RedHat: RHSA-2020-0378:01 Important: ipa security and bug fix update

    Date 04 Feb 2020
    687
    Posted By LinuxSecurity Advisories
    An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: ipa security and bug fix update
    Advisory ID:       RHSA-2020:0378-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0378
    Issue date:        2020-02-04
    CVE Names:         CVE-2019-10195 CVE-2019-14867 
    =====================================================================
    
    1. Summary:
    
    An update for ipa is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
    Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
    Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
    Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
    Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
    Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
    
    3. Description:
    
    Red Hat Identity Management (IdM) is a centralized authentication, identity
    management, and authorization solution for both traditional and cloud-based
    enterprise environments.
    
    Security Fix(es):
    
    * ipa: Denial of service in IPA server due to wrong use of ber_scanf()
    (CVE-2019-14867)
    
    * ipa: Batch API logging user passwords to /var/log/httpd/error_log
    (CVE-2019-10195)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    * Issue with adding multiple RHEL 7 IPA replica to RHEL 6 IPA master
    (BZ#1770728)
    
    * User incorrectly added to negative cache when backend is reconnecting to
    IPA service / timed out: error code 32 'No such object' (BZ#1773953)
    
    * After upgrade AD Trust Agents were removed from LDAP (BZ#1781153)
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1726223 - CVE-2019-10195 ipa: Batch API logging user passwords to /var/log/httpd/error_log
    1766920 - CVE-2019-14867 ipa: Denial of service in IPA server due to wrong use of ber_scanf()
    1770728 - Issue with adding multiple RHEL 7 IPA replica to RHEL 6 IPA master [rhel-7.7.z]
    1781153 - After upgrade AD Trust Agents were removed from LDAP [rhel-7.7.z]
    
    6. Package List:
    
    Red Hat Enterprise Linux Client (v. 7):
    
    Source:
    ipa-4.6.5-11.el7_7.4.src.rpm
    
    noarch:
    ipa-client-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-python-compat-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipaclient-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipalib-4.6.5-11.el7_7.4.noarch.rpm
    
    x86_64:
    ipa-client-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-debuginfo-4.6.5-11.el7_7.4.x86_64.rpm
    
    Red Hat Enterprise Linux Client Optional (v. 7):
    
    noarch:
    ipa-server-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-server-dns-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipaserver-4.6.5-11.el7_7.4.noarch.rpm
    
    x86_64:
    ipa-debuginfo-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-server-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-server-trust-ad-4.6.5-11.el7_7.4.x86_64.rpm
    
    Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    ipa-4.6.5-11.el7_7.4.src.rpm
    
    noarch:
    ipa-client-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-python-compat-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipaclient-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipalib-4.6.5-11.el7_7.4.noarch.rpm
    
    x86_64:
    ipa-client-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-debuginfo-4.6.5-11.el7_7.4.x86_64.rpm
    
    Red Hat Enterprise Linux ComputeNode Optional (v. 7):
    
    noarch:
    ipa-server-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-server-dns-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipaserver-4.6.5-11.el7_7.4.noarch.rpm
    
    x86_64:
    ipa-debuginfo-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-server-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-server-trust-ad-4.6.5-11.el7_7.4.x86_64.rpm
    
    Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    ipa-4.6.5-11.el7_7.4.src.rpm
    
    noarch:
    ipa-client-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-python-compat-4.6.5-11.el7_7.4.noarch.rpm
    ipa-server-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-server-dns-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipaclient-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipalib-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipaserver-4.6.5-11.el7_7.4.noarch.rpm
    
    ppc64:
    ipa-client-4.6.5-11.el7_7.4.ppc64.rpm
    ipa-debuginfo-4.6.5-11.el7_7.4.ppc64.rpm
    
    ppc64le:
    ipa-client-4.6.5-11.el7_7.4.ppc64le.rpm
    ipa-debuginfo-4.6.5-11.el7_7.4.ppc64le.rpm
    
    s390x:
    ipa-client-4.6.5-11.el7_7.4.s390x.rpm
    ipa-debuginfo-4.6.5-11.el7_7.4.s390x.rpm
    
    x86_64:
    ipa-client-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-debuginfo-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-server-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-server-trust-ad-4.6.5-11.el7_7.4.x86_64.rpm
    
    Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    ipa-4.6.5-11.el7_7.4.src.rpm
    
    noarch:
    ipa-client-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-python-compat-4.6.5-11.el7_7.4.noarch.rpm
    ipa-server-common-4.6.5-11.el7_7.4.noarch.rpm
    ipa-server-dns-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipaclient-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipalib-4.6.5-11.el7_7.4.noarch.rpm
    python2-ipaserver-4.6.5-11.el7_7.4.noarch.rpm
    
    x86_64:
    ipa-client-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-debuginfo-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-server-4.6.5-11.el7_7.4.x86_64.rpm
    ipa-server-trust-ad-4.6.5-11.el7_7.4.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-10195
    https://access.redhat.com/security/cve/CVE-2019-14867
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXjnHDNzjgjWX9erEAQgeVxAAojFwYkPi3Q7HG0GFlMAv/3VUpc0LLCtx
    gx0LgaSAMbhwRoQ6VU2Fkjy5Hz1ZokYlNuSxX/YW/gGi6v6UNhk29KSs+4AqSazr
    JnpUNDnEIyeGu9ypElvHBTgcflXd4Ol2LPv+xsFMtbP7UvGQMnJpmBHmxYidcWT+
    kTdn+fBa3bZ7rbdl3F9OFVZcSgiaIS9WjQmgA4z6i9mu9dlftBcf3EBtzRd+/YMm
    nyi7WGI0ANhU7lkZOJO5+CE8MnWw6dJNJphm4xp5KQB7MbBAHDx9UJSaLrFaPDJc
    lcaeVMoFNkTLryMkBZsndme2rAsKThWd3j/Q9B4m8rdXSgRX67hzKKwa5VtvF5Ab
    rcmklB8xlgDTDvHLYgzEWGUz1T50jOK8fTXIqY/F/wB8xm8XnS6sb4+dsQuhe6nG
    kqWrzpBTEhJ7NpNXB73fm0wRORkmfmbWlcflhTack+o9fTlhZ4Z++7aIFyTYWHCl
    0B7HvvtFq+2BB9sxdwFxIfr3JNwe07kPGiYNvtszw7NWLB8H01pwSQ+4LQVtm0NZ
    i9gUSZCiq09yvqJ4HitlpR6mKxI3pS6gHpx0r8gqLIv60RT1AeGKBWkjcsRaCi6m
    hk89WEpuknNMV7saIudqBE/Xm5UGJyc9t4SnmkPeGUX3wtCaH42b85KeWzQKDlRs
    yWEaCuNO9kU=
    =Eboc
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    How do you feel about the elimination of the terms 'blacklist' and 'slave' from the Linux kernel?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/32-how-do-you-feel-about-the-elimination-of-the-terms-blacklist-and-slave-from-the-linux-kernel?task=poll.vote&format=json
    32
    radio
    [{"id":"112","title":"I strongly support this change - racially charged language should not be used in the code and documentation of the kernel and other open-source projects.","votes":"3","type":"x","order":"1","pct":42.86,"resources":[]},{"id":"113","title":"I'm indifferent - this small change will not affect broader issues of racial insensitivity and white privilege.","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"114","title":"I'm opposed to this change - there is no need to change language that has been used for years. It doesn't make sense for people to take offense to terminology used in community projects.","votes":"2","type":"x","order":"3","pct":28.57,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.