Red Hat Product Errata RHSA-2021:0860 - Security Advisory

Issued:: 2021-03-16
Updated:: 2021-03-16

RHSA-2021:0860 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: ipa security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for ipa is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

jquery: Passing HTML containing

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

cannot issue certs with multiple IP addresses corresponding to different hosts (BZ#1846349)
CA-less install does not set required permissions on KDC certificate (BZ#1863619)
IdM Web UI shows users as disabled (BZ#1884819)
Authentication and login times are over several seconds due to unindexed ipaExternalMember (BZ#1892793)
improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find (BZ#1895197)
IPA WebUI inaccessible after upgrading to RHEL 8.3 - idoverride-memberof.js missing (BZ#1897253)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 1846349 - cannot issue certs with multiple IP addresses corresponding to different hosts [rhel-7.9.z]
BZ - 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution
BZ - 1863619 - CA-less install does not set required permissions on KDC certificate [rhel-7.9.z]
BZ - 1884819 - IdM Web UI shows users as disabled [rhel-7.9.z]
BZ - 1892793 - Authentication and login times are over several seconds due to unindexed ipaExternalMember [rhel-7.9.z]
BZ - 1895197 - improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find [rhel-7.9.z]
BZ - 1897253 - IPA WebUI inaccessible after upgrading to RHEL 8.3 - idoverride-memberof.js missing [rhel-7.9.z]

CVEs

CVE-2020-11023

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
ipa-4.6.8-5.el7_9.4.src.rpm	SHA-256: 85b7021e03894338ead61846d84a3abc2aa55b51a941937c0fa88420cc7b8257
x86_64
ipa-client-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: 681a174dad5572c4301e663fdf4ece31bd52a327e42b1f445b147c83194b38c0
ipa-client-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 81eb15a30907fad798ff8af51583d047c4317ed4a84345723e453abeb70056cf
ipa-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ce98ebaaccc6d5be6b9d4a768c9258c1924020bdb2743be3869ac2d7be6f1509
ipa-debuginfo-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: 63009b3aafcf0e2f20df0e38698ead509f7da25dbf5680a50f8d553e677b3bf0
ipa-python-compat-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 87201b550f4f6f1ccd2cc124b1568a2f8f2a044a142eca3d7779bf1794d5337d
ipa-server-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: b8f4c96494a8b439210a6b27baf992df7f5af427d41f41a08a35ffe0fc9f2888
ipa-server-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: a6aa849dfde184df958ad861c2422fad1b931177215abe4d6f075276044ccbc4
ipa-server-dns-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 17476f677c4fe22afa78e83d1bf9545a07ad9bb04d5face105b0758cbb25f5c7
ipa-server-trust-ad-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: d4831c56fa5e0bb494bceb2078ba38ff3c01c3a9b548106065bacb41253872d5
python2-ipaclient-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 642700b120a307a976d7d21ecf0d7c8a6e4546d1e2a395ad307c9867c02afc26
python2-ipalib-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ae39a7dacd5535106d01fc3f425d74b99f53427e40f6e4aa3a30d6b80b6296a7
python2-ipaserver-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 11bdd90e8bbc8ee90849addc9a66ff2bf6e92fabe1942ad3be267e27be78ee10

Red Hat Enterprise Linux Workstation 7

SRPM
ipa-4.6.8-5.el7_9.4.src.rpm	SHA-256: 85b7021e03894338ead61846d84a3abc2aa55b51a941937c0fa88420cc7b8257
x86_64
ipa-client-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: 681a174dad5572c4301e663fdf4ece31bd52a327e42b1f445b147c83194b38c0
ipa-client-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 81eb15a30907fad798ff8af51583d047c4317ed4a84345723e453abeb70056cf
ipa-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ce98ebaaccc6d5be6b9d4a768c9258c1924020bdb2743be3869ac2d7be6f1509
ipa-debuginfo-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: 63009b3aafcf0e2f20df0e38698ead509f7da25dbf5680a50f8d553e677b3bf0
ipa-python-compat-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 87201b550f4f6f1ccd2cc124b1568a2f8f2a044a142eca3d7779bf1794d5337d
ipa-server-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: b8f4c96494a8b439210a6b27baf992df7f5af427d41f41a08a35ffe0fc9f2888
ipa-server-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: a6aa849dfde184df958ad861c2422fad1b931177215abe4d6f075276044ccbc4
ipa-server-dns-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 17476f677c4fe22afa78e83d1bf9545a07ad9bb04d5face105b0758cbb25f5c7
ipa-server-trust-ad-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: d4831c56fa5e0bb494bceb2078ba38ff3c01c3a9b548106065bacb41253872d5
python2-ipaclient-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 642700b120a307a976d7d21ecf0d7c8a6e4546d1e2a395ad307c9867c02afc26
python2-ipalib-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ae39a7dacd5535106d01fc3f425d74b99f53427e40f6e4aa3a30d6b80b6296a7
python2-ipaserver-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 11bdd90e8bbc8ee90849addc9a66ff2bf6e92fabe1942ad3be267e27be78ee10

