ELSA-2020-3936

ULN >
Oracle Linux Errata repository >
ELSA-2020-3936

ELSA-2020-3936 - ipa security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2020-10-06

Description

[4.6.8-5.0.1]
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]

[4.6.8-5.el7]
- Resolves: #1826659 IPA: Ldap authentication failure due to Kerberos principal expiration UTC timestamp
- ipa-pwd-extop: use timegm() instead of mktime() to preserve timezone offset

[4.6.8-4.el7]
- Resolves: #1842950 ipa-adtrust-install fails when replica is offline
- ipa-adtrust-install: avoid failure when replica is offline
- Resolves: #1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
- WebUI: Apply jQuery patch to fix htmlPrefilter issue

[4.6.8-3.el7]
- Resolves: #1834385 Man page syntax issue detected by rpminspect
- Man pages: fix syntax issues
- Resolves: #1829787 ipa service-del deletes the required principal when specified in lower/upper case
- Make check_required_principal() case-insensitive
- Resolves: #1825829 ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3
- ipa-advise: fallback to /usr/libexec/platform-python if python3 not found
- Resolves: #1812020 CVE-2015-9251 ipa: js-jquery: Cross-site scripting via cross-domain ajax requests
- Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1
- Resolves: #1713487 CVE-2019-11358 ipa: js-jquery: prototype pollution in objects prototype leading to denial of service or remote code execution or property injection
- Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1

[4.6.8-2.el7]
- Resolves: #1802408 CVE-2020-1722 ipa: No password length restriction leads to denial of service
- Add interactive prompt for the LDAP bind password to ipa-getkeytab
- CVE-2020-1722: prevent use of too long passwords

[4.6.8-1.el7]
- Resolves: #1819725 - Rebase IPA to latest 4.6.x version
- Resolves: #1817927 - host-add --password logs cleartext userpassword to Apache error log
- Resolves: #1817923 - IPA upgrade is failing with error 'Failed to get request: bus, object_path and dbus_interface must not be None.'
- Resolves: #1817922 - covscan memory leaks report
- Resolves: #1817919 - Enable compat tree to provide information about AD users and groups on trust agents
- Resolves: #1817918 - Secure tomcat AJP connector
- Resolves: #1817886 - ipa group-add-member: prevent adding IPA objects as external members
- Resolves: #1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd

[4.6.6-12.el7]
- Resolves: #1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6
- Resolves: #1404770 - ID Views: do not allow custom Views for the masters
- idviews: prevent applying to a master
- Resolves: #1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -> 7.6 upgrade path as opposed to new RHEL 7.6 systems
- install/updates: move external members past schema compat update
- Resolves: #1795890 - ipa-pkinit-manage enable fails on replica if it doesnt host the CA
- pkinit setup: fix regression on master install
- pkinit enable: use local dogtag only if host has CA
- Resolves: #1788907 - Renewed certs are not picked up by IPA CAs
- Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit
- Resolves: #1780548 - Man page ipa-cacert-manage does not display correctly on RHEL
- ipa-cacert-manage man page: fix indentation
- Resolves: #1782587 - add 'systemctl restart sssd' to warning message when adding trust agents to replicas
- adtrust.py: mention restarting sssd when adding trust agents
- Resolves: #1771356 - Default client configuration breaks ssh in FIPS mode
- Use default ssh host key algorithms
- Resolves: #1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client
- smartcard: make the ipa-advise script compatible with authselect/authconfig
- Resolves: #1758406 - KRA authentication fails when IPA CA has custom Subject DN
- upgrade: fix ipakra people entry 'description' attribute
- krainstance: set correct issuer DN in uid=ipakra entry
- Resolves: #1756568 - ipa-server-certinstall man page does not match built-in help
- ipa-server-certinstall manpage: add missing options
- Resolves: #1206690 - UPG not being enforced properly
- ipa user_add: do not check group if UPG is disabled
- Resolves: #1811982 - CVE-2018-14042 ipa: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip.
- Resolves: #1811978 - CVE-2018-14040 ipa: bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
- Resolves: #1811972 - CVE-2016-10735 ipa: bootstrap: XSS in the data-target attribute
- Resolves: #1811969 -CVE-2018-20676 ipa: bootstrap: XSS in the tooltip data-viewport attribute
- Resolves: #1811966 - CVE-2018-20677 ipa: bootstrap: XSS in the affix configuration target property
- Resolves: #1811962 - CVE-2019-8331 ipa: bootstrap: XSS in the tooltip or popover data-template attribute
- Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1
- Resolves: #1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements
- WebUI: Fix notification area layout
- Resolves: #1545755 - ipa-replica-prepare should not update pki admin password
- Fix indentation levels
- ipa-pwd-extop: use SLAPI_BIND_TARGET_SDN
- ipa-pwd-extop: dont check password policy for non-Kerberos account set by DM or a passsync manager
- Dont save password history on non-Kerberos accounts

