Описание
ELSA-2021-5142: idm:DL1 security update (MODERATE)
ipa [4.9.6-10.0.1]
- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]
[4.9.6-10]
- Bump realease version due to build issue. Related: RHBZ#2021489
[4.9.6-9]
- Hardening for CVE-2020-25717, part 3 Related: RHBZ#2021489
[4.9.6-8]
- Hardening for CVE-2020-25717, part 2
- Related: RHBZ#2021171
[4.9.6-7]
- Hardening for CVE-2020-25717
- Related: RHBZ#2021171
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module idm:DL1 is enabled
bind-dyndb-ldap
11.6-2.module+el8.4.0+20088+3d202164
custodia
0.6.0-3.module+el8.3.0+7868+2151076c
ipa-client
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-client-common
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-client-epn
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-client-samba
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-common
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-healthcheck
0.7-6.module+el8.5.0+20379+1b4496cf
ipa-healthcheck-core
0.7-6.module+el8.5.0+20379+1b4496cf
ipa-python-compat
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-selinux
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-server
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-server-common
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-server-dns
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-server-trust-ad
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
opendnssec
2.1.7-1.module+el8.4.0+20088+3d202164
python3-custodia
0.6.0-3.module+el8.3.0+7868+2151076c
python3-ipaclient
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
python3-ipalib
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
python3-ipaserver
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
python3-ipatests
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
python3-jwcrypto
0.5.0-1.module+el8.3.0+7868+2151076c
python3-kdcproxy
0.4-5.module+el8.3.0+7868+2151076c
python3-pyusb
1.0.0-9.module+el8.3.0+7868+2151076c
python3-qrcode
5.1-12.module+el8.3.0+7868+2151076c
python3-qrcode-core
5.1-12.module+el8.3.0+7868+2151076c
python3-yubico
1.3.2-9.module+el8.3.0+7868+2151076c
slapi-nis
0.56.6-4.module+el8.5.0+20418+88e16a2c
softhsm
2.6.0-5.module+el8.4.0+20161+5ecb5b37
softhsm-devel
2.6.0-5.module+el8.4.0+20161+5ecb5b37
Oracle Linux x86_64
Module idm:DL1 is enabled
bind-dyndb-ldap
11.6-2.module+el8.4.0+20088+3d202164
custodia
0.6.0-3.module+el8.3.0+7868+2151076c
ipa-client
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-client-common
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-client-epn
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-client-samba
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-common
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-healthcheck
0.7-6.module+el8.5.0+20379+1b4496cf
ipa-healthcheck-core
0.7-6.module+el8.5.0+20379+1b4496cf
ipa-python-compat
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-selinux
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-server
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-server-common
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-server-dns
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
ipa-server-trust-ad
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
opendnssec
2.1.7-1.module+el8.4.0+20088+3d202164
python3-custodia
0.6.0-3.module+el8.3.0+7868+2151076c
python3-ipaclient
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
python3-ipalib
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
python3-ipaserver
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
python3-ipatests
4.9.6-10.0.1.module+el8.5.0+20451+6c55862e
python3-jwcrypto
0.5.0-1.module+el8.3.0+7868+2151076c
python3-kdcproxy
0.4-5.module+el8.3.0+7868+2151076c
python3-pyusb
1.0.0-9.module+el8.3.0+7868+2151076c
python3-qrcode
5.1-12.module+el8.3.0+7868+2151076c
python3-qrcode-core
5.1-12.module+el8.3.0+7868+2151076c
python3-yubico
1.3.2-9.module+el8.3.0+7868+2151076c
slapi-nis
0.56.6-4.module+el8.5.0+20418+88e16a2c
softhsm
2.6.0-5.module+el8.4.0+20161+5ecb5b37
softhsm-devel
2.6.0-5.module+el8.4.0+20161+5ecb5b37
Связанные CVE
Связанные уязвимости
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
A flaw was found in the way Samba, as an Active Directory Domain Contr ...