-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2758-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky September 15, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : sssd Version : 1.15.0-3+deb9u2 CVE ID : CVE-2021-3621 One security issue has been discovered in sssd. The sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. For Debian 9 stretch, this problem has been fixed in version 1.15.0-3+deb9u2. We recommend that you upgrade your sssd packages. For the detailed security status of sssd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sssd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmFCWGQACgkQ0+Fzg8+n /wboeQ/+J/Y0UfLvGRUnUYaLZjU/8ab+TeN0Bfq3cjxluu3zmmxY9dfZNuHU1dWO UHgmefRAULUaZ6i6tmiTj08gKxSrQu8anNYrZAfEQcBSU/LHlHup1rh2IaD+AoRs iAUaD+VitXrI0tHvHKoomFRjBCAcgdSq30nzVvv4HxuX/I5/ILQ5UMWrvSk/JJb6 t7lgORo9fn82NqTUBtfB7+sBXqeN4mtY5O7ViW/sBbaeZ6V1eRpeM9Ocb07tsPOK ZTtjvrwI0+LtAbozhUK3kCUsVmoMWX4S3g9gOmA9czfy55/r6F7Z1QbEzc9RqnPH 4vJXDwe9rTc/nLoUXIgSgc8Q04/YvdqnpxVPqO0fZ/D+yCrTqSRcuSgPioz85Zjx ei43NgpZMLRheeA6sJKaVNyU5vj7nXgqUosTDS6kGZXHIsm4/DkfLBgp5xM9+I8z As1IkXlK82BWZdXxxfpG+zBzIGrPf2/3OSRBpEOsFMDM4fi6uDxwcldCDcjUCf1h tyUnx4Cvh0npPGiSUtOVjZ6e8KYBLt/R6xPWKxrYJMeBO7nSL0WeblgNC2H0ZofB 1azxhTRpZOMcB/y3cHMl4/hgUDlX9t8rHcvyzDDj22cqHGr0wnGMOHi2hFzF2nSb hvWKset5gDmpuOe9yxzQ3g1LZRenEdVZsoDmYz1l3iixiVW0bWc= =ssLt -----END PGP SIGNATURE-----