Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for sssd ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21290-1 Rating: important References: * bsc#1270708 * bsc#1270709 Cross-References: * CVE-2026-14474 * CVE-2026-14476 CVSS scores: * CVE-2026-14474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-14476 ( SUSE ): 8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for sssd fixes the following issues - CVE-2026-14474: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation (bsc#1270709). - CVE-2026-14476: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass (bsc#1270708). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1201=1 Package List: - openSUSE Leap 16.0: libipa_hbac-devel-2.10.2-160000.3.1 libipa_hbac0-2.10.2-160000.3.1 libnfsidmap-sss-2.10.2-160000.3.1 libsss_certmap-devel-2.10.2-160000.3.1 libsss_certmap0-2.10.2-160000.3.1 libsss_idmap-devel-2.10.2-160000.3.1 libsss_idmap0-2.10.2-160000.3.1 libsss_nss_idmap-devel-2.10.2-160000.3.1 libsss_nss_idmap0-2.10.2-160000.3.1 python3-ipa_hbac-2.10.2-160000.3.1 python3-sss-murmur-2.10.2-160000.3.1 python3-sss_nss_idmap-2.10.2-160000.3.1 python3-sssd-config-2.10.2-160000.3.1 sssd-2.10.2-160000.3.1 sssd-ad-2.10.2-160000.3.1 sssd-cifs-idmap-plugin-2.10.2-160000.3.1 sssd-dbus-2.10.2-160000.3.1 sssd-ipa-2.10.2-160000.3.1 sssd-kcm-2.10.2-160000.3.1 sssd-krb5-2.10.2-160000.3.1 sssd-krb5-common-2.10.2-160000.3.1 sssd-ldap-2.10.2-160000.3.1 sssd-proxy-2.10.2-160000.3.1 sssd-tools-2.10.2-160000.3.1 sssd-winbind-idmap-2.10.2-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2026-14474.html * https://www.suse.com/security/cve/CVE-2026-14476.html . Install critical patches for sssd vulnerabilities on openSUSE Leap 16.0 to secure LDAP provider and GPO cache.. sssd security patch, openSUSE vulnerabilities, LDAP authentication fix, Kerberos security update. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.