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	ipa-4.6.8-5.0.1.el7.src.rpm	b51633daf23b25c2e3be7564dc06387e438793ee1d489ce17185b573164d3333	ELSA-2024-3760	ol7_aarch64_latest
	ipa-4.6.8-5.0.1.el7.src.rpm	b51633daf23b25c2e3be7564dc06387e438793ee1d489ce17185b573164d3333	ELSA-2024-3760	ol7_aarch64_u9_base
	ipa-client-4.6.8-5.0.1.el7.aarch64.rpm	ba7c687e96ed55b19765b89c88ea2c1de48825e6af61b0c5c27de15aade6ac07	ELSA-2024-3760	ol7_aarch64_latest
	ipa-client-4.6.8-5.0.1.el7.aarch64.rpm	ba7c687e96ed55b19765b89c88ea2c1de48825e6af61b0c5c27de15aade6ac07	ELSA-2024-3760	ol7_aarch64_u9_base
	ipa-client-common-4.6.8-5.0.1.el7.noarch.rpm	987d59e29d7d1a994461e9dedc682e9aa39b6ab344d44fb84935d1bf42f3d87a	ELSA-2024-3760	ol7_aarch64_latest
	ipa-client-common-4.6.8-5.0.1.el7.noarch.rpm	987d59e29d7d1a994461e9dedc682e9aa39b6ab344d44fb84935d1bf42f3d87a	ELSA-2024-3760	ol7_aarch64_u9_base
	ipa-common-4.6.8-5.0.1.el7.noarch.rpm	6e62e37f9c08918ce5b1e08d6eda58782f3f224b7e919d27b85750825cec1f6b	ELSA-2024-3760	ol7_aarch64_latest
	ipa-common-4.6.8-5.0.1.el7.noarch.rpm	6e62e37f9c08918ce5b1e08d6eda58782f3f224b7e919d27b85750825cec1f6b	ELSA-2024-3760	ol7_aarch64_u9_base
	ipa-python-compat-4.6.8-5.0.1.el7.noarch.rpm	e3a55d0ea4bbaad01ba5db45daa663ded7b88f4a00f92062bc4be01f073831b5	ELSA-2024-3760	ol7_aarch64_latest
	ipa-python-compat-4.6.8-5.0.1.el7.noarch.rpm	e3a55d0ea4bbaad01ba5db45daa663ded7b88f4a00f92062bc4be01f073831b5	ELSA-2024-3760	ol7_aarch64_u9_base
	ipa-server-4.6.8-5.0.1.el7.aarch64.rpm	b6c4d661a00de8f346247374e94a69d113525187bd72ff6849c1a5c58b081350	ELSA-2024-3760	ol7_aarch64_latest
	ipa-server-4.6.8-5.0.1.el7.aarch64.rpm	b6c4d661a00de8f346247374e94a69d113525187bd72ff6849c1a5c58b081350	ELSA-2024-3760	ol7_aarch64_u9_base
	ipa-server-common-4.6.8-5.0.1.el7.noarch.rpm	2e5e499877435935b62a5bbb2bb29eca11cd3ef487fa53c1ffe9322c847faa98	ELSA-2024-3760	ol7_aarch64_latest
	ipa-server-common-4.6.8-5.0.1.el7.noarch.rpm	2e5e499877435935b62a5bbb2bb29eca11cd3ef487fa53c1ffe9322c847faa98	ELSA-2024-3760	ol7_aarch64_u9_base
	ipa-server-dns-4.6.8-5.0.1.el7.noarch.rpm	2e1383664969339adfb3c8e21d4728a440d3d1ed0865d0ddd2ebbdf0f3b20596	ELSA-2024-3760	ol7_aarch64_latest
	ipa-server-dns-4.6.8-5.0.1.el7.noarch.rpm	2e1383664969339adfb3c8e21d4728a440d3d1ed0865d0ddd2ebbdf0f3b20596	ELSA-2024-3760	ol7_aarch64_u9_base
	ipa-server-trust-ad-4.6.8-5.0.1.el7.aarch64.rpm	11b897edda5d7f78bca429e95a179de1c024cf119d88a425e8640e123adbc49f	ELSA-2024-3760	ol7_aarch64_latest
	ipa-server-trust-ad-4.6.8-5.0.1.el7.aarch64.rpm	11b897edda5d7f78bca429e95a179de1c024cf119d88a425e8640e123adbc49f	ELSA-2024-3760	ol7_aarch64_u9_base
	python2-ipaclient-4.6.8-5.0.1.el7.noarch.rpm	dec69f914d4c6bc7a768366b69c69fd27dd22e787f38ae2ddc0ca3695bd15ce1	ELSA-2024-3760	ol7_aarch64_latest
	python2-ipaclient-4.6.8-5.0.1.el7.noarch.rpm	dec69f914d4c6bc7a768366b69c69fd27dd22e787f38ae2ddc0ca3695bd15ce1	ELSA-2024-3760	ol7_aarch64_u9_base
	python2-ipalib-4.6.8-5.0.1.el7.noarch.rpm	32cee7397386c6b319352737344bd97d81a814d85451c6dfac9e6071d09f52d3	ELSA-2024-3760	ol7_aarch64_latest
	python2-ipalib-4.6.8-5.0.1.el7.noarch.rpm	32cee7397386c6b319352737344bd97d81a814d85451c6dfac9e6071d09f52d3	ELSA-2024-3760	ol7_aarch64_u9_base
	python2-ipaserver-4.6.8-5.0.1.el7.noarch.rpm	ca14c531dc1d1ae8199935b5373ef9369eb7ee9eea69fe74caf72d419f47f3e5	ELSA-2024-3760	ol7_aarch64_latest
	python2-ipaserver-4.6.8-5.0.1.el7.noarch.rpm	ca14c531dc1d1ae8199935b5373ef9369eb7ee9eea69fe74caf72d419f47f3e5	ELSA-2024-3760	ol7_aarch64_u9_base

