ipa-4.10.2-5.el9_3.ML.1
エラータID: AXSA:2024-7393:01
リリース日:
2024/01/15 Monday - 11:27
題名:
ipa-4.10.2-5.el9_3.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- IPA の ipa/session/login_password には、リモートの攻撃者
により、利用者に不正なリクエストを送信させることを介して、
クロスサイトリクエストフォージェリ (CSRF) 攻撃を可能と
する脆弱性が存在します。(CVE-2023-5455)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-5455
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
追加情報:
N/A
ダウンロード:
SRPMS
- ipa-4.10.2-5.el9_3.ML.1.src.rpm
MD5: e051adda18884cb2658c625223f8aef7
SHA-256: 32fbc1aede07f5b306b221b14c49b7f95c31eed6443572871d0f64ead1130ae7
Size: 13.82 MB
Asianux Server 9 for x86_64
- ipa-client-4.10.2-5.el9_3.ML.1.x86_64.rpm
MD5: 540c9db99354d87f843c87d0ff25f750
SHA-256: 37bebbfb5dd49632ef4cf23ae7462c8e269cdc4d0ec01d2e42047dc7077d423b
Size: 126.15 kB - ipa-client-common-4.10.2-5.el9_3.ML.1.noarch.rpm
MD5: a50d27c763ad1d36db3eb6a040ceb90b
SHA-256: 3501ce938ae34892583450ab57b5c2341f7531a2b523d1ab9283d5a862ab7946
Size: 41.12 kB - ipa-client-epn-4.10.2-5.el9_3.ML.1.x86_64.rpm
MD5: 22c49ca027029fd873f80042b5476ee1
SHA-256: 106c18940b6e148f667dddcd112511dce73fa5c8aaca0f79fdb42ee63603ef6a
Size: 40.47 kB - ipa-client-samba-4.10.2-5.el9_3.ML.1.x86_64.rpm
MD5: acc778481905099f8c2147400e04ebda
SHA-256: 23d6fe4668795879ce940f7b758300d765b3685733cd4922c9dcc8f98c971cd6
Size: 35.85 kB - ipa-common-4.10.2-5.el9_3.ML.1.noarch.rpm
MD5: 4cffedbf9d7bec492aaa75212b38f0ef
SHA-256: 67219f421642c204ea762724271f4310e3684fde395731dd9150b2af6c442d46
Size: 651.08 kB - ipa-selinux-4.10.2-5.el9_3.ML.1.noarch.rpm
MD5: fb690a7b2c176d99e40dd5beebdf9a38
SHA-256: b150571b41f0f448099ab2094a6469ece4f1d43bdb2a40a7c6eb44aa8c0a76a2
Size: 34.13 kB - ipa-server-4.10.2-5.el9_3.ML.1.x86_64.rpm
MD5: 52b22faa273eb3d10b76e889b4c90f97
SHA-256: 84784936fbe2d67ab919558e584503b35944d0c7041959df50ec4e1c5a8af6b2
Size: 386.02 kB - ipa-server-common-4.10.2-5.el9_3.ML.1.noarch.rpm
MD5: e68e70637e8751e6270f55640c245a50
SHA-256: 23bcce6f7f6bdd585002b210d7e982f4f6beb594eb2ff54d4bb06699f26ddf69
Size: 442.10 kB - ipa-server-dns-4.10.2-5.el9_3.ML.1.noarch.rpm
MD5: a2471d9cb3b1de086c5db9a877f16b51
SHA-256: 7430de2e46fa77f9ec25c3ed72402cee82ed7567ab464b574ff4c6bc1c8b9395
Size: 49.51 kB - ipa-server-trust-ad-4.10.2-5.el9_3.ML.1.x86_64.rpm
MD5: 1533fd9c5d684eb9a204760cc4bdfb84
SHA-256: a78070926ba8b6c822ca18b8646a54ec8251666293e65024665aed5cdca2330b
Size: 150.04 kB - python3-ipaclient-4.10.2-5.el9_3.ML.1.noarch.rpm
MD5: d31a17a2d63d96539608a7cad719fdb9
SHA-256: 4be94fb21af78447b5257f36927f0845cb7cb10bad04c1bce7c76974716d12da
Size: 489.74 kB - python3-ipalib-4.10.2-5.el9_3.ML.1.noarch.rpm
MD5: f7a288c8a0b56829ffbccb8797c37749
SHA-256: 3c5c29d20ab31f9bcf8a099e5b6b94aa1420da1dffbb98d889dd4ad59f069309
Size: 585.61 kB - python3-ipaserver-4.10.2-5.el9_3.ML.1.noarch.rpm
MD5: 9da789a1a09313c2c08c76b5dc4e5cbe
SHA-256: e0680cb73c1466ff0b1edbf8375118ffcef79c9f5130ae10c7519a06e33af109
Size: 1.34 MB - python3-ipatests-4.10.2-5.el9_3.ML.1.noarch.rpm
MD5: d3c5d9f22fb8b39e491bc47a2696dd9e
SHA-256: 5332898a5869ce33074958447be1c3130877208c83e13e06ff9243688efc9d9e
Size: 1.47 MB