Explore top 10 tips to secure your open-source projects now. Read More
×
This update for sssd fixes the following issues
- CVE-2026-14474: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege
escalation (bsc#1270709).
- CVE-2026-14476: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass
(bsc#1270708).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1201=1
- openSUSE Leap 16.0:
libipa_hbac-devel-2.10.2-160000.3.1
libipa_hbac0-2.10.2-160000.3.1
libnfsidmap-sss-2.10.2-160000.3.1
libsss_certmap-devel-2.10.2-160000.3.1
libsss_certmap0-2.10.2-160000.3.1
libsss_idmap-devel-2.10.2-160000.3.1
libsss_idmap0-2.10.2-160000.3.1
libsss_nss_idmap-devel-2.10.2-160000.3.1
libsss_nss_idmap0-2.10.2-160000.3.1
python3-ipa_hbac-2.10.2-160000.3.1
python3-sss-murmur-2.10.2-160000.3.1
python3-sss_nss_idmap-2.10.2-160000.3.1
python3-sssd-config-2.10.2-160000.3.1
sssd-2.10.2-160000.3.1
sssd-ad-2.10.2-160000.3.1
sssd-cifs-idmap-plugin-2.10.2-160000.3.1
sssd-dbus-2.10.2-160000.3.1
sssd-ipa-2.10.2-160000.3.1
sssd-kcm-2.10.2-160000.3.1
sssd-krb5-2.10.2-160000.3.1
sssd-krb5-common-2.10.2-160000.3.1
sssd-ldap-2.10.2-160000.3.1
sssd-proxy-2.10.2-160000.3.1
sssd-tools-2.10.2-160000.3.1
sssd-winbind-idmap-2.10.2-160000.3.1
* bsc#1270708
* bsc#1270709
References:
* https://www.suse.com/security/cve/CVE-2026-14474.html
* https://www.suse.com/security/cve/CVE-2026-14476.html
Get the latest Linux and open source security news straight to your inbox.