Oracle Linux 7 (x86_64)	ipa-4.6.8-5.0.1.el7.src.rpm	b51633daf23b25c2e3be7564dc06387e438793ee1d489ce17185b573164d3333	ELSA-2024-3760	ol7_x86_64_latest
	ipa-4.6.8-5.0.1.el7.src.rpm	b51633daf23b25c2e3be7564dc06387e438793ee1d489ce17185b573164d3333	ELSA-2024-3760	ol7_x86_64_u9_base
	ipa-client-4.6.8-5.0.1.el7.x86_64.rpm	02542f7b5bd97260196acc935d401ba78c2ecb36279dc23af0db671baad9f1a5	ELSA-2024-3760	ol7_x86_64_latest
	ipa-client-4.6.8-5.0.1.el7.x86_64.rpm	02542f7b5bd97260196acc935d401ba78c2ecb36279dc23af0db671baad9f1a5	ELSA-2024-3760	ol7_x86_64_u9_base
	ipa-client-common-4.6.8-5.0.1.el7.noarch.rpm	987d59e29d7d1a994461e9dedc682e9aa39b6ab344d44fb84935d1bf42f3d87a	ELSA-2024-3760	ol7_x86_64_latest
	ipa-client-common-4.6.8-5.0.1.el7.noarch.rpm	987d59e29d7d1a994461e9dedc682e9aa39b6ab344d44fb84935d1bf42f3d87a	ELSA-2024-3760	ol7_x86_64_u9_base
	ipa-common-4.6.8-5.0.1.el7.noarch.rpm	6e62e37f9c08918ce5b1e08d6eda58782f3f224b7e919d27b85750825cec1f6b	ELSA-2024-3760	ol7_x86_64_latest
	ipa-common-4.6.8-5.0.1.el7.noarch.rpm	6e62e37f9c08918ce5b1e08d6eda58782f3f224b7e919d27b85750825cec1f6b	ELSA-2024-3760	ol7_x86_64_u9_base
	ipa-python-compat-4.6.8-5.0.1.el7.noarch.rpm	e3a55d0ea4bbaad01ba5db45daa663ded7b88f4a00f92062bc4be01f073831b5	ELSA-2024-3760	ol7_x86_64_latest
	ipa-python-compat-4.6.8-5.0.1.el7.noarch.rpm	e3a55d0ea4bbaad01ba5db45daa663ded7b88f4a00f92062bc4be01f073831b5	ELSA-2024-3760	ol7_x86_64_u9_base
	ipa-server-4.6.8-5.0.1.el7.x86_64.rpm	77096488d0d7436ce1dd82e73b7a4f41567a6ddbc238491510f550a4a62a4c86	ELSA-2024-3760	ol7_x86_64_latest
	ipa-server-4.6.8-5.0.1.el7.x86_64.rpm	77096488d0d7436ce1dd82e73b7a4f41567a6ddbc238491510f550a4a62a4c86	ELSA-2024-3760	ol7_x86_64_u9_base
