Advisories » MGASA-2024-0176

Updated sssd packages fix security vulnerability

Publication date: 15 May 2024
Modification date: 15 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-3758

Description

A race condition flaw was found in sssd where the GPO policy is not
consistently applied for authenticated users. This may lead to improper
authorization issues, granting or denying access to resources
inappropriately. (CVE-2023-3758)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33203
• https://lwn.net/Articles/973070/
• https://lists.suse.com/pipermail/sle-updates/2024-May/035216.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3758

SRPMS

9/core

• sssd-2.8.2-2.1.mga9