Source: sssd Version: 2.12.0-4 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for sssd. CVE-2026-14474[0]: | A flaw was found in SSSD's LDAP sudo provider. When the | ldap_sudo_search_base option is not explicitly configured, SSSD | searches the entire LDAP directory tree for sudoRole objects. An | authenticated attacker with write access to any subtree can inject a | sudoRole object granting root-level sudo privileges on all SSSD- | enrolled hosts. CVE-2026-14476[1]: | A path traversal flaw was found in SSSD's AD GPO provider. The | ad_gpo_extract_smb_components() function does not sanitize .. | sequences in the gPCFileSysPath LDAP attribute, allowing an attacker | with AD GPO management access to write files outside the GPO cache | directory as root. On default RHEL configurations with SELinux | enforcing, this can be used to inject Kerberos configuration leading | to authentication bypass. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-14474 https://www.cve.org/CVERecord?id=CVE-2026-14474 [1] https://security-tracker.debian.org/tracker/CVE-2026-14476 https://www.cve.org/CVERecord?id=CVE-2026-14476 Please adjust the affected versions in the BTS as needed. Regards, Salvatore

