Fedora has issued an advisory today (August 18): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X2K4GIBR2A63ZTPDUJSVOGDICCK4XC4V/ Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Patch available from Fedora
'sssd' has no registered maintainer, and has been updated by various people; hence have to assign this globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Shell command injection in sssctl. (CVE-2021-3621) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3621 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X2K4GIBR2A63ZTPDUJSVOGDICCK4XC4V/ ======================== Updated packages in core/updates_testing: ======================== sssd-ipa-2.4.0-1.2.mga8 sssd-ad-2.4.0-1.2.mga8 sssd-tools-2.4.0-1.2.mga8 sssd-kcm-2.4.0-1.2.mga8 libsss_simpleifp-devel-2.4.0-1.2.mga8 libipa_hbac-devel-2.4.0-1.2.mga8 libsss_idmap-devel-2.4.0-1.2.mga8 libsss_certmap-devel-2.4.0-1.2.mga8 sssd-dbus-2.4.0-1.2.mga8 sssd-krb5-common-2.4.0-1.2.mga8 libsss_nss_idmap-devel-2.4.0-1.2.mga8 sssd-client-2.4.0-1.2.mga8 sssd-common-pac-2.4.0-1.2.mga8 Wrote: /home/iurt/rpmbuild/RPMS/noarch/python3-sssdconfig-2.4.0-1.2.mga8.noarch.rpm sssd-ldap-2.4.0-1.2.mga8 sssd-proxy-2.4.0-1.2.mga8 libsss_certmap-2.4.0-1.2.mga8 libsss_nss_idmap-2.4.0-1.2.mga8 sssd-krb5-2.4.0-1.2.mga8 python3-sss-2.4.0-1.2.mga8 libsss_idmap-2.4.0-1.2.mga8 libsss_autofs-2.4.0-1.2.mga8 python3-libipa_hbac-2.4.0-1.2.mga8 sssd-nfs-idmap-2.4.0-1.2.mga8 libsss_sudo-2.4.0-1.2.mga8 libipa_hbac-2.4.0-1.2.mga8 libsss_simpleifp-2.4.0-1.2.mga8 sssd-2.4.0-1.2.mga8 python3-libsss_nss_idmap-2.4.0-1.2.mga8 sssd-winbind-idmap-2.4.0-1.2.mga8 python3-sss-murmur-2.4.0-1.2.mga8 sssd-common-2.4.0-1.2.mga8 from SRPM: sssd-2.4.0-1.2.mga8.src.rpm
CVE: (none) => CVE-2021-3621Status comment: Patch available from Fedora => (none)Version: Cauldron => 8Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDWhiteboard: MGA8TOO => (none)CC: (none) => nicolas.salguero
Updated packages in core/updates_testing: ======================== sssd-ipa-2.4.0-1.2.mga8 sssd-ad-2.4.0-1.2.mga8 sssd-tools-2.4.0-1.2.mga8 sssd-kcm-2.4.0-1.2.mga8 libsss_simpleifp-devel-2.4.0-1.2.mga8 libipa_hbac-devel-2.4.0-1.2.mga8 libsss_idmap-devel-2.4.0-1.2.mga8 libsss_certmap-devel-2.4.0-1.2.mga8 sssd-dbus-2.4.0-1.2.mga8 sssd-krb5-common-2.4.0-1.2.mga8 libsss_nss_idmap-devel-2.4.0-1.2.mga8 sssd-client-2.4.0-1.2.mga8 sssd-common-pac-2.4.0-1.2.mga8 python3-sssdconfig-2.4.0-1.2.mga8 sssd-ldap-2.4.0-1.2.mga8 sssd-proxy-2.4.0-1.2.mga8 libsss_certmap-2.4.0-1.2.mga8 libsss_nss_idmap-2.4.0-1.2.mga8 sssd-krb5-2.4.0-1.2.mga8 python3-sss-2.4.0-1.2.mga8 libsss_idmap-2.4.0-1.2.mga8 libsss_autofs-2.4.0-1.2.mga8 python3-libipa_hbac-2.4.0-1.2.mga8 sssd-nfs-idmap-2.4.0-1.2.mga8 libsss_sudo-2.4.0-1.2.mga8 libipa_hbac-2.4.0-1.2.mga8 libsss_simpleifp-2.4.0-1.2.mga8 sssd-2.4.0-1.2.mga8 python3-libsss_nss_idmap-2.4.0-1.2.mga8 sssd-winbind-idmap-2.4.0-1.2.mga8 python3-sss-murmur-2.4.0-1.2.mga8 sssd-common-2.4.0-1.2.mga8 from SRPM: sssd-2.4.0-1.2.mga8.src.rpm
Len, mind taking a look at this one? I see you previously tested this package in bug 25234
CC: (none) => davidwhodgins, tarazed25
# systemctl start sssd [root@mach5 ~]# systemctl -l status sssd ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2021-09-30 15:56:28 CEST; 4s ago Main PID: 24627 (sssd) Tasks: 3 (limit: 9402) Memory: 33.1M CPU: 204ms CGroup: /system.slice/sssd.service ├─24627 /usr/sbin/sssd -i --logger=files ├─24637 /usr/libexec/sssd/sssd_be --domain implicit_files --uid 0 --gid 0 --logger=files └─24638 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files sep 30 15:56:27 mach5.hviaene.thuis systemd[1]: Starting System Security Services Daemon... sep 30 15:56:27 mach5.hviaene.thuis sssd[24627]: Starting up sep 30 15:56:27 mach5.hviaene.thuis be[implicit_files][24637]: Starting up sep 30 15:56:27 mach5.hviaene.thuis nss[24638]: Starting up sep 30 15:56:28 mach5.hviaene.thuis systemd[1]: Started System Security Services Daemon. but # sss_useradd prutser -bash: sss_useradd: command not found Checked # urpmf sss_useradd sssd-tools:/usr/share/man/ca/man8/sss_useradd.8.xz and more in man, but nothing else Checked in MCC the files in the rpm: I get: /usr/sbin/sss_debuglevel /usr/sbin/sss_obfuscate /usr/sbin/sss_override /usr/sbin/sss_seed /usr/sbin/sssctl and nothing else in /usr/sbin, so where should the command be???
CC: (none) => herman.viaene
That command doesn't exist any more. Sssd can be used as a provider of regular local users, so it's not needed.
Tried to get some feedback from the command sssctl, but apart from some help info, I couldn't get anything sensible out of it. My lack of knowledge.
Installed the packages ... urpmi \ libipa_hbac \ libipa_hbac-devel \ libsss_autofs \ libsss_certmap \ libsss_certmap-devel \ libsss_idmap \ libsss_idmap-devel \ libsss_nss_idmap \ libsss_nss_idmap-devel \ libsss_simpleifp \ libsss_simpleifp-devel \ libsss_sudo \ python3-libipa_hbac \ python3-libsss_nss_idmap \ python3-sss \ python3-sssdconfig \ python3-sss-murmur \ sssd \ sssd-ad \ sssd-client \ sssd-common \ sssd-common-pac \ sssd-dbus \ sssd-ipa \ sssd-kcm \ sssd-krb5 \ sssd-krb5-common \ sssd-ldap \ sssd-nfs-idmap \ sssd-proxy \ sssd-tools \ sssd-winbind-idmap Then installed the updates cleanly. Validating based on clean update from prior versions Advisory committed to svn
Keywords: (none) => advisory, validated_updateWhiteboard: (none) => MGA8-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0502.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED