Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat: RHSA-2013:0528-02 Low: ipa Security Issue Details

red hat
Calendar Grey February 21, 2013
Dist Redhat Esm H88
Fedora publishes updates concerning security vulnerabilities, issue resolutions, and improvements. Installation suggested!
Updated ipa packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

Summary

Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large-scale Linux and UNIX deployments.
It was found that the current default configuration of IPA servers did not publish correct CRLs (Certificate Revocation Lists). The default configuration specifies that every replica is to generate its own CRL; however, this can result in inconsistencies in the CRL contents provided to clients from different Identity Management replicas. More specifically, if a certificate is revoked on one Identity Management replica, it will not show up on another Identity Management replica. (CVE-2012-4546)
These updated ipa packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes.
Users are advised to upgrade to these updated ipa packages, which fix these issues and add these enhancements.

Topics%20covered

Topics Covered

security advisory security issue Red Hat bug fix low severity update recommendation ipa

References

https://access.redhat.com/security/cve/CVE-2012-4546 https://access.redhat.com/security/updates/classification#low https://access.redhat.com/solutions/295843

Package List

Red Hat Enterprise Linux Desktop (v. 6):
Source:
i386: ipa-client-3.0.0-25.el6.i686.rpm ipa-debuginfo-3.0.0-25.el6.i686.rpm ipa-python-3.0.0-25.el6.i686.rpm
x86_64: ipa-client-3.0.0-25.el6.x86_64.rpm ipa-debuginfo-3.0.0-25.el6.x86_64.rpm ipa-python-3.0.0-25.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
i386: ipa-admintools-3.0.0-25.el6.i686.rpm ipa-debuginfo-3.0.0-25.el6.i686.rpm ipa-server-3.0.0-25.el6.i686.rpm ipa-server-selinux-3.0.0-25.el6.i686.rpm ipa-server-trust-ad-3.0.0-25.el6.i686.rpm
x86_64: ipa-admintools-3.0.0-25.el6.x86_64.rpm ipa-debuginfo-3.0.0-25.el6.x86_64.rpm ipa-server-3.0.0-25.el6.x86_64.rpm ipa-server-selinux-3.0.0-25.el6.x86_64.rpm ipa-server-trust-ad-3.0.0-25.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
x86_64: ipa-client-3.0.0-25.el6.x86_64.rpm ipa-debuginfo-3.0.0-25.el6.x86_64.rpm ipa-python-3.0.0-25.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
x86_64: ipa-admintools-3.0.0-25.el6.x86_64.rpm ipa-debuginfo-3.0.0-25.el6.x86_64.rpm ipa-server-3.0.0-25.el6.x86_64.rpm ipa-server-selinux-3.0.0-25.el6.x86_64.rpm ipa-server-trust-ad-3.0.0-25.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
i386: ipa-admintools-3.0.0-25.el6.i686.rpm ipa-client-3.0.0-25.el6.i686.rpm

Read the Full Advisory


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2013:0528-02
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2013:0528.html
Issue date: 2013-02-21

Topic

Updated ipa packages that fix one security issue, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available from the CVE link inthe References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat bug fix low severity update recommendation ipa

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64

Red Hat Enterprise Linux HPC Node (v. 6) - x86_64

Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64

Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

Bugs Fixed

748987 - If master has leftover replica agreement from a previous failed attempt, next replica install can fail

766095 - [RFE] UI for SELinux user mapping

767723 - [RFE] Implement ipa web GUI to create trusts

768510 - migrate-ds : misleading error message when invalid objectclass defined

773490 - dns discovery domain needs to be added to sssd.conf

781208 - ipa user-find --manager does not find matches

782847 - ipa permission-mod prompts for all parameters782981 - [RFE] Form based auth page needs to support password changes too

783274 - [RFE] Create NIS map for ethers table

784378 - Run CLEANRUV task when completely deleting a replica

784621 - [ipa webui] Reset password link is enabled for a user without permission to change it

785251 - ipa permisison-find --name brings back all permissions

785254 - ipa permission-find --subtree brings back all permissions

785257 - ipa permission-find --sizelimit is disregarded

786199 - [RFE] CLI session support (Store session cookie in ccache for cli users)

796390 - ipa netgroup-add with both --desc and --addattr=description returns internal error

798355 - Fill DNS update policy by default

798363 - [RFE] add in UI of "create password policy" measurement unit examples

798365 - defect: add in UI of "policy" -> "kerberos ticket policy" measurement unit examples

798493 - adding reverse zones in gui fails to create correct zone

801931 - [RFE] Expand current 'update dns entries' permission to be per-domain level?

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here