[SECURITY] Fedora 22 Update: freeipa-4.1.4-1.fc22

IPA is an integrated solution to provide centrally managed Identity machin e, user, virtual machines, groups, authentication credentials, Policy configuration settings, access control information and Audit events, logs, analysis thereof...

RedHat Update for ipa and slapi-nis RHSA-2015:0728-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : ipa and slapi-nis on SL7.x x86_64 (20150326)

The ipa component provides centrally managed Identity, Policy, and Audit. The slapi-nis component provides NIS Server and Schema Compatibility plug- ins for Directory Server. It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling...

RHEL 7 : ipa and slapi-nis (RHSA-2015:0728)

Updated ipa and slapi-nis packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

ipa: memory corruption when using get_user_grouplist()

It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash...

Scientific Linux Security Update : ipa on SL7.x x86_64 (20150305)

Two cross-site scripting XSS flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. CVE-2010-5312, CVE-2012-6662 Note: The IdM version provided by this update...

CentOS 7 : ipa (CESA-2015:0442)

Updated ipa packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

ipa security update

CentOS Errata and Security Advisory CESA-2015:0442 Updated ipa packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerabilit...

Oracle Linux 7 : ipa (ELSA-2015-0442)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0442 advisory. - CVE-2014-7850 freeipa: XSS flaw can be used to escalate privileges 1165774 - CVE-2014-7828 freeipa: password not required when OTP in use 1160877...

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...

[SECURITY] Fedora 21 Update: freeipa-4.1.1-2.fc21

IPA is an integrated solution to provide centrally managed Identity machin e, user, virtual machines, groups, authentication credentials, Policy configuration settings, access control information and Audit events, logs, analysis thereof...

CVE-2014-7248

Cross-site scripting XSS vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file...

CVE-2014-7248

Cross-site scripting XSS vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file...

CVE-2014-7248

CVE-2014-7248 affects IPA iLogScanner 4.0. The vulnerability is a cross-site scripting (CWE-79) flaw in how analysis results are processed/output to HTML, allowing a crafted log entry to inject arbitrary script or HTML into the resulting page. Root cause: improper handling when generating the HTM...

openSUSE Security Update : sssd (openSUSE-SU-2014:1407-1)

sssd was updated to new upstream release 1.12.2 bugfix release, bnc900159 Changes : - Fixed a regression where the IPA provider did not fetch User Private Groups correctly - An important bug in the GPO access control which resulted in a wrong principal being used, was fixed. - Several new options...

[SECURITY] Fedora 21 Update: freeipa-4.1.1-1.fc21

IPA is an integrated solution to provide centrally managed Identity machin e, user, virtual machines, groups, authentication credentials, Policy configuration settings, access control information and Audit events, logs, analysis thereof...

sssd security and bug fix update

1.5.1-70 - Fix IPA provider performance issue when storing large host groups - Resolves: rhbz979047 - sssdbe goes to 99% CPU and causes significant login delays when client is under load 1.5.1-69 - Fix startup with a broken configuration - Resolves: rhbz974036 - sssd core process keeps running...

Oracle Linux 6 : ipa (ELSA-2013-0188)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0188 advisory. 2.2.0-17.el63.1 - Fix changelog issue. The dist tag was in each entry and changing the build release changed history. 878219 2.2.0-17.el63 - Use a secure method...

Oracle Linux 6 : ipa (ELSA-2013-0528)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0528 advisory. - Fix typo in patch 0048 for CVE-2012-5484 878220 - Compliant client side session cookie behavior. CVE-2012-5631. 886371 - Use secure method to retrieve IPA CA...

Oracle Linux 5 : ipa-client (ELSA-2013-0189)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2013-0189 advisory. 2.1.3-5.2 - Add missing man page option --ca-cert-file. 878217 2.1.3-5.1 - Fix python syntax backport issue in CVE patch. 878217 2.1.3-5 - Use secure method to...