RLSA-2024:2571

See a problem?
Please try reporting it to the source first.

Source

https://errata.rockylinux.org/RLSA-2024:2571

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2024:2571.json

JSON Data

https://api.osv.dev/v1/vulns/RLSA-2024:2571

Related

CVE-2023-3758

Published

2024-05-10T14:32:36.204878Z

Modified

2024-05-10T14:34:19.483615Z

Summary

Moderate: sssd security and bug fix update

Details

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.

Security Fix(es):

sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758)

Bug Fix(es):

socket leak (JIRA:Rocky Linux-22340)
Passkey cannot fall back to password (JIRA:Rocky Linux-28161)
sssd: Race condition during authorization leads to GPO policies functioning inconsistently (JIRA:Rocky Linux-27209)

References

https://errata.rockylinux.org/RLSA-2024:2571

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:9 / sssd

Package

Name: sssd
Purl: pkg:rpm/rocky-linux/sssd?distro=rocky-linux-9&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.9.4-6.el9_4