Security update for sssd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1941-1 Final 1 1 2024-06-07T14:33:39Z current 2024-06-07T14:33:39Z 2024-06-07T14:33:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for sssd This update for sssd fixes the following issues: - CVE-2023-3758: Fixed race condition during authorization leads to GPO policies functioning inconsistently (bsc#1223100). The following non-security bugs were fixed: - Use the name from the cached entries when updating them to avoid capitalization problems (bsc#1223050). - Extend sssctl command line tool to manage the cached GPOs; (jsc#PED-7677). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/manager/5.0/x86_64/server:latest-2024-1941,SUSE-2024-1941,SUSE-SLE-Module-Basesystem-15-SP6-2024-1941,openSUSE-SLE-15.6-2024-1941 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241941-1/ Link for SUSE-SU-2024:1941-1 https://lists.suse.com/pipermail/sle-updates/2024-June/035531.html E-Mail link for SUSE-SU-2024:1941-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1223050 SUSE Bug 1223050 https://bugzilla.suse.com/1223100 SUSE Bug 1223100 https://www.suse.com/security/cve/CVE-2023-3758/ SUSE CVE CVE-2023-3758 page Container suse/manager/5.0/x86_64/server:latest SUSE Linux Enterprise Module for Basesystem 15 SP6 openSUSE Leap 15.6 libipa_hbac0-2.9.3-150600.3.3.1 libsss_certmap0-2.9.3-150600.3.3.1 libsss_idmap0-2.9.3-150600.3.3.1 libsss_nss_idmap0-2.9.3-150600.3.3.1 python3-sssd-config-2.9.3-150600.3.3.1 sssd-2.9.3-150600.3.3.1 sssd-ad-2.9.3-150600.3.3.1 sssd-dbus-2.9.3-150600.3.3.1 sssd-ipa-2.9.3-150600.3.3.1 sssd-krb5-2.9.3-150600.3.3.1 sssd-krb5-common-2.9.3-150600.3.3.1 sssd-ldap-2.9.3-150600.3.3.1 sssd-tools-2.9.3-150600.3.3.1 libipa_hbac-devel-2.9.3-150600.3.3.1 libnfsidmap-sss-2.9.3-150600.3.3.1 libsss_certmap-devel-2.9.3-150600.3.3.1 libsss_idmap-devel-2.9.3-150600.3.3.1 libsss_nss_idmap-devel-2.9.3-150600.3.3.1 libsss_simpleifp-devel-2.9.3-150600.3.3.1 libsss_simpleifp0-2.9.3-150600.3.3.1 python3-ipa_hbac-2.9.3-150600.3.3.1 python3-sss-murmur-2.9.3-150600.3.3.1 python3-sss_nss_idmap-2.9.3-150600.3.3.1 sssd-32bit-2.9.3-150600.3.3.1 sssd-64bit-2.9.3-150600.3.3.1 sssd-kcm-2.9.3-150600.3.3.1 sssd-proxy-2.9.3-150600.3.3.1 sssd-winbind-idmap-2.9.3-150600.3.3.1 libipa_hbac0-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest libsss_certmap0-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest libsss_idmap0-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest libsss_nss_idmap0-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest python3-sssd-config-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest sssd-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest sssd-ad-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest sssd-dbus-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest sssd-ipa-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest sssd-krb5-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest sssd-krb5-common-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest sssd-ldap-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest sssd-tools-2.9.3-150600.3.3.1 as a component of Container suse/manager/5.0/x86_64/server:latest libipa_hbac-devel-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libipa_hbac0-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsss_certmap-devel-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsss_certmap0-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsss_idmap-devel-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsss_idmap0-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsss_nss_idmap-devel-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsss_nss_idmap0-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsss_simpleifp-devel-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsss_simpleifp0-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 python3-sssd-config-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-32bit-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-ad-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-dbus-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-ipa-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-kcm-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-krb5-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-krb5-common-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-ldap-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-proxy-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-tools-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 sssd-winbind-idmap-2.9.3-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libipa_hbac-devel-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 libipa_hbac0-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 libnfsidmap-sss-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 libsss_certmap-devel-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 libsss_certmap0-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 libsss_idmap-devel-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 libsss_idmap0-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 libsss_nss_idmap-devel-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 