Описание
ELSA-2020-4670-1: idm:client security, bug fix, and enhancement update (MODERATE)
bind-dyndb-ldap [11.3-1]
- New upstream release
- Resolves: rhbz#1845211
ipa [4.8.7-12.0.1]
- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]
[4.8.7-12]
- Require selinux sub package in the proper version Related: RHBZ#1868432
- SELinux: do not double-define node_t and pki_tomcat_cert_t Related: RHBZ#1868432
- SELinux: add dedicated policy for ipa-pki-retrieve-key + ipatests Related: RHBZ#1868432
- dogtaginstance.py: add --debug to pkispawn Resolves: RHBZ#1879604
[4.8.7-11]
- SELinux Policy: let custodia replicate keys Resolves: RHBZ#1868432
[4.8.7-10]
- Set mode of /etc/ipa/ca.crt to 0644 in CA-less installations Resolves: RHBZ#1870202
[4.8.7-9]
- CAless installation: set the perms on KDC cert file Resolves: RHBZ#1863616
- EPN: handle empty attributes Resolves: RHBZ#1866938
- IPA-EPN: enhance input validation Resolves: RHBZ#1866291
- EPN: enhance input validation Resolves: RHBZ#1863079
- Require new samba build 4.12.3-52 Related: RHBZ#1868558
- Require new selinux-policy build 3.14.3-52 Related: RHBZ#1869311
[4.8.7-8]
- [WebUI] IPA Error 3007: RequirmentError while adding members in User ID overrides tab (updated) Resolves: RHBZ#1757045
- ipa-client-install: use the authselect backup during uninstall Resolves: RHBZ#1810179
- Replace SSLCertVerificationError with CertificateError for py36 Resolves: RHBZ#1858318
- Fix AVC denial during ipa-adtrust-install --add-agents Resolves: RHBZ#1859213
[4.8.7-7]
- replica install failing with avc denial for custodia component Resolves: RHBZ#1857157
[4.8.7-6]
- selinux dont audit rules deny fetching trust topology Resolves: RHBZ#1845596
- fix iPAddress cert issuance for >1 host/service Resolves: RHBZ#1846352
- Specify cert_paths when calling PKIConnection Resolves: RHBZ#1849155
- Update crypto policy to allow AD-SUPPORT when installing IPA Resolves: RHBZ#1851139
- Add version to ipa-idoverride-memberof obsoletes Related: RHBZ#1846434
[4.8.7-5]
- Add missing ipa-selinux package Resolves: RHBZ#1853263
[4.8.7-4]
- Remove client-epn left over files for ONLY_CLIENT Related: RHBZ#1847999
[4.8.7-3]
- [WebUI] IPA Error 3007: RequirmentError while adding members in User ID overrides tab Resolves: RHBZ#1757045
- EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn Resolves: RHBZ#1847999
- FreeIPA - Utilize 256-bit AJP connector passwords Resolves: RHBZ#1849914
- ipa: typo issue in ipanthomedirectoryrive deffinition Resolves: RHBZ#1851411
[4.8.7-2]
- Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7 Resolves: RHBZ#1846434
[4.8.7-1]
- Upstream release FreeIPA 4.8.7
- Require new samba build 4.12.3-0 Related: RHBZ#1818765
- New client-epn sub package Resolves: RHBZ#913799
ipa-healthcheck [0.4-6]
- The core subpackage can be installed standalone, drop the Requires on the base package. (#1852244)
- Add Conflicts < 0.4 to to core to allow downgrading with --allowerasing (#1852244)
[0.4-5]
- Remove the Obsoletes < 0.4 and add same-version Requires to each subpackage so that upgrades from 0.3 will work (#1852244)
opendnssec [2.1.6-2]
- Resolves: rhbz#1831732 AVC avc: denied { dac_override } for comm=ods-enforcerd
[2.1.6-1]
- Resolves: rhbz#1759888 Rebase OpenDNSSEC to 2.1
slapi-nis [0.56.5-4]
- Ignore unmatched searches
- Resolves: rhbz#1874015
[0.56.5-3]
- Fix memory leaks in ID views processing
- Resolves: rhbz#1875348
[0.56.5-2]
- Initialize map lock in NIS plugin
- Resolves: rhbz#1832331
[0.56.5-1]
- Upstream release 0.56.5
- Resolves: rhbz#1751295: (2) When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming
- Resolves: rhbz#1768156: ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED
softhsm [2.6.0-3]
- Fixes: rhbz#1834909 - softhsm use-after-free on process exit
- Synchronize the final fix with Fedora
[2.6.0-2]
- Fixes: rhbz#1834909 - softhsm use-after-free on process exit
[2.6.0-1]
- Fixes: rhbz#1818877 - rebase to softhsm 2.6.0+
