ELSA-2020-4670

ULN >
Oracle Linux Errata repository >
ELSA-2020-4670

ELSA-2020-4670 - idm:DL1 and idm:client security, bug fix, and enhancement update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2020-11-10

Description

bind-dyndb-ldap
[11.3-1]
- New upstream release
- Resolves: rhbz#1845211

ipa
[4.8.7-12.0.1]
- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]

[4.8.7-12]
- Require selinux sub package in the proper version
Related: RHBZ#1868432
- SELinux: do not double-define node_t and pki_tomcat_cert_t
Related: RHBZ#1868432
- SELinux: add dedicated policy for ipa-pki-retrieve-key + ipatests
Related: RHBZ#1868432
- dogtaginstance.py: add --debug to pkispawn
Resolves: RHBZ#1879604

[4.8.7-11]
- SELinux Policy: let custodia replicate keys
Resolves: RHBZ#1868432

[4.8.7-10]
- Set mode of /etc/ipa/ca.crt to 0644 in CA-less installations
Resolves: RHBZ#1870202

[4.8.7-9]
- CAless installation: set the perms on KDC cert file
Resolves: RHBZ#1863616
- EPN: handle empty attributes
Resolves: RHBZ#1866938
- IPA-EPN: enhance input validation
Resolves: RHBZ#1866291
- EPN: enhance input validation
Resolves: RHBZ#1863079
- Require new samba build 4.12.3-52
Related: RHBZ#1868558
- Require new selinux-policy build 3.14.3-52
Related: RHBZ#1869311

[4.8.7-8]
- [WebUI] IPA Error 3007: RequirmentError while adding members in
User ID overrides tab (updated)
Resolves: RHBZ#1757045
- ipa-client-install: use the authselect backup during uninstall
Resolves: RHBZ#1810179
- Replace SSLCertVerificationError with CertificateError for py36
Resolves: RHBZ#1858318
- Fix AVC denial during ipa-adtrust-install --add-agents
Resolves: RHBZ#1859213

[4.8.7-7]
- replica install failing with avc denial for custodia component
Resolves: RHBZ#1857157

[4.8.7-6]
- selinux dont audit rules deny fetching trust topology
Resolves: RHBZ#1845596
- fix iPAddress cert issuance for >1 host/service
Resolves: RHBZ#1846352
- Specify cert_paths when calling PKIConnection
Resolves: RHBZ#1849155
- Update crypto policy to allow AD-SUPPORT when installing IPA
Resolves: RHBZ#1851139
- Add version to ipa-idoverride-memberof obsoletes
Related: RHBZ#1846434

[4.8.7-5]
- Add missing ipa-selinux package
Resolves: RHBZ#1853263

[4.8.7-4]
- Remove client-epn left over files for ONLY_CLIENT
Related: RHBZ#1847999

[4.8.7-3]
- [WebUI] IPA Error 3007: RequirmentError while adding members in
User ID overrides tab
Resolves: RHBZ#1757045
- EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in
freeipa-client-epn
Resolves: RHBZ#1847999
- FreeIPA - Utilize 256-bit AJP connector passwords
Resolves: RHBZ#1849914
- ipa: typo issue in ipanthomedirectoryrive deffinition
Resolves: RHBZ#1851411

[4.8.7-2]
- Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7
Resolves: RHBZ#1846434

[4.8.7-1]
- Upstream release FreeIPA 4.8.7
- Require new samba build 4.12.3-0
Related: RHBZ#1818765
- New client-epn sub package
Resolves: RHBZ#913799

ipa-healthcheck
[0.4-6]
- The core subpackage can be installed standalone, drop the Requires
on the base package. (#1852244)
- Add Conflicts < 0.4 to to core to allow downgrading with
--allowerasing (#1852244)

[0.4-5]
- Remove the Obsoletes < 0.4 and add same-version Requires to each
subpackage so that upgrades from 0.3 will work (#1852244)

opendnssec
[2.1.6-2]
- Resolves: rhbz#1831732 AVC avc: denied { dac_override } for comm=ods-enforcerd

