Fedora 40: FEDORA-2024-2a466c6514 Critical: FreeIPA User Access Breach
fedora
June 27, 2024
Fix CVE-2024-2698 and CVE-2024-3183
Summary
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
Update Information:
Fix CVE-2024-2698 and CVE-2024-3183
Change Log
* Tue Jun 11 2024 Julien Rische
References
[ 1 ] Bug #2291164 - CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2291164
[ 2 ] Bug #2291165 - CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2291165
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2a466c6514' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: freeipa
Product: Fedora 40
Version: 4.12.1
Release: 1.fc40
Summary: The Identity, Policy and Audit system
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!