Package "sssd-ldap"

Name: sssd-ldap


System Security Services Daemon -- LDAP back end

Latest version: 2.4.0-1ubuntu6.1
Release: hirsute (21.04)
Level: security
Repository: main
Head package: sssd
Homepage: https://github.com/SSSD/sssd


Download "sssd-ldap"

Other versions of "sssd-ldap" in Hirsute

Repository Area Version
base main 2.4.0-1ubuntu6
updates main 2.4.0-1ubuntu6.1


Version: 2.4.0-1ubuntu6.1 2021-09-08 13:07:00 UTC

  sssd (2.4.0-1ubuntu6.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: shell command injection in sssctl comment
    - debian/patches/CVE-2021-3621.patch: replace system() with execvp() to
      avoid execution of user supplied command in
      src/tools/sssctl/sssctl.c, src/tools/sssctl/sssctl.h,
      src/tools/sssctl/sssctl_data.c, src/tools/sssctl/sssctl_logs.c.
    - CVE-2021-3621

 -- Marc Deslauriers <email address hidden> Wed, 18 Aug 2021 08:15:26 -0400

CVE-2021-3621 shell command injection in sssctl

About   -   Send Feedback to @ubuntu_updates