Download
| Alert*
oval:org.secpod.oval:def:507502
The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:1506376 [1.16.5-10.0.3] - Revert Redhat"s change of disallowing duplicated incomplete gid when id_provider=ldap is used, which caused regression in AD environment. [Orabug: 29286774] [Doc ID 2605732.1] [1.16.5-10.15] - Resolves: rhbz#2149703 - smartcards: special characters must be escaped when building sea ... oval:org.secpod.oval:def:89048195 This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover oval:org.secpod.oval:def:708235 sssd: System Security Services Daemon SSSD could allow unintended access to network services. oval:org.secpod.oval:def:93875 sssd: System Security Services Daemon SSSD could allow unintended access to network services. oval:org.secpod.oval:def:89048219 This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. - Move systemd RPM macros managing the service from "sssd-common" to "sssd" package oval:org.secpod.oval:def:89048229 This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover oval:org.secpod.oval:def:89048217 This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover oval:org.secpod.oval:def:206004 Security Fix: sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix: oval:org.secpod.oval:def:89048188 This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover oval:org.secpod.oval:def:1701234 A vulnerability was found in SSSD, in the libsss_certmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT authe ... oval:org.secpod.oval:def:1601671 A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat ... |