dbus-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-ipa-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-kcm-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-krb5-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-krb5-common-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-ldap-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-proxy-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-tools-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 sssd-winbind-idmap-2.5.2-150500.10.17.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libipa_hbac-devel-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 libipa_hbac0-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 libnfsidmap-sss-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 libsss_certmap-devel-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 libsss_certmap0-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 libsss_idmap-devel-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 libsss_idmap0-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 libsss_nss_idmap-devel-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 libsss_nss_idmap0-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 libsss_simpleifp-devel-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 libsss_simpleifp0-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 python3-ipa_hbac-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 python3-sss-murmur-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 python3-sss_nss_idmap-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 python3-sssd-config-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-ad-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-common-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-common-32bit-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-dbus-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-ipa-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-kcm-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-krb5-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-krb5-common-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-ldap-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-proxy-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-tools-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 sssd-winbind-idmap-2.5.2-150500.10.17.1 as a component of openSUSE Leap 15.5 A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. CVE-2023-3758 SUSE Linux Enterprise Micro 5.5:libsss_certmap0-2.5.2-150500.10.17.1 SUSE Linux Enterprise Micro 5.5:libsss_idmap0-2.5.2-150500.10.17.1 SUSE Linux Enterprise Micro 5.5:libsss_nss_idmap0-2.5.2-150500.10.17.1 SUSE Linux Enterprise Micro 5.5:sssd-2.5.2-150500.10.17.1 SUSE Linux Enterprise Micro 5.5:sssd-common-2.5.2-150500.10.17.1 SUSE Linux Enterprise Micro 5.5:sssd-krb5-common-2.5.2-150500.10.17.1 SUSE Linux Enterprise Micro 5.5:sssd-ldap-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libipa_hbac-devel-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libipa_hbac0-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsss_certmap-devel-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsss_certmap0-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsss_idmap-devel-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsss_idmap0-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsss_nss_idmap-devel-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsss_nss_idmap0-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsss_simpleifp-devel-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsss_simpleifp0-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-sssd-config-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-ad-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-common-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-common-32bit-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-dbus-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-ipa-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-kcm-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-krb5-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-krb5-common-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-ldap-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-proxy-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-tools-2.5.2-150500.10.17.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:sssd-winbind-idmap-2.5.2-150500.10.17.1 openSUSE Leap 15.5:libipa_hbac-devel-2.5.2-150500.10.17.1 openSUSE Leap 15.5:libipa_hbac0-2.5.2-150500.10.17.1 openSUSE Leap 15.5:libnfsidmap-sss-2.5.2-150500.10.17.1 openSUSE Leap 15.5:libsss_certmap-devel-2.5.2-150500.10.17.1 openSUSE Leap 15.5:libsss_certmap0-2.5.2-150500.10.17.1 openSUSE Leap 15.5:libsss_idmap-devel-2.5.2-150500.10.17.1 openSUSE Leap 15.5:libsss_idmap0-2.5.2-150500.10.17.1 openSUSE Leap 15.5:libsss_nss_idmap-devel-2.5.2-150500.10.17.1 openSUSE Leap 15.5:libsss_nss_idmap0-2.5.2-150500.10.17.1 openSUSE Leap 15.5:libsss_simpleifp-devel-2.5.2-150500.10.17.1 openSUSE Leap 15.5:libsss_simpleifp0-2.5.2-150500.10.17.1 openSUSE Leap 15.5:python3-ipa_hbac-2.5.2-150500.10.17.1 openSUSE Leap 15.5:python3-sss-murmur-2.5.2-150500.10.17.1 openSUSE Leap 15.5:python3-sss_nss_idmap-2.5.2-150500.10.17.1 openSUSE Leap 15.5:python3-sssd-config-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-ad-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-common-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-common-32bit-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-dbus-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-ipa-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-kcm-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-krb5-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-krb5-common-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-ldap-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-proxy-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-tools-2.5.2-150500.10.17.1 openSUSE Leap 15.5:sssd-winbind-idmap-2.5.2-150500.10.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241579-1/ https://www.suse.com/security/cve/CVE-2023-3758.html CVE-2023-3758 https://bugzilla.suse.com/1223100 SUSE Bug 1223100