Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
219
security advisoryimportantidentity managementRocky Linux 9 RLSA-2024:3754 Important: ipa Authentication Fix
Important: ipa security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:3754", "synopsis": "Important: ipa security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for ipa.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.\n\nSecurity Fix(es):\n\n* freeipa: delegation rules allow a proxy service to impersonate any user to access another target service (CVE-2024-2698)\n\n* freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force (CVE-2024-3183)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2270353", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2270353", "description": ""}, {"ticket": "2270685", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2270685", "description": ""}], "cves": [{"name": "CVE-2024-2698", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-2698", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-3183", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-3183", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-06-14T14:00:35.848917Z", "rpms": {"Rocky Linux 9": {"nvras": ["ipa-0:4.11.0-15.el9_4.src.rpm", "ipa-client-0:4.11.0-15.el9_4.aarch64.rpm","ipa-client-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-client-common-0:4.11.0-15.el9_4.noarch.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-common-0:4.11.0-15.el9_4.noarch.rpm", "ipa-selinux-0:4.11.0-15.el9_4.noarch.rpm", "ipa-server-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-server-common-0:4.11.0-15.el9_4.noarch.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-server-dns-0:4.11.0-15.el9_4.noarch.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.x86_64.rpm", "python3-ipaclient-0:4.11.0-15.el9_4.noarch.rpm", "python3-ipalib-0:4.11.0-15.el9_4.noarch.rpm", "python3-ipaserver-0:4.11.0-15.el9_4.noarch.rpm", "python3-ipatests-0:4.11.0-15.el9_4.noarch.rpm"]}}, "rebootSuggested": false,"buildReferences": []}. The latest ipa patch from Rocky Linux tackles security flaws affecting identity verification and user access.. Rocky Linux Security Update, ipa Vulnerability Fix, Identity Management Improvements. . Severity: Important. LinuxSecurity.com Team
Jun 14, 2024
•Important
Rocky Linux
217
security advisorysecurity issuemoderate severityOracle Linux 9 ELSA-2024-0141 Moderate: CSRF Security Fix for IPA
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-0141 https://linux.oracle.com/errata/ELSA-2024-0141.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: ipa-client-4.10.2-5.0.1.el9_3.x86_64.rpm ipa-client-common-4.10.2-5.0.1.el9_3.noarch.rpm ipa-client-epn-4.10.2-5.0.1.el9_3.x86_64.rpm ipa-client-samba-4.10.2-5.0.1.el9_3.x86_64.rpm ipa-common-4.10.2-5.0.1.el9_3.noarch.rpm ipa-selinux-4.10.2-5.0.1.el9_3.noarch.rpm ipa-server-4.10.2-5.0.1.el9_3.x86_64.rpm ipa-server-common-4.10.2-5.0.1.el9_3.noarch.rpm ipa-server-dns-4.10.2-5.0.1.el9_3.noarch.rpm ipa-server-trust-ad-4.10.2-5.0.1.el9_3.x86_64.rpm python3-ipaclient-4.10.2-5.0.1.el9_3.noarch.rpm python3-ipalib-4.10.2-5.0.1.el9_3.noarch.rpm python3-ipaserver-4.10.2-5.0.1.el9_3.noarch.rpm python3-ipatests-4.10.2-5.0.1.el9_3.noarch.rpm aarch64: ipa-client-4.10.2-5.0.1.el9_3.aarch64.rpm ipa-client-common-4.10.2-5.0.1.el9_3.noarch.rpm ipa-client-epn-4.10.2-5.0.1.el9_3.aarch64.rpm ipa-client-samba-4.10.2-5.0.1.el9_3.aarch64.rpm ipa-common-4.10.2-5.0.1.el9_3.noarch.rpm ipa-selinux-4.10.2-5.0.1.el9_3.noarch.rpm ipa-server-4.10.2-5.0.1.el9_3.aarch64.rpm ipa-server-common-4.10.2-5.0.1.el9_3.noarch.rpm ipa-server-dns-4.10.2-5.0.1.el9_3.noarch.rpm ipa-server-trust-ad-4.10.2-5.0.1.el9_3.aarch64.rpm python3-ipaclient-4.10.2-5.0.1.el9_3.noarch.rpm python3-ipalib-4.10.2-5.0.1.el9_3.noarch.rpm python3-ipaserver-4.10.2-5.0.1.el9_3.noarch.rpm python3-ipatests-4.10.2-5.0.1.el9_3.noarch.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//ipa-4.10.2-5.0.1.el9_3.src.rpm Related CVEs: CVE-2023-5455 Description of changes: [4.10.2-5.0.1] - Resolves: 2242828 Invalid CSRF protection (CVE-2023-5455) _______________________________________________ El-errata mailing list
