Описание
ELSA-2021-0860: ipa security and bug fix update (MODERATE)
[4.6.8-5.0.1]
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]
[4.6.8-5.el7_9.4]
- Resolves: #1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing
- wgi/plugins.py: ignore empty plugin directories
- Resolves: #1895197 improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find
- Improve PKI subsystem detection
- ipatests: add test for PKI subsystem detection
- ipatest: fix test_upgrade.py::TestUpgrade::()::test_kra_detection
- Resolves: #1892793 Authentication and login times are over several seconds due to unindexed ipaExternalMember
- Add more indices
- Resolves: #1884819 IdM Web UI shows users as disabled
- fix cert-find errors in CA-less deployment
- Resolves: #1863619 CA-less install does not set required permissions on KDC certificate
- CAless installation: set the perms on KDC cert file
- ipatests: check KDC cert permissions in CA less install
- Resolves: #1859248 CVE-2020-11023 ipa: jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution
- WebUI: Fix jQuery DOM manipulation issues
- Resolves: #1846349 cannot issue certs with multiple IP addresses corresponding to different hosts
- fix iPAddress cert issuance for >1 host/service
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
ipa-client
4.6.8-5.0.1.el7_9.4
ipa-client-common
4.6.8-5.0.1.el7_9.4
ipa-common
4.6.8-5.0.1.el7_9.4
ipa-python-compat
4.6.8-5.0.1.el7_9.4
ipa-server
4.6.8-5.0.1.el7_9.4
ipa-server-common
4.6.8-5.0.1.el7_9.4
ipa-server-dns
4.6.8-5.0.1.el7_9.4
ipa-server-trust-ad
4.6.8-5.0.1.el7_9.4
python2-ipaclient
4.6.8-5.0.1.el7_9.4
python2-ipalib
4.6.8-5.0.1.el7_9.4
python2-ipaserver
4.6.8-5.0.1.el7_9.4
Oracle Linux x86_64
ipa-client
4.6.8-5.0.1.el7_9.4
ipa-client-common
4.6.8-5.0.1.el7_9.4
ipa-common
4.6.8-5.0.1.el7_9.4
ipa-python-compat
4.6.8-5.0.1.el7_9.4
ipa-server
4.6.8-5.0.1.el7_9.4
ipa-server-common
4.6.8-5.0.1.el7_9.4
ipa-server-dns
4.6.8-5.0.1.el7_9.4
ipa-server-trust-ad
4.6.8-5.0.1.el7_9.4
python2-ipaclient
4.6.8-5.0.1.el7_9.4
python2-ipalib
4.6.8-5.0.1.el7_9.4
python2-ipaserver
4.6.8-5.0.1.el7_9.4
Связанные CVE
Связанные уязвимости
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...
