[Pkg-sssd-devel] Bug#1077731: fix CVE-2023-3758 for Bookworm, please?
Harald Dunkel
harald.dunkel at aixigo.com
Thu Aug 1 09:52:57 BST 2024
Package: sssd
Version: 2.8.2-4
Using libpam_sss I have seen weird login failures on dovecot
(bad password, even though the password was correct, and
"Insufficient credentials to access authentication data"
several times in a row, until it finally succeeds) for sssd
on Bookworm. Since
https://nvd.nist.gov/vuln/detail/CVE-2023-3758
explicitly mentions
A race condition flaw was found in sssd where the
GPO policy is not consistently applied for authen-
ticated users. This may lead to improper authori-
zation issues, granting or denying access to
resources inappropriately.
I wonder if CVE-2023-3758 could be fixed for sssd version
2.8.2 as well? Unfortunately there is not backport of sssd
2.9.x.
Regards
Harri
More information about the Pkg-sssd-devel
mailing list