ELSA-2021-5195

Опубликовано: 17 дек. 2021

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2021-5195: ipa security and bug fix update (MODERATE)

[4.6.8-5.0.1]

Blank out header-logo.png product-name.png
Replace login-screen-logo.png [Orabug: 20362818]

[4.6.8-5.el7_9.10]

Resolves: 2025848 - RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server
- Fix cert_request for KDC cert
Resolves: 2021444 - CVE-2020-25719 ipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
- SMB: switch IPA domain controller role

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

ipa-client

4.6.8-5.0.1.el7_9.10

ipa-client-common

4.6.8-5.0.1.el7_9.10

ipa-common

4.6.8-5.0.1.el7_9.10

ipa-python-compat

4.6.8-5.0.1.el7_9.10

ipa-server

4.6.8-5.0.1.el7_9.10

ipa-server-common

4.6.8-5.0.1.el7_9.10

ipa-server-dns

4.6.8-5.0.1.el7_9.10

ipa-server-trust-ad

4.6.8-5.0.1.el7_9.10

python2-ipaclient

4.6.8-5.0.1.el7_9.10

python2-ipalib

4.6.8-5.0.1.el7_9.10

python2-ipaserver

4.6.8-5.0.1.el7_9.10

Oracle Linux x86_64

ipa-client

4.6.8-5.0.1.el7_9.10

ipa-client-common

4.6.8-5.0.1.el7_9.10

ipa-common

4.6.8-5.0.1.el7_9.10

ipa-python-compat

4.6.8-5.0.1.el7_9.10

ipa-server

4.6.8-5.0.1.el7_9.10

ipa-server-common

4.6.8-5.0.1.el7_9.10

ipa-server-dns

4.6.8-5.0.1.el7_9.10

ipa-server-trust-ad

4.6.8-5.0.1.el7_9.10

python2-ipaclient

4.6.8-5.0.1.el7_9.10

python2-ipalib

4.6.8-5.0.1.el7_9.10

python2-ipaserver

4.6.8-5.0.1.el7_9.10

Связанные CVE

CVE-2020-25719

Ссылки на источники

Связанные уязвимости

CVE-2020-25719

CVSS3: 7.2

ubuntu

больше 3 лет назад

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.