USN-6156-2

See a problem?
Source
https://ubuntu.com/security/notices/USN-6156-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6156-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6156-2
Published
2023-06-16T11:39:50.443925Z
Modified
2023-06-16T11:39:50.443925Z
Summary
sssd regression
Details

USN-6156-1 fixed a vulnerability in SSSD. In certain environments, not all packages ended up being upgraded at the same time, resulting in authentication failures when the PAM module was being used.

This update fixes the problem. We apologize for the inconvenience.

Original advisory details:

It was discovered that SSSD incorrrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges.

References

Affected packages

Ubuntu:20.04:LTS / sssd

Package

Name
sssd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.3-3ubuntu0.12

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "sssd-ldap": "2.2.3-3ubuntu0.12",
            "libsss-idmap-dev": "2.2.3-3ubuntu0.12",
            "python3-sss": "2.2.3-3ubuntu0.12",
            "sssd-ipa": "2.2.3-3ubuntu0.12",
            "libpam-sss": "2.2.3-3ubuntu0.12",
            "libipa-hbac-dev": "2.2.3-3ubuntu0.12",
            "libsss-idmap0": "2.2.3-3ubuntu0.12",
            "sssd-ad": "2.2.3-3ubuntu0.12",
            "libwbclient-sssd": "2.2.3-3ubuntu0.12",
            "sssd": "2.2.3-3ubuntu0.12",
            "sssd-krb5-common": "2.2.3-3ubuntu0.12",
            "libnss-sss": "2.2.3-3ubuntu0.12",
            "libsss-nss-idmap-dev": "2.2.3-3ubuntu0.12",
            "sssd-proxy": "2.2.3-3ubuntu0.12",
            "python3-libsss-nss-idmap": "2.2.3-3ubuntu0.12",
            "sssd-krb5": "2.2.3-3ubuntu0.12",
            "libsss-certmap0": "2.2.3-3ubuntu0.12",
            "libwbclient-sssd-dev": "2.2.3-3ubuntu0.12",
            "libsss-nss-idmap0": "2.2.3-3ubuntu0.12",
            "libsss-simpleifp-dev": "2.2.3-3ubuntu0.12",
            "libsss-certmap-dev": "2.2.3-3ubuntu0.12",
            "sssd-dbus": "2.2.3-3ubuntu0.12",
            "python3-libipa-hbac": "2.2.3-3ubuntu0.12",
            "sssd-ad-common": "2.2.3-3ubuntu0.12",
            "libsss-sudo": "2.2.3-3ubuntu0.12",
            "libsss-simpleifp0": "2.2.3-3ubuntu0.12",
            "sssd-common": "2.2.3-3ubuntu0.12",
            "libipa-hbac0": "2.2.3-3ubuntu0.12",
            "sssd-tools": "2.2.3-3ubuntu0.12",
            "sssd-kcm": "2.2.3-3ubuntu0.12"
        }
    ]
}