ALT Linux Team

Package sssd update in c9f2 on 2025-12-05

ALT-PU-2025-15234-3

Package sssd updated to version 2.9.7-alt1.c9f2.1 for branch c9f2 in task 401534.

Closed vulnerabilities

Published: 2024-05-27
Modified: 2025-12-26

BDU:2024-04108

Уязвимость сервиса управления доступом к удаленным каталогам и механизма аутентификации SSSD, связанная с неправильной авторизацией, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.1) Vector: AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.5) Vector: AV:A/AC:H/Au:S/C:C/I:C/A:C
References:
Published: 2024-04-18
Modified: 2025-11-03

CVE-2023-3758

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2025-10-09
Modified: 2025-12-11

CVE-2025-11561

A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #51860

Добавить зависимость на sssd-dbus к sssd-tools

Bug #52364

При обновлении sssd без перезапуска возникают проблемы

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top