Ubuntu alert USN-8355-1 (sssd)
| From: | noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8355-1] SSSD vulnerability | |
| Date: | Mon, 01 Jun 2026 18:06:47 +0000 | |
| Message-ID: | <E1wU72F-0000O0-7W@lists.ubuntu.com> | |
| Cc: | noreply+usn-bot@canonical.com |
========================================================================== Ubuntu Security Notice USN-8355-1 June 01, 2026 sssd vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: SSSD could be made to crash if it received specially crafted input. Software Description: - sssd: System Security Services Daemon Details: It was discovered that SSSD did not properly handle raw bytes in the PAM passkey responder. A local attacker could possibly use this issue to cause the SSSD PAM responder to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS sssd 2.12.0-1ubuntu5.1 Ubuntu 25.10 sssd 2.10.1-2ubuntu5.2 Ubuntu 24.04 LTS sssd 2.9.4-1.1ubuntu6.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8355-1 CVE-2026-6245 Package Information: https://launchpad.net/ubuntu/+source/sssd/2.12.0-1ubuntu5.1 https://launchpad.net/ubuntu/+source/sssd/2.10.1-2ubuntu5.2 https://launchpad.net/ubuntu/+source/sssd/2.9.4-1.1ubuntu6.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmodx6UACgkQcpJm3tlz hgHbfg//XXFqqc9SUDSRvHBo5PgwifL+nbrN/4lD56lG8YgKKFS1yG5v9gGp1k8v 2j9TWmZO0DkK+GTCjwtFu1dH/9Zeq3V7qLVSquT7NtlTOnE4fpiqCwteLaYVH01n nsXX4HPld2mrxt3J7lrF9J0f9M5mkCKsAKxCwcRF2OtMO436WewWC948/bwiw9wD GClV3NaopYeLaoe02P+y49aDzADmzmxs0Bs3NOr0i7JKztZ9VM+9vXPH/j4SPQWf 12tRbOpJmmkittw3nB2Ayd88kOQppZGp7kuYu+2YruathWaltUPV7nC12ffsgD9Q KnB8Ihv7rOg+yhsLZa0K+iBRyzEeGKinuWMw2lJ3iYVBGRC4c/mt1pWma7Vca1iQ QHptWf/KEetN9y6369hm2JVWppE/4497GiefJJ1iBj43g/v/UcA/gnM3Y3ip6wg/ nF+JlcShS4899i3fhD7lfzEJsGmUc50MBHMOfZJZ95Y/aVU5QslgSRdLRc+fUxbY JHGsuKN0OTbkfLFQCiYMDE7JdQxzfKJ9yBO6jYU5zvdSNxhhwQRuSjxBV9mHRVeW cqSRaWU6FyEUoZoMfnTblvALMzQXdNM2eOVUIU66T3BZg4RnGd0WEE4YKR2hIEq+ ON4+wrTJQ/itowp5zAPqLo/GpfcZ0TIybk17kaPO61SlTmoi4hY= =Tlg6 -----END PGP SIGNATURE-----