libsss_nss_idmap0-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 libsss_simpleifp-devel-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 libsss_simpleifp0-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 python3-ipa_hbac-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 python3-sss-murmur-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 python3-sss_nss_idmap-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 python3-sssd-config-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 sssd-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 sssd-ad-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 sssd-dbus-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 sssd-ipa-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 sssd-kcm-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 sssd-krb5-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 sssd-krb5-common-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 sssd-ldap-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 sssd-proxy-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 sssd-tools-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 sssd-winbind-idmap-2.9.3-150600.3.3.1 as a component of openSUSE Leap 15.6 A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. CVE-2023-3758 Container suse/manager/5.0/x86_64/server:latest:libipa_hbac0-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:libsss_certmap0-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:libsss_idmap0-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:libsss_nss_idmap0-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:python3-sssd-config-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:sssd-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:sssd-ad-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:sssd-dbus-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:sssd-ipa-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:sssd-krb5-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:sssd-krb5-common-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:sssd-ldap-2.9.3-150600.3.3.1 Container suse/manager/5.0/x86_64/server:latest:sssd-tools-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libipa_hbac-devel-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libipa_hbac0-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsss_certmap-devel-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsss_certmap0-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsss_idmap-devel-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsss_idmap0-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsss_nss_idmap-devel-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsss_nss_idmap0-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsss_simpleifp-devel-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsss_simpleifp0-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-sssd-config-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-32bit-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-ad-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-dbus-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-ipa-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-kcm-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-krb5-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-krb5-common-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-ldap-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-proxy-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-tools-2.9.3-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:sssd-winbind-idmap-2.9.3-150600.3.3.1 openSUSE Leap 15.6:libipa_hbac-devel-2.9.3-150600.3.3.1 openSUSE Leap 15.6:libipa_hbac0-2.9.3-150600.3.3.1 openSUSE Leap 15.6:libnfsidmap-sss-2.9.3-150600.3.3.1 openSUSE Leap 15.6:libsss_certmap-devel-2.9.3-150600.3.3.1 openSUSE Leap 15.6:libsss_certmap0-2.9.3-150600.3.3.1 openSUSE Leap 15.6:libsss_idmap-devel-2.9.3-150600.3.3.1 openSUSE Leap 15.6:libsss_idmap0-2.9.3-150600.3.3.1 openSUSE Leap 15.6:libsss_nss_idmap-devel-2.9.3-150600.3.3.1 openSUSE Leap 15.6:libsss_nss_idmap0-2.9.3-150600.3.3.1 openSUSE Leap 15.6:libsss_simpleifp-devel-2.9.3-150600.3.3.1 openSUSE Leap 15.6:libsss_simpleifp0-2.9.3-150600.3.3.1 openSUSE Leap 15.6:python3-ipa_hbac-2.9.3-150600.3.3.1 openSUSE Leap 15.6:python3-sss-murmur-2.9.3-150600.3.3.1 openSUSE Leap 15.6:python3-sss_nss_idmap-2.9.3-150600.3.3.1 openSUSE Leap 15.6:python3-sssd-config-2.9.3-150600.3.3.1 openSUSE Leap 15.6:sssd-2.9.3-150600.3.3.1 openSUSE Leap 15.6:sssd-ad-2.9.3-150600.3.3.1 openSUSE Leap 15.6:sssd-dbus-2.9.3-150600.3.3.1 openSUSE Leap 15.6:sssd-ipa-2.9.3-150600.3.3.1 openSUSE Leap 15.6:sssd-kcm-2.9.3-150600.3.3.1 openSUSE Leap 15.6:sssd-krb5-2.9.3-150600.3.3.1 openSUSE Leap 15.6:sssd-krb5-common-2.9.3-150600.3.3.1 openSUSE Leap 15.6:sssd-ldap-2.9.3-150600.3.3.1 openSUSE Leap 15.6:sssd-proxy-2.9.3-150600.3.3.1 openSUSE Leap 15.6:sssd-tools-2.9.3-150600.3.3.1 openSUSE Leap 15.6:sssd-winbind-idmap-2.9.3-150600.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241941-1/ https://www.suse.com/security/cve/CVE-2023-3758.html CVE-2023-3758 https://bugzilla.suse.com/1223100 SUSE Bug 1223100