Oracle Linux 6277 Published by

A sssd security update has been released for Oracle Linux 8.



El-errata: ELSA-2021-3151 Important: Oracle Linux 8 sssd security update


Oracle Linux Security Advisory ELSA-2021-3151

  http://linux.oracle.com/errata/ELSA-2021-3151.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libipa_hbac-2.4.0-9.0.1.el8_4.2.i686.rpm
libipa_hbac-2.4.0-9.0.1.el8_4.2.x86_64.rpm
libsss_autofs-2.4.0-9.0.1.el8_4.2.x86_64.rpm
libsss_certmap-2.4.0-9.0.1.el8_4.2.i686.rpm
libsss_certmap-2.4.0-9.0.1.el8_4.2.x86_64.rpm
libsss_idmap-2.4.0-9.0.1.el8_4.2.i686.rpm
libsss_idmap-2.4.0-9.0.1.el8_4.2.x86_64.rpm
libsss_nss_idmap-2.4.0-9.0.1.el8_4.2.i686.rpm
libsss_nss_idmap-2.4.0-9.0.1.el8_4.2.x86_64.rpm
libsss_simpleifp-2.4.0-9.0.1.el8_4.2.i686.rpm
libsss_simpleifp-2.4.0-9.0.1.el8_4.2.x86_64.rpm
libsss_sudo-2.4.0-9.0.1.el8_4.2.x86_64.rpm
python3-libipa_hbac-2.4.0-9.0.1.el8_4.2.x86_64.rpm
python3-libsss_nss_idmap-2.4.0-9.0.1.el8_4.2.x86_64.rpm
python3-sss-2.4.0-9.0.1.el8_4.2.x86_64.rpm
python3-sss-murmur-2.4.0-9.0.1.el8_4.2.x86_64.rpm
python3-sssdconfig-2.4.0-9.0.1.el8_4.2.noarch.rpm
sssd-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-ad-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-client-2.4.0-9.0.1.el8_4.2.i686.rpm
sssd-client-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-common-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-common-pac-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-dbus-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-ipa-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-kcm-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-krb5-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-krb5-common-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-ldap-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-libwbclient-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-nfs-idmap-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-polkit-rules-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-proxy-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-tools-2.4.0-9.0.1.el8_4.2.x86_64.rpm
sssd-winbind-idmap-2.4.0-9.0.1.el8_4.2.x86_64.rpm
libsss_nss_idmap-devel-2.4.0-9.0.1.el8_4.2.i686.rpm
libsss_nss_idmap-devel-2.4.0-9.0.1.el8_4.2.x86_64.rpm

aarch64:
libipa_hbac-2.4.0-9.0.1.el8_4.2.aarch64.rpm
libsss_autofs-2.4.0-9.0.1.el8_4.2.aarch64.rpm
libsss_certmap-2.4.0-9.0.1.el8_4.2.aarch64.rpm
libsss_idmap-2.4.0-9.0.1.el8_4.2.aarch64.rpm
libsss_nss_idmap-2.4.0-9.0.1.el8_4.2.aarch64.rpm
libsss_simpleifp-2.4.0-9.0.1.el8_4.2.aarch64.rpm
libsss_sudo-2.4.0-9.0.1.el8_4.2.aarch64.rpm
python3-libipa_hbac-2.4.0-9.0.1.el8_4.2.aarch64.rpm
python3-libsss_nss_idmap-2.4.0-9.0.1.el8_4.2.aarch64.rpm
python3-sss-2.4.0-9.0.1.el8_4.2.aarch64.rpm
python3-sss-murmur-2.4.0-9.0.1.el8_4.2.aarch64.rpm
python3-sssdconfig-2.4.0-9.0.1.el8_4.2.noarch.rpm
sssd-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-ad-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-client-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-common-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-common-pac-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-dbus-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-ipa-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-kcm-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-krb5-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-krb5-common-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-ldap-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-libwbclient-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-nfs-idmap-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-polkit-rules-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-proxy-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-tools-2.4.0-9.0.1.el8_4.2.aarch64.rpm
sssd-winbind-idmap-2.4.0-9.0.1.el8_4.2.aarch64.rpm
libsss_nss_idmap-devel-2.4.0-9.0.1.el8_4.2.aarch64.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/sssd-2.4.0-9.0.1.el8_4.2.src.rpm

Related CVEs:

CVE-2021-3621



Description of changes:

[2.4.0-9.0.1]
- Restore default debug level for sss_cache [Orabug: 32810448]
- Restore default debug level for shadow-utils tools [Orabug: 32810448]
- Revert Redhat's change of disallowing duplicated incomplete gid
when "id_provider=ldap" is used, which caused regression in AD
environment. [Orabug: 29286774] [Doc ID 2605732.1]

[2.4.0-9.2]
- Resolves: rhbz#1985456 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8.4.0.z]