{"id":"ALSA-2024:2571","summary":"Moderate: sssd security and bug fix update","details":"The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.\n\nSecurity Fix(es):\n\n* sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758)\n\nBug Fix(es):\n\n* socket leak (JIRA:AlmaLinux-22340)\n* Passkey cannot fall back to password (JIRA:AlmaLinux-28161)\n* sssd: Race condition during authorization leads to GPO policies functioning inconsistently (JIRA:AlmaLinux-27209)","modified":"2026-02-04T02:13:05.206835Z","published":"2024-04-30T00:00:00Z","related":["CVE-2023-3758"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2571"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-3758"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2223762"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2024-2571.html"}],"affected":[{"package":{"name":"libipa_hbac","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libipa_hbac"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"libsss_autofs","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libsss_autofs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"libsss_certmap","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libsss_certmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"libsss_idmap","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libsss_idmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"libsss_nss_idmap","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libsss_nss_idmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"libsss_nss_idmap-devel","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libsss_nss_idmap-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"libsss_simpleifp","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libsss_simpleifp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"libsss_sudo","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/libsss_sudo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"python3-libipa_hbac","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3-libipa_hbac"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"python3-libsss_nss_idmap","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3-libsss_nss_idmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"python3-sss","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3-sss"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"python3-sss-murmur","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3-sss-murmur"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"python3-sssdconfig","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3-sssdconfig"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-ad","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-ad"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-client","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-client"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-common","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-common-pac","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-common-pac"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-dbus","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-dbus"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-idp","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-idp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-ipa","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-ipa"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-kcm","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-kcm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-krb5","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-krb5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-krb5-common","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-krb5-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-ldap","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-ldap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-nfs-idmap","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-nfs-idmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-passkey","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-passkey"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-polkit-rules","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-polkit-rules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-proxy","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-proxy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-tools","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}},{"package":{"name":"sssd-winbind-idmap","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/sssd-winbind-idmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.el9_4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:2571.json"}}],"schema_version":"1.7.3"}