Oval Definition:oval:com.redhat.rhsa:def:20170001
Revision Date:2017-01-02Version:637
Title:RHSA-2017:0001: ipa security update (Moderate)
Description:Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

  • It was discovered that the default IdM password policies that lock out accounts after a certain number of failed login attempts were also applied to host and service accounts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services. (CVE-2016-7030)

  • It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. (CVE-2016-9575)

    The CVE-2016-7030 issue was discovered by Petr Spacek (Red Hat) and the CVE-2016-9575 issue was discovered by Liam Campbell (Red Hat).
    • Family:unixClass:patch
    Status:Reference(s):CVE-2016-7030
    CVE-2016-9575
    RHSA-2017:0001
    RHSA-2017:0001-00
    RHSA-2017:0001-01
    RHSA-2017:0001-01
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • ipa-admintools is earlier than 0:4.4.0-14.el7_3.1.1
  • AND ipa-admintools is signed with Red Hat redhatrelease2 key
  • ipa-client is earlier than 0:4.4.0-14.el7_3.1.1
  • AND ipa-client is signed with Red Hat redhatrelease2 key
  • ipa-client-common is earlier than 0:4.4.0-14.el7_3.1.1
  • AND ipa-client-common is signed with Red Hat redhatrelease2 key
  • ipa-common is earlier than 0:4.4.0-14.el7_3.1.1
  • AND ipa-common is signed with Red Hat redhatrelease2 key
  • ipa-python-compat is earlier than 0:4.4.0-14.el7_3.1.1
  • AND ipa-python-compat is signed with Red Hat redhatrelease2 key
  • ipa-server is earlier than 0:4.4.0-14.el7_3.1.1
  • AND ipa-server is signed with Red Hat redhatrelease2 key
  • ipa-server-common is earlier than 0:4.4.0-14.el7_3.1.1
  • AND ipa-server-common is signed with Red Hat redhatrelease2 key
  • ipa-server-dns is earlier than 0:4.4.0-14.el7_3.1.1
  • AND ipa-server-dns is signed with Red Hat redhatrelease2 key
  • ipa-server-trust-ad is earlier than 0:4.4.0-14.el7_3.1.1
  • AND ipa-server-trust-ad is signed with Red Hat redhatrelease2 key
  • python2-ipaclient is earlier than 0:4.4.0-14.el7_3.1.1
  • AND python2-ipaclient is signed with Red Hat redhatrelease2 key
  • python2-ipalib is earlier than 0:4.4.0-14.el7_3.1.1
  • AND python2-ipalib is signed with Red Hat redhatrelease2 key
  • python2-ipaserver is earlier than 0:4.4.0-14.el7_3.1.1
  • AND python2-ipaserver is signed with Red Hat redhatrelease2 key
    • BACK