Red Hat Enterprise Linux Desktop 7

SRPM
ipa-4.6.8-5.el7_9.4.src.rpm	SHA-256: 85b7021e03894338ead61846d84a3abc2aa55b51a941937c0fa88420cc7b8257
x86_64
ipa-client-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: 681a174dad5572c4301e663fdf4ece31bd52a327e42b1f445b147c83194b38c0
ipa-client-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 81eb15a30907fad798ff8af51583d047c4317ed4a84345723e453abeb70056cf
ipa-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ce98ebaaccc6d5be6b9d4a768c9258c1924020bdb2743be3869ac2d7be6f1509
ipa-debuginfo-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: 63009b3aafcf0e2f20df0e38698ead509f7da25dbf5680a50f8d553e677b3bf0
ipa-debuginfo-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: 63009b3aafcf0e2f20df0e38698ead509f7da25dbf5680a50f8d553e677b3bf0
ipa-python-compat-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 87201b550f4f6f1ccd2cc124b1568a2f8f2a044a142eca3d7779bf1794d5337d
ipa-server-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: b8f4c96494a8b439210a6b27baf992df7f5af427d41f41a08a35ffe0fc9f2888
ipa-server-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: a6aa849dfde184df958ad861c2422fad1b931177215abe4d6f075276044ccbc4
ipa-server-dns-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 17476f677c4fe22afa78e83d1bf9545a07ad9bb04d5face105b0758cbb25f5c7
ipa-server-trust-ad-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: d4831c56fa5e0bb494bceb2078ba38ff3c01c3a9b548106065bacb41253872d5
python2-ipaclient-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 642700b120a307a976d7d21ecf0d7c8a6e4546d1e2a395ad307c9867c02afc26
python2-ipalib-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ae39a7dacd5535106d01fc3f425d74b99f53427e40f6e4aa3a30d6b80b6296a7
python2-ipaserver-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 11bdd90e8bbc8ee90849addc9a66ff2bf6e92fabe1942ad3be267e27be78ee10

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
ipa-4.6.8-5.el7_9.4.src.rpm	SHA-256: 85b7021e03894338ead61846d84a3abc2aa55b51a941937c0fa88420cc7b8257
s390x
ipa-client-4.6.8-5.el7_9.4.s390x.rpm	SHA-256: 78522089171cab09aa0f7a2e1a9ebba29cd9ec27b6b36971e8f28fb035debd24
ipa-client-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 81eb15a30907fad798ff8af51583d047c4317ed4a84345723e453abeb70056cf
ipa-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ce98ebaaccc6d5be6b9d4a768c9258c1924020bdb2743be3869ac2d7be6f1509
ipa-debuginfo-4.6.8-5.el7_9.4.s390x.rpm	SHA-256: 05c7222d1a0c5c0ab983b4cc6ab2ffd158505fc19a5086bfcbeed79eb8fe2ff5
ipa-python-compat-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 87201b550f4f6f1ccd2cc124b1568a2f8f2a044a142eca3d7779bf1794d5337d
python2-ipaclient-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 642700b120a307a976d7d21ecf0d7c8a6e4546d1e2a395ad307c9867c02afc26
python2-ipalib-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ae39a7dacd5535106d01fc3f425d74b99f53427e40f6e4aa3a30d6b80b6296a7

