Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6836-1

Ubuntu Security Notice 6836-1 - It was discovered that SSSD did not always correctly apply the GPO policy for authenticated users, contrary to expectations. This could result in improper authorization or improper access to resources.

Packet Storm
#vulnerability#ubuntu#auth

==========================================================================
Ubuntu Security Notice USN-6836-1
June 17, 2024

sssd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Summary:

SSSD did not always correctly apply the GPO policy.

Software Description:

  • sssd: System Security Services Daemon

Details:

It was discovered that SSSD did not always correctly apply the GPO policy
for authenticated users, contrary to expectations. This could result in
improper authorization or improper access to resources.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
sssd 2.9.4-1.1ubuntu6.1

Ubuntu 23.10
sssd 2.9.1-2ubuntu2.1

Ubuntu 22.04 LTS
sssd 2.6.3-1ubuntu3.3

Ubuntu 20.04 LTS
sssd 2.2.3-3ubuntu0.13

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6836-1
CVE-2023-3758

Package Information:
https://launchpad.net/ubuntu/+source/sssd/2.9.4-1.1ubuntu6.1
https://launchpad.net/ubuntu/+source/sssd/2.9.1-2ubuntu2.1
https://launchpad.net/ubuntu/+source/sssd/2.6.3-1ubuntu3.3
https://launchpad.net/ubuntu/+source/sssd/2.2.3-3ubuntu0.13

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution