Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE 15-SP4: 2022:2764-1 Moderate: SSSD Remote Code Execution

suse
Calendar Grey August 10, 2022
Dist Suse Esm H88
Enhance your SUSE environment by applying crucial updates for sssd, addressing moderate risk vulnerabilities along with upgraded functionalities.
An update that solves one vulnerability and has four fixes is now available

Summary

This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommand (bsc#1189492). - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte (bsc#1190775) - Fix 32-bit libraries package. Libraries were moved from sssd to sssd-common but baselibs.conf was not updated accordingly (bsc#1182058, bsc#1196166) - Remove caches only when performing a package downgrade. The sssd daemon takes care of upgrading the database format when necessary (bsc#1195552) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory moderate update patch SUSE command injection sssd

References

#1182058 #1189492 #1190775 #1195552 #1196166

Cross- CVE-2021-3621

CVSS scores:

CVE-2021-3621 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-3621 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Desktop 15-SP4

SUSE Linux Enterprise High Performance Computing 15-SP4

SUSE Linux Enterprise Module for Basesystem 15-SP4

SUSE Linux Enterprise Server 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15-SP4

SUSE Manager Proxy 4.3

SUSE Manager Retail Branch Server 4.3

SUSE Manager Server 4.3

openSUSE Leap 15.4

https://www.suse.com/security/cve/CVE-2021-3621.html

https://bugzilla.suse.com/1182058

https://bugzilla.suse.com/1189492

https://bugzilla.suse.com/1190775

https://bugzi...

Read the Full Advisory

Announcement ID: SUSE-SU-2022:2763-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate update patch SUSE command injection sssd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here