Jan 13, 2024
Oracle
217
security advisorynetwork securitysecurity fixOracle Linux 7 ELSA-2024-0145 moderate: ipa security patch
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-0145 https://linux.oracle.com/errata/ELSA-2024-0145.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: ipa-client-4.6.8-5.0.1.el7_9.16.aarch64.rpm ipa-client-common-4.6.8-5.0.1.el7_9.16.noarch.rpm ipa-common-4.6.8-5.0.1.el7_9.16.noarch.rpm ipa-python-compat-4.6.8-5.0.1.el7_9.16.noarch.rpm ipa-server-4.6.8-5.0.1.el7_9.16.aarch64.rpm ipa-server-common-4.6.8-5.0.1.el7_9.16.noarch.rpm ipa-server-dns-4.6.8-5.0.1.el7_9.16.noarch.rpm ipa-server-trust-ad-4.6.8-5.0.1.el7_9.16.aarch64.rpm python2-ipaclient-4.6.8-5.0.1.el7_9.16.noarch.rpm python2-ipalib-4.6.8-5.0.1.el7_9.16.noarch.rpm python2-ipaserver-4.6.8-5.0.1.el7_9.16.noarch.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates//ipa-4.6.8-5.0.1.el7_9.16.src.rpm Related CVEs: CVE-2023-5455 Description of changes: [4.6.8-5.0.1] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7_9.16] - Resolves: RHEL-12570 ipa: Invalid CSRF protection _______________________________________________ El-errata mailing list
Jan 13, 2024
Oracle
217
security advisorymoderatethreat mitigationOracle Linux 7 ELSA-2021-5195 Moderate Security Advisory
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2021-5195 https://linux.oracle.com/errata/ELSA-2021-5195.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: ipa-client-4.6.8-5.0.1.el7_9.10.aarch64.rpm ipa-client-common-4.6.8-5.0.1.el7_9.10.noarch.rpm ipa-common-4.6.8-5.0.1.el7_9.10.noarch.rpm ipa-python-compat-4.6.8-5.0.1.el7_9.10.noarch.rpm ipa-server-4.6.8-5.0.1.el7_9.10.aarch64.rpm ipa-server-common-4.6.8-5.0.1.el7_9.10.noarch.rpm ipa-server-dns-4.6.8-5.0.1.el7_9.10.noarch.rpm ipa-server-trust-ad-4.6.8-5.0.1.el7_9.10.aarch64.rpm python2-ipaclient-4.6.8-5.0.1.el7_9.10.noarch.rpm python2-ipalib-4.6.8-5.0.1.el7_9.10.noarch.rpm python2-ipaserver-4.6.8-5.0.1.el7_9.10.noarch.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/ipa-4.6.8-5.0.1.el7_9.10.src.rpm Related CVEs: CVE-2020-25719 Description of changes: [4.6.8-5.0.1] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7_9.10] - Resolves: 2025848 - RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server - Fix cert_request for KDC cert - Resolves: 2021444 - CVE-2020-25719 ipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets - SMB: switch IPA domain controller role _______________________________________________ El-errata mailing list
Dec 17, 2021
•Important
Oracle
98
security advisorybug fixRed Hat Enterprise LinuxRed Hat Enterprise Linux 7: RHSA-2021-5195-02 Moderate: ipa Security Fix
An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ipa security and bug fix update Advisory ID: RHSA-2021:5195-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:5195 Issue date: 2021-12-16 CVE Names: CVE-2020-25719 ==================================================================== 1. Summary: An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. Bug Fix(es): * RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server (BZ#2025848) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2019732 - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets 2025848 - RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ipa-4.6.8-5.el7_9.10.src.rpm noarch: ipa-client-common-4.6.8-5.el7_9.10.noarch.rpm ipa-common-4.6.8-5.el7_9.10.noarch.rpm ipa-python-compat-4.6.8-5.el7_9.10.noarch.rpm python2-ipaclient-4.6.8-5.el7_9.10.noarch.rpm python2-ipalib-4.6.8-5.el7_9.10.noarch.rpm x86_64: ipa-client-4.6.8-5.el7_9.10.x86_64.rpm ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ipa-server-common-4.6.8-5.el7_9.10.noarch.rpm ipa-server-dns-4.6.8-5.el7_9.10.noarch.rpm python2-ipaserver-4.6.8-5.el7_9.10.noarch.rpm x86_64: ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7_9.10.