CVE-2023-3758

Publication date 18 April 2024

Last updated 24 July 2024

Ubuntu priority

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sssd	24.10 oracular	Fixed 2.9.4-1.1ubuntu7
	24.04 LTS noble	Fixed 2.9.4-1.1ubuntu6.1
	23.10 mantic	Fixed 2.9.1-2ubuntu2.1
	22.04 LTS jammy	Fixed 2.6.3-1ubuntu3.3
	20.04 LTS focal	Fixed 2.2.3-3ubuntu0.13
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
sssd	Upstream: d7db797 Upstream: e1bfbc2 Upstream: f4ebe14

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-6836-1
SSSD vulnerability
17 June 2024

Other references

https://www.cve.org/CVERecord?id=CVE-2023-3758
https://github.com/SSSD/sssd/pull/7302
https://access.redhat.com/errata/RHSA-2024:1919
https://access.redhat.com/errata/RHSA-2024:1920
https://access.redhat.com/errata/RHSA-2024:1921
https://access.redhat.com/errata/RHSA-2024:1922
https://access.redhat.com/security/cve/CVE-2023-3758