[2.1.6-1]
- Resolves: rhbz#1759888 Rebase OpenDNSSEC to 2.1

slapi-nis
[0.56.5-4]
- Ignore unmatched searches
- Resolves: rhbz#1874015

[0.56.5-3]
- Fix memory leaks in ID views processing
- Resolves: rhbz#1875348

[0.56.5-2]
- Initialize map lock in NIS plugin
- Resolves: rhbz#1832331

[0.56.5-1]
- Upstream release 0.56.5
- Resolves: rhbz#1751295: (2) When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming
- Resolves: rhbz#1768156: ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED

softhsm
[2.6.0-3]
- Fixes: rhbz#1834909 - softhsm use-after-free on process exit
- Synchronize the final fix with Fedora

[2.6.0-2]
- Fixes: rhbz#1834909 - softhsm use-after-free on process exit

[2.6.0-1]
- Fixes: rhbz#1818877 - rebase to softhsm 2.6.0+
- Fixes: rhbz#1701233 - support setting supported signature methods on the token

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	bind-dyndb-ldap-11.3-1.module+el8.3.0+7868+2151076c.src.rpm	eb7cafadd4ad4e92dcb153ca3eec3db0	-
	custodia-0.6.0-3.module+el8.3.0+7868+2151076c.src.rpm	ce165d1f99347a48974e368975876498	-
	ipa-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.src.rpm	0976262833b96bddcf57283bbaa31ab9	-
	ipa-healthcheck-0.4-6.module+el8.3.0+7868+2151076c.src.rpm	9d87bb27bb69cbb5a7edf1ff2eec6d53	-
	opendnssec-2.1.6-2.module+el8.3.0+7868+2151076c.src.rpm	38941ada38e7320a8ebf96c1c94d3f79	-
	python-jwcrypto-0.5.0-1.module+el8.3.0+7868+2151076c.src.rpm	c03dd588ca46ca7e4d717798dba5eeea	-
	python-kdcproxy-0.4-5.module+el8.3.0+7868+2151076c.src.rpm	621fc2180f1bbc11e09932666a8b327c	-
	python-qrcode-5.1-12.module+el8.3.0+7868+2151076c.src.rpm	69fae2d999939b44accf143de720d678	-
	python-yubico-1.3.2-9.module+el8.3.0+7868+2151076c.src.rpm	355e4650d8f0556d99bc45ec88f5eb9f	-
	pyusb-1.0.0-9.module+el8.3.0+7868+2151076c.src.rpm	45afb4f7819ad8661fa4d47da6770d48	-
	slapi-nis-0.56.5-4.module+el8.3.0+7868+2151076c.src.rpm	d60df2733736b4c3864c6b1094c987ec	-
	softhsm-2.6.0-3.module+el8.3.0+7868+2151076c.src.rpm	36f7ea9c6e88400096d957e9009a31ca	-
	bind-dyndb-ldap-11.3-1.module+el8.3.0+7868+2151076c.aarch64.rpm	d5b953030eb3f4b6b956f7158997c867	-
	custodia-0.6.0-3.module+el8.3.0+7868+2151076c.noarch.rpm	c71fec64089a0ef4743723ef48be090d	-
	ipa-client-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.aarch64.rpm	4cc205965c3d74b6b71fdd6b8317ff04	-
	ipa-client-common-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	584f0e34a9f5fad59ed3e5c08b5a72c3	-
	ipa-client-epn-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.aarch64.rpm	c08f73b6019b5ba44392acc408e6fc46	-