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ipa-4.6.8-5.el7_9.10.src.rpm noarch: ipa-client-common-4.6.8-5.el7_9.10.noarch.rpm ipa-common-4.6.8-5.el7_9.10.noarch.rpm ipa-python-compat-4.6.8-5.el7_9.10.noarch.rpm python2-ipaclient-4.6.8-5.el7_9.10.noarch.rpm python2-ipalib-4.6.8-5.el7_9.10.noarch.rpm x86_64: ipa-client-4.6.8-5.el7_9.10.x86_64.rpm ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): noarch: ipa-server-common-4.6.8-5.el7_9.10.noarch.rpm ipa-server-dns-4.6.8-5.el7_9.10.noarch.rpm python2-ipaserver-4.6.8-5.el7_9.10.noarch.rpm x86_64: ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7_9.10.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ipa-4.6.8-5.el7_9.10.src.rpm noarch: ipa-client-common-4.6.8-5.el7_9.10.noarch.rpm ipa-common-4.6.8-5.el7_9.10.noarch.rpm ipa-python-compat-4.6.8-5.el7_9.10.noarch.rpm ipa-server-common-4.6.8-5.el7_9.10.noarch.rpm ipa-server-dns-4.6.8-5.el7_9.10.noarch.rpm python2-ipaclient-4.6.8-5.el7_9.10.noarch.rpm python2-ipalib-4.6.8-5.el7_9.10.noarch.rpm python2-ipaserver-4.6.8-5.el7_9.10.noarch.rpm ppc64: ipa-client-4.6.8-5.el7_9.10.ppc64.rpm ipa-debuginfo-4.6.8-5.el7_9.10.ppc64.rpm ppc64le: ipa-client-4.6.8-5.el7_9.10.ppc64le.rpm ipa-debuginfo-4.6.8-5.el7_9.10.ppc64le.rpm s390x: ipa-client-4.6.8-5.el7_9.10.s390x.rpm ipa-debuginfo-4.6.8-5.el7_9.10.s390x.rpm x86_64: ipa-client-4.6.8-5.el7_9.10.x86_64.rpm ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7_9.10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ipa-4.6.8-5.el7_9.10.src.rpm noarch: ipa-client-common-4.6.8-5.el7_9.10.noarch.rpm ipa-common-4.6.8-5.el7_9.10.noarch.rpm ipa-python-compat-4.6.8-5.el7_9.10.noarch.rpm ipa-server-common-4.6.8-5.el7_9.10.noarch.rpm ipa-server-dns-4.6.8-5.el7_9.10.noarch.rpm python2-ipaclient-4.6.8-5.el7_9.10.noarch.rpm python2-ipalib-4.6.8-5.el7_9.10.noarch.rpm python2-ipaserver-4.6.8-5.el7_9.10.noarch.rpm x86_64: ipa-client-4.6.8-5.el7_9.10.x86_64.rpm ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7_9.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2020-25719 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYbuXktzjgjWX9erEAQhRFg//ai599K6l5ZrwKPruBlWybmcdbDOw+CzK k7+5mVr0v1li6SuurKGOJsEP8GEmKO2tz1qxPJJxbF//LUdDoFaeNqUFTa1KO1cW vFB0l6/fsOuSpidBhD/MJaeFp+xCeRfCElHz76h/YaTHPTskR1cwDgQhME72OER5 aoixDr/Grua9BI4RfefSpbilSPpIvI3SA41pYGWpSfypjCgysOpzAw8bwe/dq4L9 bKRs+ha3AVT1SduEOKMADhzeZqF9XcptwPLfHLcsF+SY7jvfFMNz+E5qRBQFdSwo 4yvTpMF5LMv52ua7zpceOBVKdb90/C3eKBK4mpzMhAUrA6Abkckcc2VnQEiXh/J8 GBgXfxUdBbafXK8OOI+EX0hh9oubiAXCloCL1zRyQUgdqrvC+Cz81cOE1pU2p28V nTMFOw9b0aHDgRK0hvXdhKS4DfAXO0Vcb/vzZNSrOAvhF7A4T7Fseq0RizPmMtSJ zZEgYgk0C1asTqfyYKDsAEK4MZiNhsPPJXicto0+u88FIccmtiYGc7883Ve3CyUk AlP3wpj1M6FTWrxNxXpQHvL4Gm0D3qDtMmZ2PJdAKMekaiIqtxXX7RBkTK41A4rJ sepnnS+Nkp+q8oiSLtVnBfj9HAJm6vyAotLcvMU6l4GTKg+ZTsoMs1ildIjaRqH2 VjAgIqLSd+A=br8L -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 16, 2021
Red Hat
98
security advisoryRed Hat Enterprise LinuxDoS threatRed Hat Enterprise Linux 8.1 RHSA-2021-2027-01 Important: ipa DoS Threat
An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: ipa security update Advisory ID: RHSA-2021:2027-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2027 Issue date: 2021-05-19 CVE Names: CVE-2021-3480 ==================================================================== 1. Summary: An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * slapi-nis: NULL dereference (DoS) with specially crafted Binding DN (CVE-2021-3480) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1944640 - CVE-2021-3480 slapi-nis: NULL dereference (DoS) with speciallycrafted Binding DN 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.1): Source: bind-dyndb-ldap-11.1-14.module+el8.1.0+4098+f286395e.src.rpm custodia-0.6.0-3.module+el8.1.0+4098+f286395e.src.rpm ipa-4.8.0-13.module+el8.1.0+4923+c6efe041.src.rpm ipa-healthcheck-0.3-4.module+el8.1.0+4098+f286395e.src.rpm ipa-idoverride-memberof-0.0.4-6.module+el8.1.0+4098+f286395e.src.rpm opendnssec-1.4.14-1.module+el8.1.0+4098+f286395e.src.rpm python-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.src.rpm python-kdcproxy-0.4-3.module+el8.1.0+4098+f286395e.src.rpm python-qrcode-5.1-12.module+el8.1.0+4098+f286395e.src.rpm python-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.src.rpm pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.src.rpm slapi-nis-0.56.3-3.module+el8.1.0+10781+dffa5bca.src.rpm softhsm-2.4.0-2.module+el8.1.0+4098+f286395e.src.rpm aarch64: bind-dyndb-ldap-11.1-14.module+el8.1.0+4098+f286395e.aarch64.rpm bind-dyndb-ldap-debuginfo-11.1-14.module+el8.1.0+4098+f286395e.aarch64.rpm bind-dyndb-ldap-debugsource-11.1-14.module+el8.1.0+4098+f286395e.aarch64.rpm ipa-client-4.8.0-13.module+el8.1.0+4923+c6efe041.aarch64.rpm ipa-client-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.aarch64.rpm ipa-client-samba-4.8.0-13.module+el8.1.0+4923+c6efe041.aarch64.rpm ipa-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.aarch64.rpm ipa-debugsource-4.8.0-13.module+el8.1.0+4923+c6efe041.aarch64.rpm ipa-idoverride-memberof-plugin-0.0.4-6.module+el8.1.0+4098+f286395e.aarch64.rpm ipa-server-4.8.0-13.module+el8.1.0+4923+c6efe041.aarch64.rpm ipa-server-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.aarch64.rpm ipa-server-trust-ad-4.8.0-13.module+el8.1.0+4923+c6efe041.aarch64.rpm ipa-server-trust-ad-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.aarch64.rpm opendnssec-1.4.14-1.module+el8.1.0+4098+f286395e.aarch64.rpm opendnssec-debuginfo-1.4.14-1.module+el8.1.0+4098+f286395e.aarch64.rpm opendnssec-debugsource-1.4.14-1.module+el8.1.0+4098+f286395e.aarch64.rpm slapi-nis-0.56.3-3.module+el8.1.0+10781+dffa5bca.aarch64.rpm slapi-nis-debuginfo-0.56.3-3.module+el8.1.0+10781+dffa5bca.aarch64.rpm slapi-nis-debugsource-0.56.3-3.module+el8.1.0+10781+dffa5bca.aarch64.rpm softhsm-2.4.0-2.module+el8.1.0+4098+f286395e.aarch64.rpm softhsm-debuginfo-2.4.0-2.module+el8.1.0+4098+f286395e.aarch64.rpm softhsm-debugsource-2.4.0-2.module+el8.1.0+4098+f286395e.aarch64.rpm softhsm-devel-2.4.0-2.module+el8.1.0+4098+f286395e.aarch64.rpm noarch: custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm ipa-client-common-4.8.0-13.module+el8.1.0+4923+c6efe041.noarch.rpm ipa-common-4.8.0-13.module+el8.1.0+4923+c6efe041.noarch.rpm ipa-healthcheck-0.3-4.module+el8.1.0+4098+f286395e.noarch.rpm ipa-python-compat-4.8.0-13.module+el8.1.0+4923+c6efe041.noarch.rpm ipa-server-common-4.8.0-13.module+el8.1.0+4923+c6efe041.noarch.rpm ipa-server-dns-4.8.0-13.module+el8.1.0+4923+c6efe041.noarch.rpm python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm python3-ipaclient-4.8.0-13.module+el8.1.0+4923+c6efe041.noarch.rpm python3-ipalib-4.8.0-13.module+el8.1.0+4923+c6efe041.noarch.rpm python3-ipaserver-4.8.0-13.module+el8.1.0+4923+c6efe041.noarch.rpm python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch.rpm python3-kdcproxy-0.4-3.module+el8.1.0+4098+f286395e.noarch.rpm python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch.rpm python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch.rpm ppc64le: bind-dyndb-ldap-11.1-14.module+el8.1.0+4098+f286395e.ppc64le.rpm bind-dyndb-ldap-debuginfo-11.1-14.module+el8.1.0+4098+f286395e.ppc64le.rpm bind-dyndb-ldap-debugsource-11.1-14.module+el8.1.0+4098+f286395e.ppc64le.rpm ipa-client-4.8.0-13.module+el8.1.0+4923+c6efe041.ppc64le.rpm ipa-client-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.ppc64le.rpm ipa-client-samba-4.8.0-13.module+el8.1.0+4923+c6efe041.ppc64le.rpm ipa-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.ppc64le.rpm ipa-debugsource-4.8.0-13.module+el8.1.0+4923+c6efe041.ppc64le.rpm ipa-idoverride-memberof-plugin-0.0.4-6.module+el8.1.0+4098+f286395e.ppc64le.rpm ipa-server-4.8.0-13.module+el8.1.0+4923+c6efe041.ppc64le.rpm ipa-server-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.ppc64le.rpm ipa-server-trust-ad-4.8.0-13.module+el8.1.0+4923+c6efe041.ppc64le.rpm ipa-server-trust-ad-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.ppc64le.rpm opendnssec-1.4.14-1.module+el8.1.0+4098+f286395e.ppc64le.rpm opendnssec-debuginfo-1.4.14-1.module+el8.1.0+4098+f286395e.ppc64le.rpm opendnssec-debugsource-1.4.14-1.module+el8.1.0+4098+f286395e.ppc64le.rpm slapi-nis-0.56.3-3.module+el8.1.0+10781+dffa5bca.ppc64le.rpm slapi-nis-debuginfo-0.56.3-3.module+el8.1.0+10781+dffa5bca.ppc64le.rpm slapi-nis-debugsource-0.56.3-3.module+el8.1.0+10781+dffa5bca.ppc64le.rpm