Описание
ELSA-2016-1797: ipa security update (MODERATE)
[3.0.0-50.el6.2]
- Resolves: #1351593 CVE-2016-5404 ipa: Insufficient privileges check in
certificate revocation
- cert-revoke: fix permission check bypass (CVE-2016-5404)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
ipa-admintools
3.0.0-50.el6_8.2
ipa-client
3.0.0-50.el6_8.2
ipa-python
3.0.0-50.el6_8.2
ipa-server
3.0.0-50.el6_8.2
ipa-server-selinux
3.0.0-50.el6_8.2
ipa-server-trust-ad
3.0.0-50.el6_8.2
Oracle Linux i686
ipa-admintools
3.0.0-50.el6_8.2
ipa-client
3.0.0-50.el6_8.2
ipa-python
3.0.0-50.el6_8.2
ipa-server
3.0.0-50.el6_8.2
ipa-server-selinux
3.0.0-50.el6_8.2
ipa-server-trust-ad
3.0.0-50.el6_8.2
Oracle Linux sparc64
ipa-admintools
3.0.0-50.el6_8.2
ipa-client
3.0.0-50.el6_8.2
ipa-python
3.0.0-50.el6_8.2
Oracle Linux 7
Oracle Linux x86_64
ipa-admintools
4.2.0-15.0.1.el7_2.19
ipa-client
4.2.0-15.0.1.el7_2.19
ipa-python
4.2.0-15.0.1.el7_2.19
ipa-server
4.2.0-15.0.1.el7_2.19
ipa-server-dns
4.2.0-15.0.1.el7_2.19
ipa-server-trust-ad
4.2.0-15.0.1.el7_2.19
Связанные CVE
Связанные уязвимости
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
The cert_revoke command in FreeIPA does not check for the "revoke cert ...
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.