	ipa-client-samba-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.aarch64.rpm	a08022e8a197778432444b71cac3903d	-
	ipa-common-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	a9df27e9ade26eab01a0e94241be8e55	-
	ipa-healthcheck-0.4-6.module+el8.3.0+7868+2151076c.noarch.rpm	21a4bfc174ded75c139bd22f7da5ecda	-
	ipa-healthcheck-core-0.4-6.module+el8.3.0+7868+2151076c.noarch.rpm	34857e1c26a70f2957e0921369f98a96	-
	ipa-python-compat-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	4087d6acd1e47883d029670208bea39c	-
	ipa-selinux-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	aa313d8f792ae2740e20d598dab25c4d	-
	ipa-server-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.aarch64.rpm	c1b1f1fc0c334cd11c6d8f5ff00b9bf4	-
	ipa-server-common-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	22e401e478dfb41b1238a0805d050626	-
	ipa-server-dns-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	1339865d61b8cd5fbc30973f562fe85f	-
	ipa-server-trust-ad-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.aarch64.rpm	36096d2d0a0e01797e3a7acc7a2c7aac	-
	opendnssec-2.1.6-2.module+el8.3.0+7868+2151076c.aarch64.rpm	d1051261735f3f9c7717db2c7e395ad8	-
	python3-custodia-0.6.0-3.module+el8.3.0+7868+2151076c.noarch.rpm	e44c657b05036a1b704405808c2d9983	-
	python3-ipaclient-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	be1cbab16bbea200c758592323d37d6c	-
	python3-ipalib-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	1fa000412296a8e64957dc09864b6721	-
	python3-ipaserver-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	385798407a50d5f2ccd613aa2dad5942	-
	python3-jwcrypto-0.5.0-1.module+el8.3.0+7868+2151076c.noarch.rpm	f113ab263f16937553b3c6ddd33e5d98	-
	python3-kdcproxy-0.4-5.module+el8.3.0+7868+2151076c.noarch.rpm	a8cdc2e03473bcef4a80b606c34268c5	-
	python3-pyusb-1.0.0-9.module+el8.3.0+7868+2151076c.noarch.rpm	1b603a2aa27dffdc0a5a666e71f650f3	-
	python3-qrcode-5.1-12.module+el8.3.0+7868+2151076c.noarch.rpm	264feb369759327f3d402730c54a758f	-
	python3-qrcode-core-5.1-12.module+el8.3.0+7868+2151076c.noarch.rpm	3c06d6ac2557026543269bc390f7e663	-
	python3-yubico-1.3.2-9.module+el8.3.0+7868+2151076c.noarch.rpm	092a483f3db5ac9047824e7e60653a94	-
	slapi-nis-0.56.5-4.module+el8.3.0+7868+2151076c.aarch64.rpm	64b3371e881cae45650bff4ddbfe8047	-
	softhsm-2.6.0-3.module+el8.3.0+7868+2151076c.aarch64.rpm	7f4f059bc7cb8e061d980b6990ab9e5b	-
	softhsm-devel-2.6.0-3.module+el8.3.0+7868+2151076c.aarch64.rpm	a81a092475d3b6090de395deb02425f0	-