softhsm-2.4.0-2.module+el8.1.0+4098+f286395e.ppc64le.rpm softhsm-debuginfo-2.4.0-2.module+el8.1.0+4098+f286395e.ppc64le.rpm softhsm-debugsource-2.4.0-2.module+el8.1.0+4098+f286395e.ppc64le.rpm softhsm-devel-2.4.0-2.module+el8.1.0+4098+f286395e.ppc64le.rpm s390x: bind-dyndb-ldap-11.1-14.module+el8.1.0+4098+f286395e.s390x.rpm bind-dyndb-ldap-debuginfo-11.1-14.module+el8.1.0+4098+f286395e.s390x.rpm bind-dyndb-ldap-debugsource-11.1-14.module+el8.1.0+4098+f286395e.s390x.rpm ipa-client-4.8.0-13.module+el8.1.0+4923+c6efe041.s390x.rpm ipa-client-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.s390x.rpm ipa-client-samba-4.8.0-13.module+el8.1.0+4923+c6efe041.s390x.rpm ipa-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.s390x.rpm ipa-debugsource-4.8.0-13.module+el8.1.0+4923+c6efe041.s390x.rpm ipa-idoverride-memberof-plugin-0.0.4-6.module+el8.1.0+4098+f286395e.s390x.rpm ipa-server-4.8.0-13.module+el8.1.0+4923+c6efe041.s390x.rpm ipa-server-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.s390x.rpm ipa-server-trust-ad-4.8.0-13.module+el8.1.0+4923+c6efe041.s390x.rpm ipa-server-trust-ad-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.s390x.rpm opendnssec-1.4.14-1.module+el8.1.0+4098+f286395e.s390x.rpm opendnssec-debuginfo-1.4.14-1.module+el8.1.0+4098+f286395e.s390x.rpm opendnssec-debugsource-1.4.14-1.module+el8.1.0+4098+f286395e.s390x.rpm slapi-nis-0.56.3-3.module+el8.1.0+10781+dffa5bca.s390x.rpm slapi-nis-debuginfo-0.56.3-3.module+el8.1.0+10781+dffa5bca.s390x.rpm slapi-nis-debugsource-0.56.3-3.module+el8.1.0+10781+dffa5bca.s390x.rpm softhsm-2.4.0-2.module+el8.1.0+4098+f286395e.s390x.rpm softhsm-debuginfo-2.4.0-2.module+el8.1.0+4098+f286395e.s390x.rpm softhsm-debugsource-2.4.0-2.module+el8.1.0+4098+f286395e.s390x.rpm softhsm-devel-2.4.0-2.module+el8.1.0+4098+f286395e.s390x.rpm x86_64: bind-dyndb-ldap-11.1-14.module+el8.1.0+4098+f286395e.x86_64.rpm bind-dyndb-ldap-debuginfo-11.1-14.module+el8.1.0+4098+f286395e.x86_64.rpm bind-dyndb-ldap-debugsource-11.1-14.module+el8.1.0+4098+f286395e.x86_64.rpm ipa-client-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64.rpm ipa-client-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64.rpm ipa-client-samba-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64.rpm ipa-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64.rpm ipa-debugsource-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64.rpm ipa-idoverride-memberof-plugin-0.0.4-6.module+el8.1.0+4098+f286395e.x86_64.rpm ipa-server-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64.rpm ipa-server-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64.rpm ipa-server-trust-ad-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64.rpm ipa-server-trust-ad-debuginfo-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64.rpm opendnssec-1.4.14-1.module+el8.1.0+4098+f286395e.x86_64.rpm opendnssec-debuginfo-1.4.14-1.module+el8.1.0+4098+f286395e.x86_64.rpm opendnssec-debugsource-1.4.14-1.module+el8.1.0+4098+f286395e.x86_64.rpm slapi-nis-0.56.3-3.module+el8.1.0+10781+dffa5bca.x86_64.rpm slapi-nis-debuginfo-0.56.3-3.module+el8.1.0+10781+dffa5bca.x86_64.rpm slapi-nis-debugsource-0.56.3-3.module+el8.1.0+10781+dffa5bca.x86_64.rpm softhsm-2.4.0-2.module+el8.1.0+4098+f286395e.x86_64.rpm softhsm-debuginfo-2.4.0-2.module+el8.1.0+4098+f286395e.x86_64.rpm softhsm-debugsource-2.4.0-2.module+el8.1.0+4098+f286395e.x86_64.rpm softhsm-devel-2.4.0-2.module+el8.1.0+4098+f286395e.x86_64.rpm These packages are GPG signed by Red Hat for security. Our keyand details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3480 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKTPatzjgjWX9erEAQgqxhAAkWcml/KE2rzBx+I2ZCyo27qqCjpJZG0d VCKI/Hjgzas+9ELkwoJYdXiGhvI4fcIwA07Z2kWjC8vQb/sJnLMrmgxlpLeEPsmh LdituwScUb/19GOJAfvRSbG7Q4w+/ekwC1lFoUAjJGgoTdrj3RjZTU1zkZPaar85 JTDtMepW2U0a7yrQxeDDADq81JIVIkFe1kojr/sOqBDAWQt5SqtnrFJPs1EQftsz ROOE/S2xoaViYqw4SDE0gwuwCTVvmJk/i9alpJ9iMTrW4siVeCOUgWt2df6eA21q M0AFQKvsofzCt3hMum5RP3ZmWFx2nejkvllBGrecyxPOG/Vt7jlDtnefvkOSzyzY yacw7jqMK9KkPhxSv5WnGd7CjJsAppj1LVeay/9XHnAjbxuvM94cM/T7h1NDNKyV N9nFMuLrBUYI8Jcrko9ACRCTxko43duR8k9rfIsuE3jtLFqhD9xZ9u4/UPhzb+AC kEELjmFvO2V0Q6Fx9ZvN6orB+5wk3dIJY1AQhAc7qTHeZB8bizmd3zutnAKWppnE ZH5JMkumUUQCJfKWObXzmArvytNdUD9QpBNG8npphu8feDU6I3gWSeoM2cvMni1U aUWaYoR7gagkazZU1fSQEdGCssttE9SxUjmLAyJgD/Rs6R3tlQ4LIy1RFR5u4nbX AjWjgE8/zG0=peyV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 19, 2021
