The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3436 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3436-2                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                       Guilhem Moulin     May 31, 2023                                  https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : sssd     Version        : 1.16.3-3.2+deb10u2

    sssd 1.16.3-3.2+deb10u1 (DLA 3436-1) had a broken upgrade path from     version 1.16.3-3.2.

    One could upgrade sssd-common to 1.16.3-3.2+deb10u1 while leaving     libsss-certmap0 at 1.16.3-3.2; the version mismatch broke SSSD as the     the fix for CVE-2022-4254 introduces new symbols which are used in     sssd-common's sssd_pam.

    For Debian 10 buster, this problem has been fixed in version     1.16.3-3.2+deb10u2.  This version differs from 1.16.3-3.2+deb10u1 only     in package metadata.  (Bumping the minimum version for libsss-certmap0     in sssd-common's Depends: field ensures a safe upgrade path.)

    We recommend that you upgrade your sssd packages.

    For the detailed security status of sssd please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/sssd

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3436 : libipa-hbac-dev - security update

high Nessus Plugin ID 176457

Version 1.1