Oracle Linux 8 (x86_64)	bind-dyndb-ldap-11.3-1.module+el8.3.0+7868+2151076c.src.rpm	eb7cafadd4ad4e92dcb153ca3eec3db0	-
	custodia-0.6.0-3.module+el8.3.0+7868+2151076c.src.rpm	ce165d1f99347a48974e368975876498	-
	ipa-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.src.rpm	0976262833b96bddcf57283bbaa31ab9	-
	ipa-healthcheck-0.4-6.module+el8.3.0+7868+2151076c.src.rpm	9d87bb27bb69cbb5a7edf1ff2eec6d53	-
	opendnssec-2.1.6-2.module+el8.3.0+7868+2151076c.src.rpm	38941ada38e7320a8ebf96c1c94d3f79	-
	python-jwcrypto-0.5.0-1.module+el8.3.0+7868+2151076c.src.rpm	c03dd588ca46ca7e4d717798dba5eeea	-
	python-kdcproxy-0.4-5.module+el8.3.0+7868+2151076c.src.rpm	621fc2180f1bbc11e09932666a8b327c	-
	python-qrcode-5.1-12.module+el8.3.0+7868+2151076c.src.rpm	69fae2d999939b44accf143de720d678	-
	python-yubico-1.3.2-9.module+el8.3.0+7868+2151076c.src.rpm	355e4650d8f0556d99bc45ec88f5eb9f	-
	pyusb-1.0.0-9.module+el8.3.0+7868+2151076c.src.rpm	45afb4f7819ad8661fa4d47da6770d48	-
	slapi-nis-0.56.5-4.module+el8.3.0+7868+2151076c.src.rpm	d60df2733736b4c3864c6b1094c987ec	-
	softhsm-2.6.0-3.module+el8.3.0+7868+2151076c.src.rpm	36f7ea9c6e88400096d957e9009a31ca	-
	bind-dyndb-ldap-11.3-1.module+el8.3.0+7868+2151076c.x86_64.rpm	77fcb063e42f5e89faab40cf0cad7810	-
	custodia-0.6.0-3.module+el8.3.0+7868+2151076c.noarch.rpm	c71fec64089a0ef4743723ef48be090d	-
	ipa-client-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.x86_64.rpm	38523e20cd056eb2889e5757e5e736cb	-
	ipa-client-common-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	584f0e34a9f5fad59ed3e5c08b5a72c3	-
	ipa-client-epn-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.x86_64.rpm	ae0ab5cba3c3fc9026b36a6fc9e45cf3	-
	ipa-client-samba-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.x86_64.rpm	5899834527e8a32ed17e1e4942e8d924	-
	ipa-common-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	a9df27e9ade26eab01a0e94241be8e55	-
	ipa-healthcheck-0.4-6.module+el8.3.0+7868+2151076c.noarch.rpm	21a4bfc174ded75c139bd22f7da5ecda	-
	ipa-healthcheck-core-0.4-6.module+el8.3.0+7868+2151076c.noarch.rpm	34857e1c26a70f2957e0921369f98a96	-
	ipa-python-compat-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	4087d6acd1e47883d029670208bea39c	-
	ipa-selinux-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	aa313d8f792ae2740e20d598dab25c4d	-
	ipa-server-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.x86_64.rpm	5bebf2c9a969433fb731fac3fab7c33c	-
	ipa-server-common-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	22e401e478dfb41b1238a0805d050626	-
	ipa-server-dns-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	1339865d61b8cd5fbc30973f562fe85f	-
	ipa-server-trust-ad-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.x86_64.rpm	6080c842cc45beeb049380e3afed41dd	-
	opendnssec-2.1.6-2.module+el8.3.0+7868+2151076c.x86_64.rpm	ac0c4b9cc128a02bf3dd0e546e51af71	-
	python3-custodia-0.6.0-3.module+el8.3.0+7868+2151076c.noarch.rpm	e44c657b05036a1b704405808c2d9983	-
	python3-ipaclient-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	be1cbab16bbea200c758592323d37d6c	-
	python3-ipalib-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	1fa000412296a8e64957dc09864b6721	-
	python3-ipaserver-4.8.7-12.0.1.module+el8.3.0+7868+2151076c.noarch.rpm	385798407a50d5f2ccd613aa2dad5942	-
	python3-jwcrypto-0.5.0-1.module+el8.3.0+7868+2151076c.noarch.rpm	f113ab263f16937553b3c6ddd33e5d98	-
	python3-kdcproxy-0.4-5.module+el8.3.0+7868+2151076c.noarch.rpm	a8cdc2e03473bcef4a80b606c34268c5	-
	python3-pyusb-1.0.0-9.module+el8.3.0+7868+2151076c.noarch.rpm	1b603a2aa27dffdc0a5a666e71f650f3	-
	python3-qrcode-5.1-12.module+el8.3.0+7868+2151076c.noarch.rpm	264feb369759327f3d402730c54a758f	-
	python3-qrcode-core-5.1-12.module+el8.3.0+7868+2151076c.noarch.rpm	3c06d6ac2557026543269bc390f7e663	-
	python3-yubico-1.3.2-9.module+el8.3.0+7868+2151076c.noarch.rpm	092a483f3db5ac9047824e7e60653a94	-
	slapi-nis-0.56.5-4.module+el8.3.0+7868+2151076c.x86_64.rpm	3d46e5afdf69af79bfd3aa36f5e8da6c	-
	softhsm-2.6.0-3.module+el8.3.0+7868+2151076c.x86_64.rpm	43de488010c88e41faaa0690733c2e06	-
	softhsm-devel-2.6.0-3.module+el8.3.0+7868+2151076c.x86_64.rpm	edabe1edd1f013fea75a3948a0cb3bc3	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691