Type: | SECURITY |
Severity: | MODERATE |
Release Date: | 2020-10-06 |
[4.6.8-5.0.1]
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]
[4.6.8-5.el7]
- Resolves: #1826659 IPA: Ldap authentication failure due to Kerberos principal expiration UTC timestamp
- ipa-pwd-extop: use timegm() instead of mktime() to preserve timezone offset
[4.6.8-4.el7]
- Resolves: #1842950 ipa-adtrust-install fails when replica is offline
- ipa-adtrust-install: avoid failure when replica is offline
- Resolves: #1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
- WebUI: Apply jQuery patch to fix htmlPrefilter issue
[4.6.8-3.el7]
- Resolves: #1834385 Man page syntax issue detected by rpminspect
- Man pages: fix syntax issues
- Resolves: #1829787 ipa service-del deletes the required principal when specified in lower/upper case
- Make check_required_principal() case-insensitive
- Resolves: #1825829 ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3
- ipa-advise: fallback to /usr/libexec/platform-python if python3 not found
- Resolves: #1812020 CVE-2015-9251 ipa: js-jquery: Cross-site scripting via cross-domain ajax requests
- Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1
- Resolves: #1713487 CVE-2019-11358 ipa: js-jquery: prototype pollution in objects prototype leading to denial of service or remote code execution or property injection
- Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1
[4.6.8-2.el7]
- Resolves: #1802408 CVE-2020-1722 ipa: No password length restriction leads to denial of service
- Add interactive prompt for the LDAP bind password to ipa-getkeytab
- CVE-2020-1722: prevent use of too long passwords
[4.6.8-1.el7]
- Resolves: #1819725 - Rebase IPA to latest 4.6.x version
- Resolves: #1817927 - host-add --password logs cleartext userpassword to Apache error log
- Resolves: #1817923 - IPA upgrade is failing with error 'Failed to get request: bus, object_path and dbus_interface must not be None.'
- Resolves: #1817922 - covscan memory leaks report
- Resolves: #1817919 - Enable compat tree to provide information about AD users and groups on trust agents
- Resolves: #1817918 - Secure tomcat AJP connector
- Resolves: #1817886 - ipa group-add-member: prevent adding IPA objects as external members
- Resolves: #1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd
[4.6.6-12.el7]
- Resolves: #1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6
- Resolves: #1404770 - ID Views: do not allow custom Views for the masters
- idviews: prevent applying to a master
- Resolves: #1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -> 7.6 upgrade path as opposed to new RHEL 7.6 systems
- install/updates: move external members past schema compat update
- Resolves: #1795890 - ipa-pkinit-manage enable fails on replica if it doesnt host the CA
- pkinit setup: fix regression on master install
- pkinit enable: use local dogtag only if host has CA
- Resolves: #1788907 - Renewed certs are not picked up by IPA CAs
- Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit
- Resolves: #1780548 - Man page ipa-cacert-manage does not display correctly on RHEL
- ipa-cacert-manage man page: fix indentation
- Resolves: #1782587 - add 'systemctl restart sssd' to warning message when adding trust agents to replicas
- adtrust.py: mention restarting sssd when adding trust agents
- Resolves: #1771356 - Default client configuration breaks ssh in FIPS mode
- Use default ssh host key algorithms
- Resolves: #1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client
- smartcard: make the ipa-advise script compatible with authselect/authconfig
- Resolves: #1758406 - KRA authentication fails when IPA CA has custom Subject DN
- upgrade: fix ipakra people entry 'description' attribute
- krainstance: set correct issuer DN in uid=ipakra entry
- Resolves: #1756568 - ipa-server-certinstall man page does not match built-in help
- ipa-server-certinstall manpage: add missing options
- Resolves: #1206690 - UPG not being enforced properly
- ipa user_add: do not check group if UPG is disabled
- Resolves: #1811982 - CVE-2018-14042 ipa: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip.