•Important
Red Hat
98
security advisoryred hatbug fixRed Hat 6 RHSA-2015:1462-01 Moderate: ipa XSS Security Issues
Updated ipa packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ipa security and bug fix update Advisory ID: RHSA-2015:1462-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:1462.html Issue date: 2015-07-22 Updated on: 2015-03-04 CVE Names: CVE-2010-5312 CVE-2012-6662 ==================================================================== 1. Summary: Updated ipa packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Two cross-site scripting (XSS) flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. (CVE-2010-5312, CVE-2012-6662) Note: The IdM version provided by this update no longer uses jQuery. Bug fixes: * Theipa-server-install, ipa-replica-install, and ipa-client-install utilities are not supported on machines running in FIPS-140 mode. Previously, IdM did not warn users about this. Now, IdM does not allow running the utilities in FIPS-140 mode, and displays an explanatory message. (BZ#1131571) * If an Active Directory (AD) server was specified or discovered automatically when running the ipa-client-install utility, the utility produced a traceback instead of informing the user that an IdM server is expected in this situation. Now, ipa-client-install detects the AD server and fails with an explanatory message. (BZ#1132261) * When IdM servers were configured to require the TLS protocol version 1.1 (TLSv1.1) or later in the httpd server, the ipa utility failed. With this update, running ipa works as expected with TLSv1.1 or later. (BZ#1154687) * In certain high-load environments, the Kerberos authentication step of the IdM client installer can fail. Previously, the entire client installation failed in this situation. This update modifies ipa-client-install to prefer the TCP protocol over the UDP protocol and to retry the authentication attempt in case of failure. (BZ#1161722) * If ipa-client-install updated or created the /etc/nsswitch.conf file, the sudo utility could terminate unexpectedly with a segmentation fault. Now, ipa-client-install puts a new line character at the end of nsswitch.conf if it modifies the last line of the file, fixing this bug. (BZ#1185207) * The ipa-client-automount utility failed with the "UNWILLING_TO_PERFORM" LDAP error when the nsslapd-minssf Red Hat Directory Server configuration parameter was set to "1". This update modifies ipa-client-automount to use encrypted connection for LDAP searches by default, and the utility now finishes successfully even with nsslapd-minssf specified. (BZ#1191040) * If installing an IdM server failed after the Certificate Authority (CA) installation, the "ipa-server-install --uninstall" command did not perform a proper cleanup. After the user issued"ipa-server-install --uninstall" and then attempted to install the server again, the installation failed. Now, "ipa-server-install --uninstall" removes the CA-related files in the described situation, and ipa-server-install no longer fails with the mentioned error message. (BZ#1198160) * Running ipa-client-install added the "sss" entry to the sudoers line in nsswitch.conf even if "sss" was already configured and the entry was present in the file. Duplicate "sss" then caused sudo to become unresponsive. Now, ipa-client-install no longer adds "sss" if it is already present in nsswitch.conf. (BZ#1198339) * After running ipa-client-install, it was not possible to log in using SSH under certain circumstances. Now, ipa-client-install no longer corrupts the sshd_config file, and the sshd service can start as expected, and logging in using SSH works in the described situation. (BZ#1201454) * An incorrect definition of the dc attribute in the /usr/share/ipa/05rfc2247.ldif