ELSA-2017-0388

Опубликовано: 02 мар. 2017

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2017-0388: ipa security and bug fix update (MODERATE)

[4.4.0-14.0.1.el7_3.6]

Blank out header-logo.png product-name.png Replace login-screen-logo.png [20362818]

[4.4.0-14.6]

Resolves: #1416488 replication race condition prevents IPA to install
- wait_for_entry: use only DN as parameter
- Wait until HTTPS principal entry is replicated to replica
- Use proper logging for error messages

[4.4.0-14.5]

Resolves: #1410760 ipa-ca-install fails on replica when IPA Master is installed without CA
- Set up DS TLS on replica in CA-less topology
Resolves: #1413137 CVE-2017-2590 ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands
- ca: correctly authorise ca-del, ca-enable and ca-disable
Resolves: #1416481 IPA replica install fails with dirsrv errors.
- Do not configure PKI ajp redirection to use '::1'

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

ipa-admintools

4.4.0-14.0.1.el7_3.6

ipa-client

4.4.0-14.0.1.el7_3.6

ipa-client-common

4.4.0-14.0.1.el7_3.6

ipa-common

4.4.0-14.0.1.el7_3.6

ipa-python-compat

4.4.0-14.0.1.el7_3.6

ipa-server

4.4.0-14.0.1.el7_3.6

ipa-server-common

4.4.0-14.0.1.el7_3.6

ipa-server-dns

4.4.0-14.0.1.el7_3.6

ipa-server-trust-ad

4.4.0-14.0.1.el7_3.6

python2-ipaclient

4.4.0-14.0.1.el7_3.6

python2-ipalib

4.4.0-14.0.1.el7_3.6

python2-ipaserver

4.4.0-14.0.1.el7_3.6

Связанные CVE

CVE-2017-2590

Ссылки на источники

Связанные уязвимости

CVE-2017-2590

CVSS3: 8.1

ubuntu

больше 7 лет назад

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.