ipa-4.6.8-5.4.0.1.el7.AXS7

エラータID: AXSA:2021-1615:01

Release date: 
Friday, March 26, 2021 - 03:07
Subject: 
ipa-4.6.8-5.4.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Asianux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

* jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* cannot issue certs with multiple IP addresses corresponding to different hosts
* CA-less install does not set required permissions on KDC certificate
* IdM Web UI shows users as disabled
* Authentication and login times are over several seconds due to unindexed ipaExternalMember
* improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find
* IPA WebUI inaccessible after upgrading - idoverride-memberof.js missing

CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Solution: 

Update packages.

CVEs: 
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing
Additional Info: 

N/A

Download: 

SRPMS
  1. ipa-4.6.8-5.4.0.1.el7.AXS7.src.rpm
    MD5: 4f7b86a8aa58b98151aad3277c064bc5
    SHA-256: de242859a751f1c1a0b3b22315a2296fe388436d9e4df97ea1b5654a363b3c2b
    Size: 11.01 MB

Asianux Server 7 for x86_64
  1. ipa-client-4.6.8-5.4.0.1.el7.AXS7.x86_64.rpm
    MD5: c836071dd992dcacfe72e1de9355054b
    SHA-256: adc0e2ae9f3f512450a1a9f907c3fa4e5e9c306acba6f750673f863e2918554a
    Size: 288.08 kB
  2. ipa-client-common-4.6.8-5.4.0.1.el7.AXS7.noarch.rpm
    MD5: d5ae27183eddf988187022c20338632b
    SHA-256: 5bdae5dc696da5e04cf94c36ed3b44b7985abf9544658890036d379f0eb573ff
    Size: 193.60 kB
  3. ipa-common-4.6.8-5.4.0.1.el7.AXS7.noarch.rpm
    MD5: dff0ced177f6f7fce386ca1dfabfd939
    SHA-256: 471c63dd660b8b0c7e1791b9172eb439f556e218468e794dc498993581ceee0c
    Size: 619.80 kB
  4. ipa-python-compat-4.6.8-5.4.0.1.el7.AXS7.noarch.rpm
    MD5: 72d51ce34178ad6301b45b35e8d05496
    SHA-256: 3cb16bc52c3ffd39a3c6721967d3f565ee3ca7c6026503cb756064b8d285a49c
    Size: 187.46 kB
  5. ipa-server-4.6.8-5.4.0.1.el7.AXS7.x86_64.rpm
    MD5: ce8874359870a8d36ca8f50c543cda07
    SHA-256: 5c973436bacf93ff3dd4048e02a5ccd6cec35c53e07a49c13f5a43e3a4420516
    Size: 531.12 kB
  6. ipa-server-common-4.6.8-5.4.0.1.el7.AXS7.noarch.rpm
    MD5: 0777a64c3c809cadee4878db9eb5388a
    SHA-256: 6d61f4c183ae1fecd57f9399ec150ef59d17f745be68f173e2fd8455cbf90ad3
    Size: 704.69 kB
  7. ipa-server-dns-4.6.8-5.4.0.1.el7.AXS7.noarch.rpm
    MD5: 5835b59664dd2e076fd06fa5f355ffa8
    SHA-256: 3121203266d413fb72483b30724e58cef01eaa7da1730f8e2fb0df29f1a23874
    Size: 191.36 kB
  8. ipa-server-trust-ad-4.6.8-5.4.0.1.el7.AXS7.x86_64.rpm
    MD5: c23d7e874ef537c34e912d223f63787a
    SHA-256: 81030c73bb06fac5d2e4dda3788e671373e82c0b7d0935f3fd5cf1e1925f092e
    Size: 281.60 kB
  9. python2-ipaclient-4.6.8-5.4.0.1.el7.AXS7.noarch.rpm
    MD5: 9901dd2e83c3611efcc95c635056d229
    SHA-256: a61715d415944a0e0cd356ed340d5f292dd7e5c6f733707a4fe9dd9c10b74b4a
    Size: 702.67 kB
  10. python2-ipalib-4.6.8-5.4.0.1.el7.AXS7.noarch.rpm
    MD5: 884efcdacbebb1e1675942a6a8932033
    SHA-256: c850b5a6acc7f52e7cdd86781e061dad107b85b38188782a2fa19aa25b5e9825
    Size: 684.99 kB
  11. python2-ipaserver-4.6.8-5.4.0.1.el7.AXS7.noarch.rpm
    MD5: 42995ddebf3ec9542c69541b1a925511
    SHA-256: ed5d235dbd9ce4235e357dc26d42ea5bad3432d54b0e43554a892300a3f12e81
    Size: 1.54 MB