- Fixes: rhbz#1701233 - support setting supported signature methods on the token
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module idm:DL1 is enabled
custodia
0.6.0-3.module+el8.3.0+7868+2151076c
python3-custodia
0.6.0-3.module+el8.3.0+7868+2151076c
python3-jwcrypto
0.5.0-1.module+el8.3.0+7868+2151076c
python3-kdcproxy
0.4-5.module+el8.3.0+7868+2151076c
python3-pyusb
1.0.0-9.module+el8.3.0+7868+2151076c
python3-qrcode
5.1-12.module+el8.3.0+7868+2151076c
python3-qrcode-core
5.1-12.module+el8.3.0+7868+2151076c
python3-yubico
1.3.2-9.module+el8.3.0+7868+2151076c
bind-dyndb-ldap
11.3-1.module+el8.3.0+7868+2151076c
ipa-client
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-client-common
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-client-epn
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-client-samba
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-common
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-healthcheck
0.4-6.module+el8.3.0+7868+2151076c
ipa-healthcheck-core
0.4-6.module+el8.3.0+7868+2151076c
ipa-python-compat
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-selinux
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-server
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-server-common
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-server-dns
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-server-trust-ad
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
opendnssec
2.1.6-2.module+el8.3.0+7868+2151076c
python3-ipaclient
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
python3-ipalib
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
python3-ipaserver
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
slapi-nis
0.56.5-4.module+el8.3.0+7868+2151076c
softhsm
2.6.0-3.module+el8.3.0+7868+2151076c
softhsm-devel
2.6.0-3.module+el8.3.0+7868+2151076c
Oracle Linux x86_64
Module idm:DL1 is enabled
custodia
0.6.0-3.module+el8.3.0+7868+2151076c
python3-custodia
0.6.0-3.module+el8.3.0+7868+2151076c
python3-jwcrypto
0.5.0-1.module+el8.3.0+7868+2151076c
python3-kdcproxy
0.4-5.module+el8.3.0+7868+2151076c
python3-pyusb
1.0.0-9.module+el8.3.0+7868+2151076c
python3-qrcode
5.1-12.module+el8.3.0+7868+2151076c
python3-qrcode-core
5.1-12.module+el8.3.0+7868+2151076c
python3-yubico
1.3.2-9.module+el8.3.0+7868+2151076c
bind-dyndb-ldap
11.3-1.module+el8.3.0+7868+2151076c
ipa-client
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-client-common
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-client-epn
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-client-samba
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-common
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-healthcheck
0.4-6.module+el8.3.0+7868+2151076c
ipa-healthcheck-core
0.4-6.module+el8.3.0+7868+2151076c
ipa-python-compat
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-selinux
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-server
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-server-common
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-server-dns
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
ipa-server-trust-ad
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
opendnssec
2.1.6-2.module+el8.3.0+7868+2151076c
python3-ipaclient
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
python3-ipalib
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
python3-ipaserver
4.8.7-12.0.1.module+el8.3.0+7868+2151076c
slapi-nis
0.56.5-4.module+el8.3.0+7868+2151076c
softhsm
2.6.0-3.module+el8.3.0+7868+2151076c
softhsm-devel
2.6.0-3.module+el8.3.0+7868+2151076c
Ссылки на источники
Связанные уязвимости
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
ELSA-2020-4670: idm:DL1 and idm:client security, bug fix, and enhancement update (MODERATE)
ELSA-2020-3936: ipa security, bug fix, and enhancement update (MODERATE)
ELSA-2020-4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (MODERATE)
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update