SciLinux: SLSA-2023-0403-1 Important: sssd on SL7.x x86_64 | LinuxS...
Synopsis:          Important: sssd security and bug fix update
Advisory ID:       SLSA-2023:0403-1
Issue Date:        2023-01-24
CVE Numbers:       CVE-2022-4254
--

Security Fix(es):

* sssd: libsss_certmap fails to sanitise certificate data used in LDAP
filters (CVE-2022-4254)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE

Bug Fix(es):

* smartcards: special characters must be escaped when building search
filter
--

SL7
  x86_64
    libipa_hbac-1.16.5-10.el7_9.15.i686.rpm
    libipa_hbac-1.16.5-10.el7_9.15.x86_64.rpm
    libsss_autofs-1.16.5-10.el7_9.15.x86_64.rpm
    libsss_certmap-1.16.5-10.el7_9.15.i686.rpm
    libsss_certmap-1.16.5-10.el7_9.15.x86_64.rpm
    libsss_idmap-1.16.5-10.el7_9.15.i686.rpm
    libsss_idmap-1.16.5-10.el7_9.15.x86_64.rpm
    libsss_nss_idmap-1.16.5-10.el7_9.15.i686.rpm
    libsss_nss_idmap-1.16.5-10.el7_9.15.x86_64.rpm
    libsss_simpleifp-1.16.5-10.el7_9.15.i686.rpm
    libsss_simpleifp-1.16.5-10.el7_9.15.x86_64.rpm
    libsss_sudo-1.16.5-10.el7_9.15.x86_64.rpm
    python-libipa_hbac-1.16.5-10.el7_9.15.x86_64.rpm
    python-sss-1.16.5-10.el7_9.15.x86_64.rpm
    python-sss-murmur-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-ad-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-client-1.16.5-10.el7_9.15.i686.rpm
    sssd-client-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-common-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-common-pac-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-dbus-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-debuginfo-1.16.5-10.el7_9.15.i686.rpm
    sssd-debuginfo-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-ipa-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-kcm-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-krb5-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-krb5-common-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-ldap-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-libwbclient-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-polkit-rules-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-proxy-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-tools-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-winbind-idmap-1.16.5-10.el7_9.15.x86_64.rpm
    libipa_hbac-devel-1.16.5-10.el7_9.15.i686.rpm
    libipa_hbac-devel-1.16.5-10.el7_9.15.x86_64.rpm
    libsss_certmap-devel-1.16.5-10.el7_9.15.i686.rpm
    libsss_certmap-devel-1.16.5-10.el7_9.15.x86_64.rpm
    libsss_idmap-devel-1.16.5-10.el7_9.15.i686.rpm
    libsss_idmap-devel-1.16.5-10.el7_9.15.x86_64.rpm
    libsss_nss_idmap-devel-1.16.5-10.el7_9.15.i686.rpm
    libsss_nss_idmap-devel-1.16.5-10.el7_9.15.x86_64.rpm
    libsss_simpleifp-devel-1.16.5-10.el7_9.15.i686.rpm
    libsss_simpleifp-devel-1.16.5-10.el7_9.15.x86_64.rpm
    python-libsss_nss_idmap-1.16.5-10.el7_9.15.x86_64.rpm
    sssd-libwbclient-devel-1.16.5-10.el7_9.15.i686.rpm
    sssd-libwbclient-devel-1.16.5-10.el7_9.15.x86_64.rpm
  noarch
    python-sssdconfig-1.16.5-10.el7_9.15.noarch.rpm

- Scientific Linux Development Team

SciLinux: SLSA-2023-0403-1 Important: sssd on SL7.x x86_64

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters (CVE-2022-4254) For more details about the security issue(s), including the impact, a CVSS score, ackno...

Summary

Important: sssd security and bug fix update



Security Fixes

* sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters (CVE-2022-4254)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE

Severity
Advisory ID: SLSA-2023:0403-1
Issued Date: : 2023-01-24
CVE Numbers: CVE-2022-4254

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.