It was discovered that SSSD incorrrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges.
{ "availability": "No subscription needed", "binaries": [ { "sssd-ldap": "2.2.3-3ubuntu0.11", "libsss-idmap-dev": "2.2.3-3ubuntu0.11", "python3-sss": "2.2.3-3ubuntu0.11", "sssd-ipa": "2.2.3-3ubuntu0.11", "libpam-sss": "2.2.3-3ubuntu0.11", "libipa-hbac-dev": "2.2.3-3ubuntu0.11", "libsss-idmap0": "2.2.3-3ubuntu0.11", "sssd-ad": "2.2.3-3ubuntu0.11", "libwbclient-sssd": "2.2.3-3ubuntu0.11", "sssd": "2.2.3-3ubuntu0.11", "sssd-krb5-common": "2.2.3-3ubuntu0.11", "libnss-sss": "2.2.3-3ubuntu0.11", "libsss-nss-idmap-dev": "2.2.3-3ubuntu0.11", "sssd-proxy": "2.2.3-3ubuntu0.11", "python3-libsss-nss-idmap": "2.2.3-3ubuntu0.11", "sssd-krb5": "2.2.3-3ubuntu0.11", "libsss-certmap0": "2.2.3-3ubuntu0.11", "libwbclient-sssd-dev": "2.2.3-3ubuntu0.11", "libsss-nss-idmap0": "2.2.3-3ubuntu0.11", "libsss-simpleifp-dev": "2.2.3-3ubuntu0.11", "libsss-certmap-dev": "2.2.3-3ubuntu0.11", "sssd-dbus": "2.2.3-3ubuntu0.11", "python3-libipa-hbac": "2.2.3-3ubuntu0.11", "sssd-ad-common": "2.2.3-3ubuntu0.11", "libsss-sudo": "2.2.3-3ubuntu0.11", "libsss-simpleifp0": "2.2.3-3ubuntu0.11", "sssd-common": "2.2.3-3ubuntu0.11", "libipa-hbac0": "2.2.3-3ubuntu0.11", "sssd-tools": "2.2.3-3ubuntu0.11", "sssd-kcm": "2.2.3-3ubuntu0.11" } ] }