Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Fedora 44 sssd Severe Use After Free and Path Traversal Vulnerabilities

fedora
Calendar Grey July 10, 2026
Dist Fedora Esm H88
Critical updates for Fedora 44 addressing use-after-free crashes and authentication flaws in sssd software.
CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476 - rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process - rhbz#2497650: CVE-2026-14476 sssd: s...

Summary

Provides a set of daemons to manage access to remote directories and

authentication mechanisms. It provides an NSS and PAM interface toward

the system and a pluggable back end system to connect to multiple different

account sources. It is also the basis to provide client auditing and policy

services for projects like FreeIPA.

The sssd subpackage is a meta-package that contains the daemon as well as all

the existing back ends.

Update Information:

CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476 - rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process - rhbz#2497650: CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass - rhbz#2497651: CVE-2026-14474 sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation

Change Log

* Wed Jul 8 2026 Sumit Bose - 2.13.1-2 - CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476 - rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process - rhbz#2497650: CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass - rhbz#2497651: CVE-2026-14474 sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation

References


[ 1 ] Bug #2494777 - CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494777 [ 2 ] Bug #2497650 - CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497650 [ 3 ] Bug #2497651 - CVE-2026-14474 sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497651

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5acfb0243b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: sssd
Product: Fedora 44
Version: 2.13.1
Release: 2.fc44
Summary: System Security Services Daemon

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.