Bug 29383 - sssd new security issue CVE-2021-3621
Summary: sssd new security issue CVE-2021-3621
Status: ASSIGNED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-08-18 16:41 CEST by David Walser
Modified: 2021-08-30 16:19 CEST (History)
1 user (show)

See Also:
Source RPM: sssd-2.4.2-4.mga9.src.rpm
CVE: CVE-2021-3621
Status comment:


Attachments

Description David Walser 2021-08-18 16:41:07 CEST
Fedora has issued an advisory today (August 18):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X2K4GIBR2A63ZTPDUJSVOGDICCK4XC4V/

Mageia 8 is also affected.
David Walser 2021-08-18 16:41:25 CEST

Status comment: (none) => Patch available from Fedora
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2021-08-19 08:22:06 CEST
'sssd' has no registered maintainer, and has been updated by various people; hence have to assign this globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2021-08-30 16:18:56 CEST
Suggested advisory:
========================

The updated packages fix a security vulnerability:

Shell command injection in sssctl. (CVE-2021-3621)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3621
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X2K4GIBR2A63ZTPDUJSVOGDICCK4XC4V/
========================

Updated packages in core/updates_testing:
========================
sssd-ipa-2.4.0-1.2.mga8
sssd-ad-2.4.0-1.2.mga8
sssd-tools-2.4.0-1.2.mga8
sssd-kcm-2.4.0-1.2.mga8
libsss_simpleifp-devel-2.4.0-1.2.mga8
libipa_hbac-devel-2.4.0-1.2.mga8
libsss_idmap-devel-2.4.0-1.2.mga8
libsss_certmap-devel-2.4.0-1.2.mga8
sssd-dbus-2.4.0-1.2.mga8
sssd-krb5-common-2.4.0-1.2.mga8
libsss_nss_idmap-devel-2.4.0-1.2.mga8
sssd-client-2.4.0-1.2.mga8
sssd-common-pac-2.4.0-1.2.mga8
Wrote: /home/iurt/rpmbuild/RPMS/noarch/python3-sssdconfig-2.4.0-1.2.mga8.noarch.rpm
sssd-ldap-2.4.0-1.2.mga8
sssd-proxy-2.4.0-1.2.mga8
libsss_certmap-2.4.0-1.2.mga8
libsss_nss_idmap-2.4.0-1.2.mga8
sssd-krb5-2.4.0-1.2.mga8
python3-sss-2.4.0-1.2.mga8
libsss_idmap-2.4.0-1.2.mga8
libsss_autofs-2.4.0-1.2.mga8
python3-libipa_hbac-2.4.0-1.2.mga8
sssd-nfs-idmap-2.4.0-1.2.mga8
libsss_sudo-2.4.0-1.2.mga8
libipa_hbac-2.4.0-1.2.mga8
libsss_simpleifp-2.4.0-1.2.mga8
sssd-2.4.0-1.2.mga8
python3-libsss_nss_idmap-2.4.0-1.2.mga8
sssd-winbind-idmap-2.4.0-1.2.mga8
python3-sss-murmur-2.4.0-1.2.mga8
sssd-common-2.4.0-1.2.mga8

from SRPM:
sssd-2.4.0-1.2.mga8.src.rpm

Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Status comment: Patch available from Fedora => (none)
CC: (none) => nicolas.salguero
Whiteboard: MGA8TOO => (none)
CVE: (none) => CVE-2021-3621
Version: Cauldron => 8

Comment 3 Nicolas Salguero 2021-08-30 16:19:50 CEST
Updated packages in core/updates_testing:
========================
sssd-ipa-2.4.0-1.2.mga8
sssd-ad-2.4.0-1.2.mga8
sssd-tools-2.4.0-1.2.mga8
sssd-kcm-2.4.0-1.2.mga8
libsss_simpleifp-devel-2.4.0-1.2.mga8
libipa_hbac-devel-2.4.0-1.2.mga8
libsss_idmap-devel-2.4.0-1.2.mga8
libsss_certmap-devel-2.4.0-1.2.mga8
sssd-dbus-2.4.0-1.2.mga8
sssd-krb5-common-2.4.0-1.2.mga8
libsss_nss_idmap-devel-2.4.0-1.2.mga8
sssd-client-2.4.0-1.2.mga8
sssd-common-pac-2.4.0-1.2.mga8
python3-sssdconfig-2.4.0-1.2.mga8
sssd-ldap-2.4.0-1.2.mga8
sssd-proxy-2.4.0-1.2.mga8
libsss_certmap-2.4.0-1.2.mga8
libsss_nss_idmap-2.4.0-1.2.mga8
sssd-krb5-2.4.0-1.2.mga8
python3-sss-2.4.0-1.2.mga8
libsss_idmap-2.4.0-1.2.mga8
libsss_autofs-2.4.0-1.2.mga8
python3-libipa_hbac-2.4.0-1.2.mga8
sssd-nfs-idmap-2.4.0-1.2.mga8
libsss_sudo-2.4.0-1.2.mga8
libipa_hbac-2.4.0-1.2.mga8
libsss_simpleifp-2.4.0-1.2.mga8
sssd-2.4.0-1.2.mga8
python3-libsss_nss_idmap-2.4.0-1.2.mga8
sssd-winbind-idmap-2.4.0-1.2.mga8
python3-sss-murmur-2.4.0-1.2.mga8
sssd-common-2.4.0-1.2.mga8

from SRPM:
sssd-2.4.0-1.2.mga8.src.rpm

Note You need to log in before you can comment on or make changes to this bug.