- Resolves: #1811978 - CVE-2018-14040 ipa: bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
- Resolves: #1811972 - CVE-2016-10735 ipa: bootstrap: XSS in the data-target attribute
- Resolves: #1811969 -CVE-2018-20676 ipa: bootstrap: XSS in the tooltip data-viewport attribute
- Resolves: #1811966 - CVE-2018-20677 ipa: bootstrap: XSS in the affix configuration target property
- Resolves: #1811962 - CVE-2019-8331 ipa: bootstrap: XSS in the tooltip or popover data-template attribute
- Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1
- Resolves: #1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements
- WebUI: Fix notification area layout
- Resolves: #1545755 - ipa-replica-prepare should not update pki admin password
- Fix indentation levels
- ipa-pwd-extop: use SLAPI_BIND_TARGET_SDN
- ipa-pwd-extop: dont check password policy for non-Kerberos account set by DM or a passsync manager
- Dont save password history on non-Kerberos accounts
CVE-2018-14040 |
CVE-2018-14042 |
CVE-2015-9251 |
CVE-2016-10735 |
CVE-2019-8331 |
CVE-2020-1722 |
CVE-2020-11022 |
CVE-2018-20676 |
CVE-2018-20677 |
CVE-2019-11358 |
Release/Architecture | Filename | MD5sum | Superseded By Advisory |
Oracle Linux 7 (aarch64) | ipa-4.6.8-5.0.1.el7.src.rpm | 4abe7f75d7782fcfdc6ddc38dbaaa9b7 | ELBA-2021-1395 |
ipa-client-4.6.8-5.0.1.el7.aarch64.rpm | ea5651c65dad8281a36fcf1189869aee | ELBA-2021-1395 | |
ipa-client-common-4.6.8-5.0.1.el7.noarch.rpm | ff8f2bff61e5bd0954a5651950e3f285 | ELBA-2021-1395 | |
ipa-common-4.6.8-5.0.1.el7.noarch.rpm | 975fd2331bd114781976b6c7ede76a73 | ELBA-2021-1395 | |
ipa-python-compat-4.6.8-5.0.1.el7.noarch.rpm | 3f5c0d77933a8a61da3c04272c631119 | ELBA-2021-1395 | |
ipa-server-4.6.8-5.0.1.el7.aarch64.rpm | dbf9b7377753e94727018a3489281c38 | ELBA-2021-1395 | |
ipa-server-common-4.6.8-5.0.1.el7.noarch.rpm | faf689022ddf03e17038a7d0bf907c7c | ELBA-2021-1395 | |
ipa-server-dns-4.6.8-5.0.1.el7.noarch.rpm | 3028ecf4db9bf48bb6f32c15fa4a1c6d | ELBA-2021-1395 | |
ipa-server-trust-ad-4.6.8-5.0.1.el7.aarch64.rpm | f835935f4747146a24f9b8bcc9ab5030 | ELBA-2021-1395 | |
python2-ipaclient-4.6.8-5.0.1.el7.noarch.rpm | b203d19348544a07040cbf91d44e8b67 | ELBA-2021-1395 | |
python2-ipalib-4.6.8-5.0.1.el7.noarch.rpm | 2831668077ab28cc5175cff20dafaa3f | ELBA-2021-1395 | |
python2-ipaserver-4.6.8-5.0.1.el7.noarch.rpm | b818201633e280b5b117d3d61241e3ea | ELBA-2021-1395 | |
Oracle Linux 7 (x86_64) | ipa-4.6.8-5.0.1.el7.src.rpm | 4abe7f75d7782fcfdc6ddc38dbaaa9b7 | ELBA-2021-1395 |
ipa-client-4.6.8-5.0.1.el7.x86_64.rpm | 3126c19b92196441273bad249be8d5f4 | ELBA-2021-1395 | |
ipa-client-common-4.6.8-5.0.1.el7.noarch.rpm | ff8f2bff61e5bd0954a5651950e3f285 | ELBA-2021-1395 | |
ipa-common-4.6.8-5.0.1.el7.noarch.rpm | 975fd2331bd114781976b6c7ede76a73 | ELBA-2021-1395 | |
ipa-python-compat-4.6.8-5.0.1.el7.noarch.rpm | 3f5c0d77933a8a61da3c04272c631119 | ELBA-2021-1395 | |
ipa-server-4.6.8-5.0.1.el7.x86_64.rpm | 2067df7c37a0aea390f13f31b0b19dda | ELBA-2021-1395 | |
ipa-server-common-4.6.8-5.0.1.el7.noarch.rpm | faf689022ddf03e17038a7d0bf907c7c | ELBA-2021-1395 | |
ipa-server-dns-4.6.8-5.0.1.el7.noarch.rpm | 3028ecf4db9bf48bb6f32c15fa4a1c6d | ELBA-2021-1395 | |
ipa-server-trust-ad-4.6.8-5.0.1.el7.x86_64.rpm | 6038962c42450b51ed93874168060c86 | ELBA-2021-1395 | |
python2-ipaclient-4.6.8-5.0.1.el7.noarch.rpm | b203d19348544a07040cbf91d44e8b67 | ELBA-2021-1395 | |
python2-ipalib-4.6.8-5.0.1.el7.noarch.rpm | 2831668077ab28cc5175cff20dafaa3f | ELBA-2021-1395 | |
python2-ipaserver-4.6.8-5.0.1.el7.noarch.rpm | b818201633e280b5b117d3d61241e3ea | ELBA-2021-1395 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team