Oval Definition:oval:com.redhat.rhsa:def:20161797
Revision Date:2016-09-01Version:637
Title:RHSA-2016:1797: ipa security update (Moderate)
Description:Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

  • An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack. (CVE-2016-5404)

    This issue was discovered by Fraser Tweedale (Red Hat).
    • Family:unixClass:patch
    Status:Reference(s):CVE-2016-5404
    RHSA-2016:1797
    RHSA-2016:1797-00
    RHSA-2016:1797-01
    RHSA-2016:1797-01
    Platform(s):Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • ipa-admintools is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-admintools is signed with Red Hat redhatrelease2 key
  • ipa-client is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-client is signed with Red Hat redhatrelease2 key
  • ipa-python is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-python is signed with Red Hat redhatrelease2 key
  • ipa-server is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-server is signed with Red Hat redhatrelease2 key
  • ipa-server-dns is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-server-dns is signed with Red Hat redhatrelease2 key
  • ipa-server-trust-ad is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-server-trust-ad is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • ipa-admintools is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-admintools is signed with Red Hat redhatrelease2 key
  • ipa-client is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-client is signed with Red Hat redhatrelease2 key
  • ipa-python is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-python is signed with Red Hat redhatrelease2 key
  • ipa-server is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-server is signed with Red Hat redhatrelease2 key
  • ipa-server-selinux is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-server-selinux is signed with Red Hat redhatrelease2 key
  • ipa-server-trust-ad is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-server-trust-ad is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND
  • ipa is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa is signed with Red Hat redhatrelease2 key
  • ipa-admintools is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-admintools is signed with Red Hat redhatrelease2 key
  • ipa-client is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-client is signed with Red Hat redhatrelease2 key
  • ipa-python is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-python is signed with Red Hat redhatrelease2 key
  • ipa-server is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-server is signed with Red Hat redhatrelease2 key
  • ipa-server-dns is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-server-dns is signed with Red Hat redhatrelease2 key
  • ipa-server-trust-ad is earlier than 0:4.2.0-15.el7_2.19
  • AND ipa-server-trust-ad is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • ipa is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa is signed with Red Hat redhatrelease2 key
  • ipa-admintools is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-admintools is signed with Red Hat redhatrelease2 key
  • ipa-client is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-client is signed with Red Hat redhatrelease2 key
  • ipa-python is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-python is signed with Red Hat redhatrelease2 key
  • ipa-server is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-server is signed with Red Hat redhatrelease2 key
  • ipa-server-selinux is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-server-selinux is signed with Red Hat redhatrelease2 key
  • ipa-server-trust-ad is earlier than 0:3.0.0-50.el6_8.2
  • AND ipa-server-trust-ad is signed with Red Hat redhatrelease2 key
    • BACK