idm:client security update

エラータID: AXSA:2024-8409:01

Release date: 
Friday, September 13, 2024 - 13:42
Subject: 
idm:client security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Asianux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

* JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681)
* python-jwcrypto: malicious JWE token can cause denial of service (CVE-2024-28102)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-6681
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
CVE-2024-28102
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length.

Modularity name: "idm"
Stream name: "client"

Solution: 

Update packages.

CVEs: 
CVE-2023-6681
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
CVE-2024-28102
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length.
Additional Info: 

N/A

Download: 

SRPMS
  1. bind-dyndb-ldap-11.6-5.module+el8+1770+d144b7a8.ML.2.src.rpm
    MD5: 5b36d022056815829dc39a3372aa7375
    SHA-256: 7059fe3f8caf53344227ff73c2c55d6842eebbbec2d01353603ee7a84ed2725d
    Size: 370.62 kB
  2. custodia-0.6.0-3.module+el8+1770+d144b7a8.src.rpm
    MD5: 9bf44d64737322d6f895f7f89b5e8f17
    SHA-256: 6d684b2ba6199c675101f19d11813de1b0cf1e18b6dd5f50953be5c5d0bc39dc
    Size: 144.66 kB
  3. ipa-healthcheck-0.12-3.module+el8+1770+d144b7a8.src.rpm
    MD5: 81365d273d255f95050fa17bd960eae2
    SHA-256: 08e6b721dbd7b77a9f33c7c38b09d52ac5b5ad3358e76136621d443545aa41e2
    Size: 130.66 kB
  4. ipa-4.9.13-9.module+el8+1770+d144b7a8.src.rpm
    MD5: 8f13f0dbae8b96587b7fc1a4f45d0eba
    SHA-256: 91893f6b0db9f5bdba4da7b0f49611eca66745836a34e6d57ad9e96a6cc6cd20
    Size: 13.16 MB
  5. opendnssec-2.1.7-1.module+el8+1770+d144b7a8.src.rpm
    MD5: a7426b82d1ad777010fca4ccd43ec01e
    SHA-256: f57126ea5ee26d61cc53a8b64e1d4471a850a47d0220917062b3e2d914249995
    Size: 1.09 MB
  6. python-jwcrypto-0.5.0-2.module+el8+1770+d144b7a8.src.rpm
    MD5: e3addc785a3fb776d26cd0dcb7db6a4e
    SHA-256: 9be48fc571eddade08bf9b4ebe3f54b5b6a357575372e36beed88cb14c6e176f
    Size: 79.64 kB
  7. python-qrcode-5.1-12.module+el8+1770+d144b7a8.src.rpm
    MD5: 8e0ad8ba2b1cd6fe6ceb7ce9139cd3e4
    SHA-256: a67add545e88610ecc2762e86ff26d8cad5611a3d62c2047aa06575f80afa6af
    Size: 33.37 kB
  8. python-yubico-1.3.2-9.1.module+el8+1770+d144b7a8.src.rpm
    MD5: 2214f37176a16ab569f644c936e9bc9f
    SHA-256: 907e46ca283b9266f7c4d316e2fa013ae4209620e19d6d15e3480b4157384b6c
    Size: 50.84 kB
  9. pyusb-1.0.0-9.1.module+el8+1770+d144b7a8.src.rpm
    MD5: 243fc0cc4b6c31d0fdd467b77ae9a310
    SHA-256: 455f4993871e2be923c4417e57d964d8768bb7237128a6f6c366138e33fc5058
    Size: 78.97 kB
  10. slapi-nis-0.60.0-4.module+el8+1770+d144b7a8.ML.1.src.rpm
    MD5: 38177126e7239df09f0d5e43fb3b0dc5
    SHA-256: cfe8b059c68d422e192d10be4d3506c7ecd53cdc28d68c931de6014745ac6059
    Size: 646.84 kB

