Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:0378
HistoryFeb 04, 2020 - 5:47 p.m.

(RHSA-2020:0378) Important: ipa security and bug fix update

2020-02-0417:47:43
access.redhat.com
10

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.1%

JSON

Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

  • ipa: Denial of service in IPA server due to wrong use of ber_scanf() (CVE-2019-14867)

  • ipa: Batch API logging user passwords to /var/log/httpd/error_log (CVE-2019-10195)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Issue with adding multiple RHEL 7 IPA replica to RHEL 6 IPA master (BZ#1770728)

  • User incorrectly added to negative cache when backend is reconnecting to IPA service / timed out: error code 32 ‘No such object’ (BZ#1773953)

  • After upgrade AD Trust Agents were removed from LDAP (BZ#1781153)

OSVersionArchitecturePackageVersionFilename
RedHat7noarchpython2-ipaserver< 4.6.5-11.el7_7.4python2-ipaserver-4.6.5-11.el7_7.4.noarch.rpm
RedHat7s390xipa-debuginfo< 4.6.5-11.el7_7.4ipa-debuginfo-4.6.5-11.el7_7.4.s390x.rpm
RedHat7x86_64ipa-debuginfo< 4.6.5-11.el7_7.4ipa-debuginfo-4.6.5-11.el7_7.4.x86_64.rpm
RedHat7x86_64ipa-client< 4.6.5-11.el7_7.4ipa-client-4.6.5-11.el7_7.4.x86_64.rpm
RedHat7ppc64leipa-debuginfo< 4.6.5-11.el7_7.4ipa-debuginfo-4.6.5-11.el7_7.4.ppc64le.rpm
RedHat7ppc64ipa-client< 4.6.5-11.el7_7.4ipa-client-4.6.5-11.el7_7.4.ppc64.rpm
RedHat7x86_64ipa-server< 4.6.5-11.el7_7.4ipa-server-4.6.5-11.el7_7.4.x86_64.rpm
RedHat7noarchipa-server-common< 4.6.5-11.el7_7.4ipa-server-common-4.6.5-11.el7_7.4.noarch.rpm
RedHat7ppc64leipa-client< 4.6.5-11.el7_7.4ipa-client-4.6.5-11.el7_7.4.ppc64le.rpm
RedHat7ppc64ipa-debuginfo< 4.6.5-11.el7_7.4ipa-debuginfo-4.6.5-11.el7_7.4.ppc64.rpm
Rows per page:
1-10 of 181

Related

fedora 2
openvas 5
nessus 11
oraclelinux 1
rocky 1
amazon 1
altlinux 1
osv 7
redhat 1
redhatcve 2
cve 2
ubuntucve 2
github 2
debiancve 2
symantec 2
veracode 2
prion 2
fedora
fedora
[SECURITY] Fedora 31 Update: freeipa-4.8.3-1.fc31
2019-12-05 01:43:06
[SECURITY] Fedora 30 Update: freeipa-4.8.3-1.fc30
2019-12-05 01:12:57
openvas
openvas
Fedora Update for freeipa FEDORA-2019-8e9093da55
2019-12-08 00:00:00
Fedora Update for freeipa FEDORA-2019-c64e1612f5
2020-01-09 00:00:00
Huawei EulerOS: Security Advisory for ipa (EulerOS-SA-2020-1391)
2020-04-16 00:00:00
nessus
nessus
NewStart CGSL CORE 5.05 / MAIN 5.05 : ipa Multiple Vulnerabilities (NS-SA-2020-0111)
2020-12-09 00:00:00
Oracle Linux 7 : ipa (ELSA-2020-0378)
2020-02-06 00:00:00
Fedora 31 : freeipa (2019-c64e1612f5)
2019-12-05 00:00:00
oraclelinux
oraclelinux
ipa security and bug fix update
2020-02-05 00:00:00
rocky
rocky
DL1 bug fix update
2019-12-17 09:19:15
amazon
amazon
Important: ipa
2020-05-08 20:44:00
altlinux
altlinux
Security fix for the ALT Linux 8 package freeipa version 4.3.3-alt20
2019-11-28 00:00:00
osv
osv
idm:DL1 bug fix update
2019-12-17 09:19:15
PYSEC-2019-28
2019-11-27 09:15:00
Code injection in FreeIPA
2021-12-06 18:17:38
redhat
redhat
(RHSA-2020:1269) Important: idm:DL1 security update
2020-04-01 09:11:17
redhatcve
redhatcve
CVE-2019-14867
2020-04-01 14:07:58
CVE-2019-10195
2019-11-27 03:17:54
cve
cve
CVE-2019-14867
2019-11-27 09:15:00
CVE-2019-10195
2019-11-27 08:15:00
ubuntucve
ubuntucve
CVE-2019-14867
2019-11-27 00:00:00
CVE-2019-10195
2019-11-27 00:00:00
github
github
Code injection in FreeIPA
2021-12-06 18:17:38
FreeIPA logs passwords embedded in commands in calls using batch
2022-05-24 17:02:16
debiancve
debiancve
CVE-2019-14867
2019-11-27 09:15:00
CVE-2019-10195
2019-11-27 08:15:00
symantec
symantec
FreeIPA CVE-2019-14867 Denial of Service Vulnerability
2019-11-26 00:00:00
FreeIPA CVE-2019-10195 Information Disclosure Vulnerability
2019-11-26 00:00:00
veracode
veracode
Arbitrary Code Execution
2021-12-08 04:56:10
Insertion Of Sensitive Information Into Log File
2024-04-30 08:42:46
prion
prion
Design/Logic Flaw
2019-11-27 09:15:00
Command injection
2019-11-27 08:15:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.1%

JSON
Related for RHSA-2020:0378
fedora2openvas5nessus11oraclelinux1rocky1amazon1altlinux1osv7redhat1redhatcve2cve2ubuntucve2github2debiancve2symantec2veracode2prion2