	ipa-server-common-4.6.8-5.0.1.el7.noarch.rpm	2e5e499877435935b62a5bbb2bb29eca11cd3ef487fa53c1ffe9322c847faa98	ELSA-2024-3760	ol7_x86_64_latest
	ipa-server-common-4.6.8-5.0.1.el7.noarch.rpm	2e5e499877435935b62a5bbb2bb29eca11cd3ef487fa53c1ffe9322c847faa98	ELSA-2024-3760	ol7_x86_64_u9_base
	ipa-server-dns-4.6.8-5.0.1.el7.noarch.rpm	2e1383664969339adfb3c8e21d4728a440d3d1ed0865d0ddd2ebbdf0f3b20596	ELSA-2024-3760	ol7_x86_64_latest
	ipa-server-dns-4.6.8-5.0.1.el7.noarch.rpm	2e1383664969339adfb3c8e21d4728a440d3d1ed0865d0ddd2ebbdf0f3b20596	ELSA-2024-3760	ol7_x86_64_u9_base
	ipa-server-trust-ad-4.6.8-5.0.1.el7.x86_64.rpm	326d4e53ad876c80af69ef8b18ea20699e4f394a9c07b853638a5899cf29111c	ELSA-2024-3760	ol7_x86_64_latest
	ipa-server-trust-ad-4.6.8-5.0.1.el7.x86_64.rpm	326d4e53ad876c80af69ef8b18ea20699e4f394a9c07b853638a5899cf29111c	ELSA-2024-3760	ol7_x86_64_u9_base
	python2-ipaclient-4.6.8-5.0.1.el7.noarch.rpm	dec69f914d4c6bc7a768366b69c69fd27dd22e787f38ae2ddc0ca3695bd15ce1	ELSA-2024-3760	ol7_x86_64_latest
	python2-ipaclient-4.6.8-5.0.1.el7.noarch.rpm	dec69f914d4c6bc7a768366b69c69fd27dd22e787f38ae2ddc0ca3695bd15ce1	ELSA-2024-3760	ol7_x86_64_u9_base
	python2-ipalib-4.6.8-5.0.1.el7.noarch.rpm	32cee7397386c6b319352737344bd97d81a814d85451c6dfac9e6071d09f52d3	ELSA-2024-3760	ol7_x86_64_latest
	python2-ipalib-4.6.8-5.0.1.el7.noarch.rpm	32cee7397386c6b319352737344bd97d81a814d85451c6dfac9e6071d09f52d3	ELSA-2024-3760	ol7_x86_64_u9_base
	python2-ipaserver-4.6.8-5.0.1.el7.noarch.rpm	ca14c531dc1d1ae8199935b5373ef9369eb7ee9eea69fe74caf72d419f47f3e5	ELSA-2024-3760	ol7_x86_64_latest
	python2-ipaserver-4.6.8-5.0.1.el7.noarch.rpm	ca14c531dc1d1ae8199935b5373ef9369eb7ee9eea69fe74caf72d419f47f3e5	ELSA-2024-3760	ol7_x86_64_u9_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691