ALT-PU-2024-17440-2
Closed vulnerabilities
Published: 2024-04-16
BDU:2024-04108
Уязвимость сервиса управления доступом к удаленным каталогам и механизма аутентификации SSSD, связанная с неправильной авторизацией, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.1)
Vector: AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2024-04-18
Modified: 2025-02-06
Modified: 2025-02-06
CVE-2023-3758
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
References:
- RHSA-2024:1919
- RHSA-2024:1919
- RHSA-2024:1920
- RHSA-2024:1920
- RHSA-2024:1921
- RHSA-2024:1921
- RHSA-2024:1922
- RHSA-2024:1922
- RHSA-2024:2571
- RHSA-2024:2571
- RHSA-2024:3270
- RHSA-2024:3270
- https://access.redhat.com/security/cve/CVE-2023-3758
- https://access.redhat.com/security/cve/CVE-2023-3758
- RHBZ#2223762
- RHBZ#2223762
- https://github.com/SSSD/sssd/pull/7302
- https://github.com/SSSD/sssd/pull/7302
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/
Closed bugs
Добавить зависимость на sssd-dbus к sssd-tools
При обновлении sssd без перезапуска возникают проблемы