Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Oracle Linux 7 ELSA-2021-3336 Critical: SSSD Command Injection Fix

oracle
Calendar Grey August 31, 2021
Oracle Linux Logo Esm H88
The security patch ELSA-2021-3337 for Oracle Linux 7 addresses vulnerabilities in SSSD, bolstering both system resilience and operational security.
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Summary

[1.16.5-10.0.1] - Revert Redhat's change of disallowing duplicated incomplete gid when "id_provider=ldap" is used, which caused regression in AD environment. [Orabug: 29286774] [Doc ID 2605732.1] [1.16.5-10.10] - Resolves: rhbz#1973796 - SSSD is NOT able to contact the Global Catalog when local site is down [1.16.5-10.9] - Resolves: rhbz#1988463 - Missing search index for `originalADgidNumber` [rhel-7.9.z] - Resolves: rhbz#1968330 - id lookup is failing intermittently - Resolves: rhbz#1964415 - Memory leak in the simple access provider - Resolves: rhbz#1985457 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-7.9.z]

Topics%20covered

Topics Covered

security advisory critical Oracle Linux shell command injection SSSD

SRPMs

https://oss.oracle.com:443/ol7/SRPMS-updates/sssd-1.16.5-10.0.1.el7_9.10.src.rpm

x86_64

aarch64

libipa_hbac-1.16.5-10.0.1.el7_9.10.aarch64.rpm libsss_autofs-1.16.5-10.0.1.el7_9.10.aarch64.rpm libsss_certmap-1.16.5-10.0.1.el7_9.10.aarch64.rpm libsss_idmap-1.16.5-10.0.1.el7_9.10.aarch64.rpm libsss_nss_idmap-1.16.5-10.0.1.el7_9.10.aarch64.rpm libsss_simpleifp-1.16.5-10.0.1.el7_9.10.aarch64.rpm libsss_sudo-1.16.5-10.0.1.el7_9.10.aarch64.rpm python-libipa_hbac-1.16.5-10.0.1.el7_9.10.aarch64.rpm python-libsss_nss_idmap-1.16.5-10.0.1.el7_9.10.aarch64.rpm python-sss-1.16.5-10.0.1.el7_9.10.aarch64.rpm python-sssdconfig-1.16.5-10.0.1.el7_9.10.noarch.rpm python-sss-murmur-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-ad-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-client-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-common-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-common-pac-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-dbus-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-ipa-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-kcm-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-krb5-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-krb5-common-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-ldap-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-libwbclient-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-polkit-rules-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-proxy-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-tools-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-winbind-idmap-1.16.5-10.0.1.el7_9.10.aarch64.rpm libipa_hbac-devel-1.16.5-10.0.1.el7_9.10.aarch64.rpm libsss_certmap-devel-1.16.5-10.0.1.el7_9.10.aarch64.rpm libsss_idmap-devel-1.16.5-10.0.1.el7_9.10.aarch64.rpm libsss_nss_idmap-devel-1.16.5-10.0.1.el7_9.10.aarch64.rpm libsss_simpleifp-devel-1.16.5-10.0.1.el7_9.10.aarch64.rpm sssd-libwbclient-devel-1.16.5-10.0.1.el7_9.10.aarch64.rpm

Severity
critical
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2021-3621

Topics%20covered

Topics Covered

security advisory critical Oracle Linux shell command injection SSSD

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here