openSUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: openSUSE-RU-2021:1315-1 Rating: moderate References: #1182058 #1182637 #1184289 #1187120 #1189492 #1190021 ECO-3493 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 5 fixes is now available. Description: This update for sssd fixes the following issues: - Fix a dependency loop by moving internal libraries to sssd-common package. (bsc#1182058) - Moved sssctl command from sssd to sssd-tools package. (bsc#1184289) - Create timestamp attribute in cache objects if missing. (bsc#1182637) - Fix watchdog not terminating tasks. (bsc#1187120) - Improve logs to record the reason why internal watchdog terminates. - Fixed security issue with sssd: shell command injection in sssctl. (CVE-2021-3621, bsc#1189492) - Fixes a segfault with newer libcares2 versions when the library fails to parse a dns name. (bsc#1190021) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1315=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): libipa_hbac-devel-1.16.1-lp152.16.3.1 libipa_hbac0-1.16.1-lp152.16.3.1 libipa_hbac0-debuginfo-1.16.1-lp152.16.3.1 libnfsidmap-sss-1.16.1-lp152.16.3.1 libnfsidmap-sss-debuginfo-1.16.1-lp152.16.3.1 libsss_certmap-devel-1.16.1-lp152.16.3.1 libsss_certmap0-1.16.1-lp152.16.3.1 libsss_certmap0-debuginfo-1.16.1-lp152.16.3.1 libsss_idmap-devel-1.16.1-lp152.16.3.1 libsss_idmap0-1.16.1-lp152.16.3.1 libsss_idmap0-debuginfo-1.16.1-lp152.16.3.1 libsss_nss_idmap-devel-1.16.1-lp152.16.3.1 libsss_nss_idmap0-1.16.1-lp152.16.3.1 libsss_nss_idmap0-debuginfo-1.16.1-lp152.16.3.1 libsss_simpleifp-devel-1.16.1-lp152.16.3.1 libsss_simpleifp0-1.16.1-lp152.16.3.1 libsss_simpleifp0-debuginfo-1.16.1-lp152.16.3.1 python3-ipa_hbac-1.16.1-lp152.16.3.1 python3-ipa_hbac-debuginfo-1.16.1-lp152.16.3.1 python3-sss-murmur-1.16.1-lp152.16.3.1 python3-sss-murmur-debuginfo-1.16.1-lp152.16.3.1 python3-sss_nss_idmap-1.16.1-lp152.16.3.1 python3-sss_nss_idmap-debuginfo-1.16.1-lp152.16.3.1 python3-sssd-config-1.16.1-lp152.16.3.1 python3-sssd-config-debuginfo-1.16.1-lp152.16.3.1 sssd-1.16.1-lp152.16.3.1 sssd-ad-1.16.1-lp152.16.3.1 sssd-ad-debuginfo-1.16.1-lp152.16.3.1 sssd-common-1.16.1-lp152.16.3.1 sssd-common-debuginfo-1.16.1-lp152.16.3.1 sssd-dbus-1.16.1-lp152.16.3.1 sssd-dbus-debuginfo-1.16.1-lp152.16.3.1 sssd-debugsource-1.16.1-lp152.16.3.1 sssd-ipa-1.16.1-lp152.16.3.1 sssd-ipa-debuginfo-1.16.1-lp152.16.3.1 sssd-krb5-1.16.1-lp152.16.3.1 sssd-krb5-common-1.16.1-lp152.16.3.1 sssd-krb5-common-debuginfo-1.16.1-lp152.16.3.1 sssd-krb5-debuginfo-1.16.1-lp152.16.3.1 sssd-ldap-1.16.1-lp152.16.3.1 sssd-ldap-debuginfo-1.16.1-lp152.16.3.1 sssd-proxy-1.16.1-lp152.16.3.1 sssd-proxy-debuginfo-1.16.1-lp152.16.3.1 sssd-tools-1.16.1-lp152.16.3.1 sssd-tools-debuginfo-1.16.1-lp152.16.3.1 sssd-wbclient-1.16.1-lp152.16.3.1 sssd-wbclient-debuginfo-1.16.1-lp152.16.3.1 sssd-wbclient-devel-1.16.1-lp152.16.3.1 sssd-winbind-idmap-1.16.1-lp152.16.3.1 sssd-winbind-idmap-debuginfo-1.16.1-lp152.16.3.1 References: https://www.suse.com/security/cve/CVE-2021-3621.html https://bugzilla.suse.com/1182058 https://bugzilla.suse.com/1182637 https://bugzilla.suse.com/1184289 https://bugzilla.suse.com/1187120 https://bugzilla.suse.com/1189492 https://bugzilla.suse.com/1190021