file caused bogus error messages to be returned during migration. The attribute has been fixed, but the bug persists if the copy-schema-to-ca.py script was run on Red Hat Enterprise Linux 6.6 prior to running it on Red Hat Enterprise Linux 6.7. To work around this problem, manually copy /usr/share/ipa/schema/05rfc2247.ldif to /etc/dirsrv/slapd-PKI-IPA/schema/ and restart IdM. (BZ#1220788) All ipa users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1132261 - ipa-client-install failing produces a traceback instead of useful error message 1146870 - ipa-client-install fails with "KerbTransport instance has no attribute '__conn'" traceback 1154687 - POODLE: force using safe ciphers (non-SSLv3) in IPA client and server 1166041 -CVE-2010-5312 jquery-ui: XSS vulnerability in jQuery.ui.dialog title option 1166064 - CVE-2012-6662 jquery-ui: XSS vulnerability in default content in Tooltip widget 1185207 - ipa-client dont end new line character in /etc/nsswitch.conf 1198339 - ipa-client-install adds extra sss to sudoers in nsswitch.conf 1201454 - ipa breaks sshd config 1205660 - ipa-client rpm should require keyutils 1207649 - host certificate not issued to client during ipa-client-install 1220788 - request to backport ticket 3578 to RHEL6. Provoking migration to 7.1 issues. 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ipa-3.0.0-47.el6.src.rpm i386: ipa-client-3.0.0-47.el6.i686.rpm ipa-debuginfo-3.0.0-47.el6.i686.rpm ipa-python-3.0.0-47.el6.i686.rpm x86_64: ipa-client-3.0.0-47.el6.x86_64.rpm ipa-debuginfo-3.0.0-47.el6.x86_64.rpm ipa-python-3.0.0-47.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ipa-admintools-3.0.0-47.el6.i686.rpm ipa-debuginfo-3.0.0-47.el6.i686.rpm ipa-server-3.0.0-47.el6.i686.rpm ipa-server-selinux-3.0.0-47.el6.i686.rpm ipa-server-trust-ad-3.0.0-47.el6.i686.rpm x86_64: ipa-admintools-3.0.0-47.el6.x86_64.rpm ipa-debuginfo-3.0.0-47.el6.x86_64.rpm ipa-server-3.0.0-47.el6.x86_64.rpm ipa-server-selinux-3.0.0-47.el6.x86_64.rpm ipa-server-trust-ad-3.0.0-47.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ipa-3.0.0-47.el6.src.rpm x86_64: ipa-client-3.0.0-47.el6.x86_64.rpm ipa-debuginfo-3.0.0-47.el6.x86_64.rpm ipa-python-3.0.0-47.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: ipa-admintools-3.0.0-47.el6.x86_64.rpm ipa-debuginfo-3.0.0-47.el6.x86_64.rpm ipa-server-3.0.0-47.el6.x86_64.rpm ipa-server-selinux-3.0.0-47.el6.x86_64.rpm ipa-server-trust-ad-3.0.0-47.el6.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: ipa-3.0.0-47.el6.src.rpm i386: ipa-admintools-3.0.0-47.el6.i686.rpm ipa-client-3.0.0-47.el6.i686.rpm ipa-debuginfo-3.0.0-47.el6.i686.rpm ipa-python-3.0.0-47.el6.i686.rpm ipa-server-3.0.0-47.el6.i686.rpm ipa-server-selinux-3.0.0-47.el6.i686.rpm ipa-server-trust-ad-3.0.0-47.el6.i686.rpm ppc64: ipa-admintools-3.0.0-47.el6.ppc64.rpm ipa-client-3.0.0-47.el6.ppc64.rpm ipa-debuginfo-3.0.0-47.el6.ppc64.rpm ipa-python-3.0.0-47.el6.ppc64.rpm s390x: ipa-admintools-3.0.0-47.el6.s390x.rpm ipa-client-3.0.0-47.el6.s390x.rpm ipa-debuginfo-3.0.0-47.el6.s390x.rpm ipa-python-3.0.0-47.el6.s390x.rpm x86_64: ipa-admintools-3.0.0-47.el6.x86_64.rpm ipa-client-3.0.0-47.el6.x86_64.rpm ipa-debuginfo-3.0.0-47.el6.x86_64.rpm ipa-python-3.0.0-47.el6.x86_64.rpm ipa-server-3.0.0-47.el6.x86_64.rpm ipa-server-selinux-3.0.0-47.el6.x86_64.rpm ipa-server-trust-ad-3.0.0-47.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ipa-3.0.0-47.el6.src.rpm i386: ipa-admintools-3.0.0-47.el6.i686.rpm ipa-client-3.0.0-47.el6.i686.rpm ipa-debuginfo-3.0.0-47.el6.i686.rpm ipa-python-3.0.0-47.el6.i686.rpm ipa-server-3.0.0-47.el6.i686.rpm ipa-server-selinux-3.0.0-47.el6.i686.rpm ipa-server-trust-ad-3.0.0-47.el6.i686.rpm x86_64: ipa-admintools-3.0.0-47.el6.x86_64.rpm ipa-client-3.0.0-47.el6.x86_64.rpm ipa-debuginfo-3.0.0-47.el6.x86_64.rpm ipa-python-3.0.0-47.el6.x86_64.rpm ipa-server-3.0.0-47.el6.x86_64.rpm ipa-server-selinux-3.0.0-47.el6.x86_64.rpm ipa-server-trust-ad-3.0.0-47.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2010-5312 https://access.redhat.com/security/cve/CVE-2012-6662 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . Canonical's Timely securityupdate outlines kernel patches for critical vulnerabilities and enhancements for Ubuntu 20.04, reinforcing system integrity.. ipa Security, Red Hat Update, RHEL 6 Advisory, Moderate Security Fixes, XSS Vulnerability. . LinuxSecurity.com Team
