Oval Definition:oval:com.redhat.rhsa:def:20203936
Revision Date:2020-09-29Version:637
Title:RHSA-2020:3936: ipa security, bug fix, and enhancement update (Moderate)
Description:Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

  • The following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)

    Security Fix(es):

  • js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)

  • bootstrap: XSS in the data-target attribute (CVE-2016-10735)

  • bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)

  • bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)

  • bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)

  • bootstrap: XSS in the affix configuration target property (CVE-2018-20677)

  • bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

  • js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)

  • jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)

  • ipa: No password length restriction leads to denial of service (CVE-2020-1722)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2015-9251
    CVE-2016-10735
    CVE-2018-14040
    CVE-2018-14042
    CVE-2018-20676
    CVE-2018-20677
    CVE-2019-11358
    CVE-2019-8331
    CVE-2020-11022
    CVE-2020-1722
    RHSA-2020:3936
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • ipa-client is earlier than 0:4.6.8-5.el7
  • AND ipa-client is signed with Red Hat redhatrelease2 key
  • ipa-client-common is earlier than 0:4.6.8-5.el7
  • AND ipa-client-common is signed with Red Hat redhatrelease2 key
  • ipa-common is earlier than 0:4.6.8-5.el7
  • AND ipa-common is signed with Red Hat redhatrelease2 key
  • ipa-python-compat is earlier than 0:4.6.8-5.el7
  • AND ipa-python-compat is signed with Red Hat redhatrelease2 key
  • ipa-server is earlier than 0:4.6.8-5.el7
  • AND ipa-server is signed with Red Hat redhatrelease2 key
  • ipa-server-common is earlier than 0:4.6.8-5.el7
  • AND ipa-server-common is signed with Red Hat redhatrelease2 key
  • ipa-server-dns is earlier than 0:4.6.8-5.el7
  • AND ipa-server-dns is signed with Red Hat redhatrelease2 key
  • ipa-server-trust-ad is earlier than 0:4.6.8-5.el7
  • AND ipa-server-trust-ad is signed with Red Hat redhatrelease2 key
  • python2-ipaclient is earlier than 0:4.6.8-5.el7
  • AND python2-ipaclient is signed with Red Hat redhatrelease2 key
  • python2-ipalib is earlier than 0:4.6.8-5.el7
  • AND python2-ipalib is signed with Red Hat redhatrelease2 key
  • python2-ipaserver is earlier than 0:4.6.8-5.el7
  • AND python2-ipaserver is signed with Red Hat redhatrelease2 key
    • BACK