Re: [SECURITY] [DLA 3436-1] sssd security update
On Mon, May 29, 2023 at 03:43:53PM +0200, Guilhem Moulin wrote:
> Package : sssd
> Version : 1.16.3-3.2+deb10u1
> CVE ID : CVE-2018-16838 CVE-2019-3811 CVE-2021-3621 CVE-2022-4254
> Debian Bug : 919051 931432 992710
This update is broken. libsss-certmap.so.0 was changed in an
incompatible way (new symbols):
| +SSS_CERTMAP_0.2 {
| + global:
| + sss_certmap_expand_mapping_rule;
| +} SSS_CERTMAP_0.1;
But no proper dependency exists to pull in the new library:
| $ apt rdepends libsss-certmap0
| libsss-certmap0
| Reverse Depends:
| Depends: libsss-certmap-dev (= 1.16.3-3.2+deb10u1)
| Depends: sssd-common
This breaks of course with the "smallest step possible" upgrade mode of
unattended-upgrades.
Bastian
--
Where there's no emotion, there's no motive for violence.
-- Spock, "Dagger of the Mind", stardate 2715.1
Reply to: