Описание
ELSA-2025-0334: ipa security update (MODERATE)
[4.12.2-1.0.1.3]
- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]
- Add bind to ipa-server-common Requires [Orabug: 36518596]
[4.12.2-1.3]
- Resolves: RHEL-69928 add support for python cryptography 44.0.0
- Resolves: RHEL-70258 Upgrade to ipa-server-4.12.2-1.el9 OTP-based bind to LDAP without enforceldapotp is broken
- Resolves: RHEL-70482 ipa-server-upgrade fails after established trust with ad
- Resolves: RHEL-67192 CVE-2024-11029 ipa: Administrative user data leaked through systemd journal
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
python3-ipatests
4.12.2-1.0.1.el9_5.3
ipa-client
4.12.2-1.0.1.el9_5.3
ipa-client-common
4.12.2-1.0.1.el9_5.3
ipa-client-epn
4.12.2-1.0.1.el9_5.3
ipa-client-samba
4.12.2-1.0.1.el9_5.3
ipa-common
4.12.2-1.0.1.el9_5.3
ipa-selinux
4.12.2-1.0.1.el9_5.3
ipa-selinux-luna
4.12.2-1.0.1.el9_5.3
ipa-selinux-nfast
4.12.2-1.0.1.el9_5.3
ipa-server
4.12.2-1.0.1.el9_5.3
ipa-server-common
4.12.2-1.0.1.el9_5.3
ipa-server-dns
4.12.2-1.0.1.el9_5.3
ipa-server-trust-ad
4.12.2-1.0.1.el9_5.3
python3-ipaclient
4.12.2-1.0.1.el9_5.3
python3-ipalib
4.12.2-1.0.1.el9_5.3
python3-ipaserver
4.12.2-1.0.1.el9_5.3
Oracle Linux x86_64
ipa-client
4.12.2-1.0.1.el9_5.3
ipa-client-common
4.12.2-1.0.1.el9_5.3
ipa-client-epn
4.12.2-1.0.1.el9_5.3
ipa-client-samba
4.12.2-1.0.1.el9_5.3
ipa-common
4.12.2-1.0.1.el9_5.3
ipa-selinux
4.12.2-1.0.1.el9_5.3
ipa-selinux-luna
4.12.2-1.0.1.el9_5.3
ipa-selinux-nfast
4.12.2-1.0.1.el9_5.3
ipa-server
4.12.2-1.0.1.el9_5.3
ipa-server-common
4.12.2-1.0.1.el9_5.3
ipa-server-dns
4.12.2-1.0.1.el9_5.3
ipa-server-trust-ad
4.12.2-1.0.1.el9_5.3
python3-ipaclient
4.12.2-1.0.1.el9_5.3
python3-ipalib
4.12.2-1.0.1.el9_5.3
python3-ipaserver
4.12.2-1.0.1.el9_5.3
python3-ipatests
4.12.2-1.0.1.el9_5.3
Связанные CVE
Связанные уязвимости
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.
A flaw was found in the FreeIPA API audit, where it sends the whole Fr ...
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.