Red Hat Enterprise Linux for Power, big endian 7

SRPM
ipa-4.6.8-5.el7_9.4.src.rpm	SHA-256: 85b7021e03894338ead61846d84a3abc2aa55b51a941937c0fa88420cc7b8257
ppc64
ipa-client-4.6.8-5.el7_9.4.ppc64.rpm	SHA-256: 6a393346724a9a3f8494d1a5d48b58426ea05e48b5fb0ebd620fe44b811110ff
ipa-client-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 81eb15a30907fad798ff8af51583d047c4317ed4a84345723e453abeb70056cf
ipa-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ce98ebaaccc6d5be6b9d4a768c9258c1924020bdb2743be3869ac2d7be6f1509
ipa-debuginfo-4.6.8-5.el7_9.4.ppc64.rpm	SHA-256: d89935592790b5ced63fcc2c5c4c98538106646ddc86a9654d61daf5c1bc335a
ipa-python-compat-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 87201b550f4f6f1ccd2cc124b1568a2f8f2a044a142eca3d7779bf1794d5337d
python2-ipaclient-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 642700b120a307a976d7d21ecf0d7c8a6e4546d1e2a395ad307c9867c02afc26
python2-ipalib-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ae39a7dacd5535106d01fc3f425d74b99f53427e40f6e4aa3a30d6b80b6296a7

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
ipa-4.6.8-5.el7_9.4.src.rpm	SHA-256: 85b7021e03894338ead61846d84a3abc2aa55b51a941937c0fa88420cc7b8257
x86_64
ipa-client-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: 681a174dad5572c4301e663fdf4ece31bd52a327e42b1f445b147c83194b38c0
ipa-client-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 81eb15a30907fad798ff8af51583d047c4317ed4a84345723e453abeb70056cf
ipa-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ce98ebaaccc6d5be6b9d4a768c9258c1924020bdb2743be3869ac2d7be6f1509
ipa-debuginfo-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: 63009b3aafcf0e2f20df0e38698ead509f7da25dbf5680a50f8d553e677b3bf0
ipa-debuginfo-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: 63009b3aafcf0e2f20df0e38698ead509f7da25dbf5680a50f8d553e677b3bf0
ipa-python-compat-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 87201b550f4f6f1ccd2cc124b1568a2f8f2a044a142eca3d7779bf1794d5337d
ipa-server-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: b8f4c96494a8b439210a6b27baf992df7f5af427d41f41a08a35ffe0fc9f2888
ipa-server-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: a6aa849dfde184df958ad861c2422fad1b931177215abe4d6f075276044ccbc4
ipa-server-dns-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 17476f677c4fe22afa78e83d1bf9545a07ad9bb04d5face105b0758cbb25f5c7
ipa-server-trust-ad-4.6.8-5.el7_9.4.x86_64.rpm	SHA-256: d4831c56fa5e0bb494bceb2078ba38ff3c01c3a9b548106065bacb41253872d5
python2-ipaclient-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 642700b120a307a976d7d21ecf0d7c8a6e4546d1e2a395ad307c9867c02afc26
python2-ipalib-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ae39a7dacd5535106d01fc3f425d74b99f53427e40f6e4aa3a30d6b80b6296a7
python2-ipaserver-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 11bdd90e8bbc8ee90849addc9a66ff2bf6e92fabe1942ad3be267e27be78ee10

Red Hat Enterprise Linux for Power, little endian 7

SRPM
ipa-4.6.8-5.el7_9.4.src.rpm	SHA-256: 85b7021e03894338ead61846d84a3abc2aa55b51a941937c0fa88420cc7b8257
ppc64le
ipa-client-4.6.8-5.el7_9.4.ppc64le.rpm	SHA-256: f7545e74de88f841715a19310051c9d33f45f3bca41cf46129681d0d373f65e9
ipa-client-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 81eb15a30907fad798ff8af51583d047c4317ed4a84345723e453abeb70056cf
ipa-common-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ce98ebaaccc6d5be6b9d4a768c9258c1924020bdb2743be3869ac2d7be6f1509
ipa-debuginfo-4.6.8-5.el7_9.4.ppc64le.rpm	SHA-256: 72e5cc26060ab544300769f4c149a0ecd0f36a6c52406432504f19049bbb92c2
ipa-python-compat-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 87201b550f4f6f1ccd2cc124b1568a2f8f2a044a142eca3d7779bf1794d5337d
python2-ipaclient-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: 642700b120a307a976d7d21ecf0d7c8a6e4546d1e2a395ad307c9867c02afc26
python2-ipalib-4.6.8-5.el7_9.4.noarch.rpm	SHA-256: ae39a7dacd5535106d01fc3f425d74b99f53427e40f6e4aa3a30d6b80b6296a7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories