==========================================================================
Ubuntu Security Notice USN-6836-1
June 17, 2024sssd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
SSSD did not always correctly apply the GPO policy.
Software Description:
- sssd: System Security Services Daemon
Details:
It was discovered that SSSD did not always correctly apply the GPO policy
for authenticated users, contrary to expectations. This could result in
improper authorization or improper access to resources.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
sssd 2.9.4-1.1ubuntu6.1
Ubuntu 23.10
sssd 2.9.1-2ubuntu2.1
Ubuntu 22.04 LTS
sssd 2.6.3-1ubuntu3.3
Ubuntu 20.04 LTS
sssd 2.2.3-3ubuntu0.13
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6836-1
CVE-2023-3758
Package Information:
https://launchpad.net/ubuntu/+source/sssd/2.9.4-1.1ubuntu6.1
https://launchpad.net/ubuntu/+source/sssd/2.9.1-2ubuntu2.1
https://launchpad.net/ubuntu/+source/sssd/2.6.3-1ubuntu3.3
https://launchpad.net/ubuntu/+source/sssd/2.2.3-3ubuntu0.13