Jul 22, 2015
Red Hat
200
security advisorymoderate threatxss issueScientific Linux SL7.x SLSA-2015:0442-1 Moderate: ipa XSS Issue
Moderate: ipa security, bug fix, and enhancement update. Date: Wed, 25 Mar 2015 15:19:32 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: ipa on SL7.x x86_64 MIME-Version: 1.0 Synopsis: Moderate: ipa security, bug fix, and enhancement update Advisory ID: SLSA-2015:0442-1 Issue Date: 2015-03-05 CVE Numbers: CVE-2010-5312 CVE-2012-6662 -- Two cross-site scripting (XSS) flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. (CVE-2010-5312, CVE-2012-6662) Note: The IdM version provided by this update no longer uses jQuery. * Added the "ipa-cacert-manage" command, which renews the Certification Authority (CA) file. * Added the ID Views feature. * IdM now supports using one-time password (OTP) authentication and allows gradual migration from proprietary OTP solutions to the IdM OTP solution. * Added the "ipa-backup" and "ipa-restore" commands to allow manual backups. * Added a solution for regulating access permissions to specific sections of the IdM server. This update also fixes several bugs, including: * Previously, when IdM servers were configured to require the Transport Layer Security protocol version 1.1 (TLSv1.1) or later in the httpd server, the "ipa" command-line utility failed. With this update, running "ipa" works as expected with TLSv1.1 or later. In addition, this update adds multiple enhancements, including: * The "ipa-getkeytab" utility can now optionally fetch existing keytabs from the KDC. Previously, retrieving an existing keytab was not supported, as the only option was to generate a new key. * You can now create and manage a "." root zone on IdM servers. DNS queries sent to the IdM DNS server use this configured zone instead of the public zone. * The IdM server web UI has been updated and is now based on the Patternfly framework, offering betterresponsiveness. * A new user attribute now enables provisioning systems to add custom tags for user objects. The tags can be used for automember rules or for additional local interpretation. * This update adds a new DNS zone type to ensure that forward and master zones are better separated. As a result, the IdM DNS interface complies with the forward zone semantics in BIND. * This update adds a set of Apache modules that external applications can use to achieve tighter interaction with IdM beyond simple authentication. * IdM supports configuring automember rules for automated assignment of users or hosts in respective groups according to their characteristics, such as the "userClass" or "departmentNumber" attributes. Previously, the rules could be applied only to new entries. This update allows applying the rules also to existing users or hosts. * The extdom plug-in translates Security Identifiers (SIDs) of Active Directory (AD) users and groups to names and POSIX IDs. With this update, extdom returns the full member list for groups and the full list of group memberships for a user, the GECOS field, the home directory, as well as the login shell of a user. Also, an optional list of key-value pairscontains the SID of the requested object if the SID is available. -- SL7 x86_64 ipa-client-4.1.0-18.sl7.x86_64.rpm ipa-debuginfo-4.1.0-18.sl7.x86_64.rpm ipa-python-4.1.0-18.sl7.x86_64.rpm ipa-admintools-4.1.0-18.sl7.x86_64.rpm ipa-server-4.1.0-18.sl7.x86_64.rpm ipa-server-trust-ad-4.1.0-18.sl7.x86_64.rpm - Scientific Linux Development Team . Recent ipa security patch resolves major XSS vulnerabilities in Scientific Linux, bolstering system robustness and security functionalities.. ipa Update, Scientific Linux Security, Cross-Site Scripting, Security Enhancements. . LinuxSecurity.com Team
Mar 25, 2015
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!