{"id":"USN-6156-2","summary":"sssd regression","details":"USN-6156-1 fixed a vulnerability in SSSD. In certain environments, not all\npackages ended up being upgraded at the same time, resulting in\nauthentication failures when the PAM module was being used.\n\nThis update fixes the problem. We apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that SSSD incorrrectly sanitized certificate data used in\n LDAP filters. When using this issue in combination with FreeIPA, a remote\n attacker could possibly use this issue to escalate privileges.\n","modified":"2026-04-22T10:35:55.702978Z","published":"2023-06-16T11:39:50Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6156-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/2023598"}],"affected":[{"package":{"name":"sssd","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/sssd@2.2.3-3ubuntu0.12?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.3-3ubuntu0.12"}]}],"versions":["2.2.0-4ubuntu1","2.2.2-1","2.2.2-1ubuntu1","2.2.3-1.1ubuntu1","2.2.3-2","2.2.3-3","2.2.3-3ubuntu0.1","2.2.3-3ubuntu0.2","2.2.3-3ubuntu0.3","2.2.3-3ubuntu0.4","2.2.3-3ubuntu0.6","2.2.3-3ubuntu0.7","2.2.3-3ubuntu0.8","2.2.3-3ubuntu0.9","2.2.3-3ubuntu0.10","2.2.3-3ubuntu0.11"],"ecosystem_specific":{"binaries":[{"binary_name":"libipa-hbac0","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"libnss-sss","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"libpam-sss","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"libsss-certmap0","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"libsss-idmap0","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"libsss-nss-idmap0","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"libsss-simpleifp0","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"libsss-sudo","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"libwbclient-sssd","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"python3-libipa-hbac","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"python3-libsss-nss-idmap","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"python3-sss","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd-ad","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd-ad-common","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd-common","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd-dbus","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd-ipa","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd-kcm","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd-krb5","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd-krb5-common","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd-ldap","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd-proxy","binary_version":"2.2.3-3ubuntu0.12"},{"binary_name":"sssd-tools","binary_version":"2.2.3-3ubuntu0.12"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6156-2.json"}}],"schema_version":"1.7.5"}