Asianux Server 8 for x86_64
  1. ipa-client-4.9.13-9.module+el8+1770+d144b7a8.x86_64.rpm
    MD5: 03c196f7dfdff25fd8d8857e63a6c903
    SHA-256: ee599e058a6e2290b2ffaddbeb40dbed1ee3cc7c89cc6074fae766da5b397d19
    Size: 290.98 kB
  2. ipa-client-common-4.9.13-9.module+el8+1770+d144b7a8.noarch.rpm
    MD5: b30ead5bbcecc676a0fac56320bcd9f4
    SHA-256: 8694cf6a61e4a11bd0f3c507fe6d579829c485c5576752d342fc51f20f08274b
    Size: 192.48 kB
  3. ipa-client-epn-4.9.13-9.module+el8+1770+d144b7a8.x86_64.rpm
    MD5: 4987c251e38e7cfad87f80f2cae85e27
    SHA-256: 5dad409af410ea882eda54dfe02060d305b132f6c747f1e3ac78bde81cc9b41f
    Size: 190.57 kB
  4. ipa-client-samba-4.9.13-9.module+el8+1770+d144b7a8.x86_64.rpm
    MD5: fdbc12fd7328cd873fc7f45d569a7bf6
    SHA-256: 78349c05faf4e2367007243bc65bda0d84800ade089377619f934239088087c7
    Size: 186.11 kB
  5. ipa-common-4.9.13-9.module+el8+1770+d144b7a8.noarch.rpm
    MD5: 68a08180150a7f24379f4735d1071d21
    SHA-256: 4c387292d56b9e07ead2cab889cc90d5f0f6a90cf4e5a99a9fdae6cfdc83eb9b
    Size: 800.50 kB
  6. ipa-debugsource-4.9.13-9.module+el8+1770+d144b7a8.x86_64.rpm
    MD5: f237918683ce86478c0f7d308ca51948
    SHA-256: 168c297cbc14b2717cad8a92a9f7cdaed164267febf0116e6a4574a13308926f
    Size: 507.98 kB
  7. ipa-healthcheck-core-0.12-3.module+el8+1770+d144b7a8.noarch.rpm
    MD5: bc80b19a8433a365bae9640c55269c87
    SHA-256: aa5f1c2f50be0d8395d6ddf8b3924c5133679e9b0ecd1e1b974ce10960971ed9
    Size: 58.89 kB
  8. ipa-python-compat-4.9.13-9.module+el8+1770+d144b7a8.noarch.rpm
    MD5: a27adfd245c9302e25252cb2c658d681
    SHA-256: 1ea11d3e7c5b9ac366a3d7924f66227ab40cb75c56a0024c709822301795a4fd
    Size: 183.92 kB
  9. ipa-selinux-4.9.13-9.module+el8+1770+d144b7a8.noarch.rpm
    MD5: 2ff1571aef18758188903aae6f1e1864
    SHA-256: 55f6ab1d17a2e22a9e2414546b94562523ea4953a93c2839b289493528cd6b87
    Size: 184.43 kB
  10. python3-ipaclient-4.9.13-9.module+el8+1770+d144b7a8.noarch.rpm
    MD5: 42b29629acbde0e9867a98925636a8af
    SHA-256: dc32353be1bfd485531cb47eb7ddc88177330c20557561966e28523c0ea00db7
    Size: 693.74 kB
  11. python3-ipalib-4.9.13-9.module+el8+1770+d144b7a8.noarch.rpm
    MD5: 4d2672e155ad76a8434fc42e24366aac
    SHA-256: d4a64cb202f9a66d4f06496ff081fc80d7a0782d7466ff6729121c02d126f9a2
    Size: 768.35 kB
  12. python3-jwcrypto-0.5.0-2.module+el8+1770+d144b7a8.noarch.rpm
    MD5: 1e64a009c36abf79c671a7b0dbeba4c4
    SHA-256: dec000f17590e7d2612cf8d30c597203420a440385a3f351485ff1a9321d789b
    Size: 64.91 kB
  13. python3-pyusb-1.0.0-9.1.module+el8+1770+d144b7a8.noarch.rpm
    MD5: 45a579d161b749c499ea4fe277ce2d46
    SHA-256: fb41b509a971be589bee7a66321de3877bfada55b681919b4ec10e579899a249
    Size: 86.87 kB
  14. python3-qrcode-5.1-12.module+el8+1770+d144b7a8.noarch.rpm
    MD5: b228c931894fc1e6dc82bd0657a8a688
    SHA-256: 40420add66a707bb7cb4f9fe61224f85fd55e49759b83bcd52906f7c7cc72d91
    Size: 16.32 kB
  15. python3-qrcode-core-5.1-12.module+el8+1770+d144b7a8.noarch.rpm
    MD5: 6c69d1eef3a370de371efa20dd44bff0
    SHA-256: 0b3a923f7251e81dab66ff06ca9781c8d8cdbbb4b6bc295affa61417ac463b82
    Size: 44.43 kB
  16. python3-yubico-1.3.2-9.1.module+el8+1770+d144b7a8.noarch.rpm
    MD5: f378cf3e5aa00700b3aff520b19fab00
    SHA-256: 61e2373cc72462def19413755aa4ddcf73390399770ce38a1e2f9e6d7068b0b5
    Size: 62.21 kB