OESA-2026-2171

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2171

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-2171.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-2171

Upstream

CVE-2026-6245

Published

2026-05-03T09:57:00Z

Modified

2026-05-03T10:19:23.535669Z

Summary

sssd security update

Details

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.

Security Fix(es):

A flaw was found in the System Security Services Daemon (SSSD). The pampasskeychildreaddata() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an out-of-bounds read when processed by functions like snprintf(). A local attacker could potentially trigger this vulnerability by initiating a crafted passkey authentication request, causing the SSSD PAM responder to crash, resulting in a local Denial of Service (DoS).(CVE-2026-6245)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:24.03-LTS-SP3 / sssd

Package

Name: sssd
Purl: pkg:rpm/openEuler/sssd&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.4-18.oe2403sp3

Ecosystem specific

{
    "x86_64": [
        "libipa_hbac-2.9.4-18.oe2403sp3.x86_64.rpm",
        "libipa_hbac-devel-2.9.4-18.oe2403sp3.x86_64.rpm",
        "libsss_autofs-2.9.4-18.oe2403sp3.x86_64.rpm",
        "libsss_certmap-2.9.4-18.oe2403sp3.x86_64.rpm",
        "libsss_certmap-devel-2.9.4-18.oe2403sp3.x86_64.rpm",
        "libsss_idmap-2.9.4-18.oe2403sp3.x86_64.rpm",
        "libsss_idmap-devel-2.9.4-18.oe2403sp3.x86_64.rpm",
        "libsss_nss_idmap-2.9.4-18.oe2403sp3.x86_64.rpm",
        "libsss_nss_idmap-devel-2.9.4-18.oe2403sp3.x86_64.rpm",
        "libsss_sudo-2.9.4-18.oe2403sp3.x86_64.rpm",
        "python3-libipa_hbac-2.9.4-18.oe2403sp3.x86_64.rpm",
        "python3-libsss_nss_idmap-2.9.4-18.oe2403sp3.x86_64.rpm",
        "python3-sss-2.9.4-18.oe2403sp3.x86_64.rpm",
        "python3-sss-murmur-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-ad-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-client-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-common-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-common-pac-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-dbus-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-debuginfo-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-debugsource-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-idp-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-ipa-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-kcm-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-krb5-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-krb5-common-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-ldap-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-nfs-idmap-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-proxy-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-tools-2.9.4-18.oe2403sp3.x86_64.rpm",
        "sssd-winbind-idmap-2.9.4-18.oe2403sp3.x86_64.rpm"
    ],
    "src": [
        "sssd-2.9.4-18.oe2403sp3.src.rpm"
    ],
    "noarch": [
        "python3-sssdconfig-2.9.4-18.oe2403sp3.noarch.rpm",
        "sssd-help-2.9.4-18.oe2403sp3.noarch.rpm"
    ],
    "aarch64": [
        "libipa_hbac-2.9.4-18.oe2403sp3.aarch64.rpm",
        "libipa_hbac-devel-2.9.4-18.oe2403sp3.aarch64.rpm",
        "libsss_autofs-2.9.4-18.oe2403sp3.aarch64.rpm",
        "libsss_certmap-2.9.4-18.oe2403sp3.aarch64.rpm",
        "libsss_certmap-devel-2.9.4-18.oe2403sp3.aarch64.rpm",
        "libsss_idmap-2.9.4-18.oe2403sp3.aarch64.rpm",
        "libsss_idmap-devel-2.9.4-18.oe2403sp3.aarch64.rpm",
        "libsss_nss_idmap-2.9.4-18.oe2403sp3.aarch64.rpm",
        "libsss_nss_idmap-devel-2.9.4-18.oe2403sp3.aarch64.rpm",
        "libsss_sudo-2.9.4-18.oe2403sp3.aarch64.rpm",
        "python3-libipa_hbac-2.9.4-18.oe2403sp3.aarch64.rpm",
        "python3-libsss_nss_idmap-2.9.4-18.oe2403sp3.aarch64.rpm",
        "python3-sss-2.9.4-18.oe2403sp3.aarch64.rpm",
        "python3-sss-murmur-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-ad-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-client-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-common-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-common-pac-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-dbus-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-debuginfo-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-debugsource-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-idp-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-ipa-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-kcm-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-krb5-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-krb5-common-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-ldap-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-nfs-idmap-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-proxy-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-tools-2.9.4-18.oe2403sp3.aarch64.rpm",
        "sssd-winbind-idmap-2.9.4-18.oe2403sp3.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-2171.json"