StackPatch is liveSee product

Back to CVE digest
CVE-2026-6245 · cross-distro fix matrix

CVE-2026-6245: It was discovered that SSSD did not properly handle raw bytes in the PAM

Affects 2 Linux releases across 50 (distro × package) combinations. First disclosed: 2026-06-01.

Fix per ecosystem

Each block below is a distro release where CVE-2026-6245 has a known fix. Run the listed command on that distro to remediate.

Ubuntu noble

Source: Ubuntu USN

  • sssd→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd
  • libipa-hbac-dev→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y libipa-hbac-dev
  • libipa-hbac0t64→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y libipa-hbac0t64
  • libnss-sss→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y libnss-sss
  • libpam-sss→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y libpam-sss
  • libsss-certmap-dev→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-certmap-dev
  • libsss-certmap0→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-certmap0
  • libsss-idmap-dev→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-idmap-dev
  • libsss-idmap0→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-idmap0
  • libsss-nss-idmap-dev→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-nss-idmap-dev
  • libsss-nss-idmap0→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-nss-idmap0
  • libsss-sudo→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-sudo
  • python3-libipa-hbac→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y python3-libipa-hbac
  • python3-libsss-nss-idmap→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y python3-libsss-nss-idmap
  • python3-sss→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y python3-sss
  • sssd-ad→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-ad
  • sssd-ad-common→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-ad-common
  • sssd-common→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-common
  • sssd-dbus→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-dbus
  • sssd-idp→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-idp
  • sssd-ipa→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-ipa
  • sssd-kcm→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-kcm
  • sssd-krb5→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-krb5
  • sssd-krb5-common→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-krb5-common
  • sssd-ldap→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-ldap
  • sssd-passkey→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-passkey
  • sssd-proxy→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-proxy
  • sssd-tools→ fixed in2.9.4-1.1ubuntu6.5USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-tools

Ubuntu questing

Source: Ubuntu USN

  • sssd→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y sssd
  • libipa-hbac-dev→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y libipa-hbac-dev
  • libipa-hbac0t64→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y libipa-hbac0t64
  • libnss-sss→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y libnss-sss
  • libpam-sss→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y libpam-sss
  • libsss-certmap-dev→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-certmap-dev
  • libsss-certmap0→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-certmap0
  • libsss-idmap-dev→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-idmap-dev
  • libsss-idmap0→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-idmap0
  • libsss-nss-idmap-dev→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-nss-idmap-dev
  • libsss-nss-idmap0→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-nss-idmap0
  • libsss-sudo→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y libsss-sudo
  • python3-libipa-hbac→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y python3-libipa-hbac
  • python3-libsss-nss-idmap→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y python3-libsss-nss-idmap
  • python3-sss→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y python3-sss
  • sssd-ad→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-ad
  • sssd-ad-common→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-ad-common
  • sssd-common→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-common
  • sssd-dbus→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-dbus
  • sssd-idp→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-idp
  • sssd-ipa→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-ipa
  • sssd-kcm→ fixed in2.10.1-2ubuntu5.2USN-8355-1
    sudo apt-get install --only-upgrade -y sssd-kcm
Are YOU affected by CVE-2026-6245?

5-second check on your actual server. Reads /etc/os-release, uname -r, and the distro's package manager; matches against this same cross-source index live.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan View on NVD
Continuous monitoring beats manual checking

CVE-2026-6245dropped silently in your distro's update channel. Every new CVE is the same story. StackPatch runs the matcher hourly against all 5 sources and emails the exact remediation when something new applies to one of your servers. $99 lifetime, 50 founder seats, 30-day refund.

See StackPatch ($99 lifetime)