Information on source package sssd

Available versions

ReleaseVersion
jessie1.11.7-3+deb8u2
stretch1.15.0-3+deb9u2
buster1.16.3-3.2+deb10u2
bullseye2.4.1-2
bookworm2.8.2-4
sid2.9.5-5

Open issues

BugjessiestretchbusterbullseyebookwormsidDescription
CVE-2023-3758vulnerable (no DSA, postponed)vulnerablevulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedA race condition flaw was found in sssd where the GPO policy is not co ...
CVE-2021-3621fixedfixedfixedvulnerable (no DSA)fixedfixedA flaw was found in SSSD, where the sssctl command was vulnerable to s ...
CVE-2019-3811fixedvulnerable (no DSA)fixedfixedfixedfixedA vulnerability was found in sssd. If a user was configured with no ho ...
CVE-2018-16883fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedsssd versions from 1.13.0 to before 2.0.0 did not properly restrict ac ...
CVE-2018-16838fixedvulnerable (no DSA)fixedfixedfixedfixedA flaw was found in sssd Group Policy Objects implementation. When the ...
CVE-2018-10852fixedvulnerable (no DSA)fixedfixedfixedfixedThe UNIX pipe which sudo uses to contact SSSD and read the available s ...
CVE-2015-5292vulnerable (no DSA)fixedfixedfixedfixedfixedMemory leak in the Privilege Attribute Certificate (PAC) responder plu ...

Resolved issues

BugDescription
CVE-2022-4254sssd: libsss_certmap fails to sanitise certificate data used in LDAP f ...
CVE-2017-12173It was found that sssd's sysdb_search_user_by_upn_res() function befor ...
CVE-2014-0249The System Security Services Daemon (SSSD) 1.11.6 does not properly id ...
CVE-2013-0287The Simple Access Provider in System Security Services Daemon (SSSD) 1 ...
CVE-2013-0220The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomnt ...
CVE-2013-0219System Security Services Daemon (SSSD) before 1.9.4, when (1) creating ...
CVE-2012-3462A flaw was found in SSSD version 1.9.0. The SSSD's access-provider log ...
CVE-2011-1758The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in Sy ...
CVE-2010-4341The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in ...
CVE-2010-2940The auth_send function in providers/ldap/ldap_auth.c in System Securit ...
CVE-2010-0014System Security Services Daemon (SSSD) before 1.0.1, when the krb5 aut ...
CVE-2009-2410The local_handler_callback function in server/responder/pam/pam_LOCAL_ ...

Security announcements

DSA / DLADescription
DLA-3436-2sssd - regression update
DLA-3436-1sssd - security update
DLA-2758-1sssd - security update
DLA-1635-1sssd - security update
DLA-1429-1sssd - security update

Search for package or bug name: Reporting problems