CVE-2020-1722 - A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,00

CVE-2020-1722

Summary

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722

Vulnerable Configurations

cpe:2.3:a:freeipa:freeipa:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.0:-:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.0:-:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.0:-:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.0:-:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.5.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.5.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.5.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.5.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.5:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.5:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.6:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.6:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.7:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.7:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.90:pre1:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.90:pre1:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.90:pre2:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.6.90:pre2:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.3:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.4:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.90:pre1:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.7.90:pre1:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:freeipa:freeipa:4.8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

CVSS

Base:	5.4 (as of 12-02-2023 - 23:40)
Impact:
Exploitability:

CWE

CWE-400

CAPEC

XML Entity Expansion
An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions. The algorithm builds a finite state machine and based on the input transitions through all the states until the end of the input is reached. NFA engines may evaluate each character in the input string multiple times during the backtracking. The algorithm tries each path through the NFA one by one until a match is found; the malicious input is crafted so every path is tried which results in a failure. Exploitation of the Regex results in programs hanging or taking a very long time to complete. These attacks may target various layers of the Internet due to regular expressions being used in validation.
XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:N/A:C

redhat via4

advisories

bugzilla

id	1842950
title	ipa-adtrust-install fails when replica is offline

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment ipa-client is earlier than 0:4.6.8-5.el7
oval oval:com.redhat.rhsa:tst:20203936001
comment ipa-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268008

AND

comment ipa-client-common is earlier than 0:4.6.8-5.el7
oval oval:com.redhat.rhsa:tst:20203936003
comment ipa-client-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268010

AND
comment ipa-common is earlier than 0:4.6.8-5.el7
oval oval:com.redhat.rhsa:tst:20203936005
comment ipa-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268014

AND

comment ipa-python-compat is earlier than 0:4.6.8-5.el7
oval oval:com.redhat.rhsa:tst:20203936007
comment ipa-python-compat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268022

AND
comment ipa-server is earlier than 0:4.6.8-5.el7
oval oval:com.redhat.rhsa:tst:20203936009
comment ipa-server is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268024

AND

comment ipa-server-common is earlier than 0:4.6.8-5.el7
oval oval:com.redhat.rhsa:tst:20203936011
comment ipa-server-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268026

AND

comment ipa-server-dns is earlier than 0:4.6.8-5.el7
oval oval:com.redhat.rhsa:tst:20203936013
comment ipa-server-dns is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268028

AND

comment ipa-server-trust-ad is earlier than 0:4.6.8-5.el7
oval oval:com.redhat.rhsa:tst:20203936015
comment ipa-server-trust-ad is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268030

AND

comment python2-ipaclient is earlier than 0:4.6.8-5.el7
oval oval:com.redhat.rhsa:tst:20203936017
comment python2-ipaclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20170001020

AND

comment python2-ipalib is earlier than 0:4.6.8-5.el7
oval oval:com.redhat.rhsa:tst:20203936019
comment python2-ipalib is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20170001022

AND

comment python2-ipaserver is earlier than 0:4.6.8-5.el7
oval oval:com.redhat.rhsa:tst:20203936021
comment python2-ipaserver is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20170001024

rhsa

id	RHSA-2020:3936
released	2020-09-29
severity	Moderate
title	RHSA-2020:3936: ipa security, bug fix, and enhancement update (Moderate)

bugzilla

id	1879604
title	pkispawn logs files are empty

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND

comment Module idm:DL1 is enabled
oval oval:com.redhat.rhba:tst:20194268065

AND

comment bind-dyndb-ldap is earlier than 0:11.3-1.module+el8.3.0+6993+104f8db0
oval oval:com.redhat.rhsa:tst:20204670001
comment bind-dyndb-ldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268002

AND

comment bind-dyndb-ldap-debugsource is earlier than 0:11.3-1.module+el8.3.0+6993+104f8db0
oval oval:com.redhat.rhsa:tst:20204670003
comment bind-dyndb-ldap-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268004

AND

comment custodia is earlier than 0:0.6.0-3.module+el8.1.0+4098+f286395e
oval oval:com.redhat.rhba:tst:20194268005
comment custodia is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268006

AND

comment ipa-client is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670007
comment ipa-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268008

AND

comment ipa-client-common is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670009
comment ipa-client-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268010

AND

comment ipa-client-epn is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670011
comment ipa-client-epn is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204670012

AND

comment ipa-client-samba is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670013
comment ipa-client-samba is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268012

AND

comment ipa-common is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670015
comment ipa-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268014

AND

comment ipa-debugsource is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670017
comment ipa-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268016

AND

comment ipa-healthcheck is earlier than 0:0.4-6.module+el8.3.0+7710+e2408ce4
oval oval:com.redhat.rhsa:tst:20204670019
comment ipa-healthcheck is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268018

AND

comment ipa-healthcheck-core is earlier than 0:0.4-6.module+el8.3.0+7710+e2408ce4
oval oval:com.redhat.rhsa:tst:20204670021
comment ipa-healthcheck-core is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204670022

AND

comment ipa-python-compat is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670023
comment ipa-python-compat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268022

AND

comment ipa-selinux is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670025
comment ipa-selinux is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204670026

AND

comment ipa-server is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670027
comment ipa-server is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268024

AND

comment ipa-server-common is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670029
comment ipa-server-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268026

AND

comment ipa-server-dns is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670031
comment ipa-server-dns is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268028

AND

comment ipa-server-trust-ad is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670033
comment ipa-server-trust-ad is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268030

AND

comment opendnssec is earlier than 0:2.1.6-2.module+el8.3.0+6580+328a3362
oval oval:com.redhat.rhsa:tst:20204670035
comment opendnssec is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268032

AND

comment opendnssec-debugsource is earlier than 0:2.1.6-2.module+el8.3.0+6580+328a3362
oval oval:com.redhat.rhsa:tst:20204670037
comment opendnssec-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268034

AND

comment python3-custodia is earlier than 0:0.6.0-3.module+el8.1.0+4098+f286395e
oval oval:com.redhat.rhba:tst:20194268035
comment python3-custodia is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268036

AND

comment python3-ipaclient is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670041
comment python3-ipaclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268038

AND

comment python3-ipalib is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670043
comment python3-ipalib is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268040

AND

comment python3-ipaserver is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670045
comment python3-ipaserver is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268042

AND

comment python3-jwcrypto is earlier than 0:0.5.0-1.module+el8.1.0+4098+f286395e
oval oval:com.redhat.rhba:tst:20194268043
comment python3-jwcrypto is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268044

AND

comment python3-kdcproxy is earlier than 0:0.4-5.module+el8.2.0+4691+a05b2456
oval oval:com.redhat.rhsa:tst:20204670049
comment python3-kdcproxy is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268046

AND

comment python3-pyusb is earlier than 0:1.0.0-9.module+el8.1.0+4098+f286395e
oval oval:com.redhat.rhba:tst:20194268047
comment python3-pyusb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268048

AND

comment python3-qrcode is earlier than 0:5.1-12.module+el8.1.0+4098+f286395e
oval oval:com.redhat.rhba:tst:20194268049
comment python3-qrcode is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268050

AND

comment python3-qrcode-core is earlier than 0:5.1-12.module+el8.1.0+4098+f286395e
oval oval:com.redhat.rhba:tst:20194268051
comment python3-qrcode-core is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268052

AND

comment python3-yubico is earlier than 0:1.3.2-9.module+el8.1.0+4098+f286395e
oval oval:com.redhat.rhba:tst:20194268053
comment python3-yubico is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268054

AND

comment slapi-nis is earlier than 0:0.56.5-4.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670059
comment slapi-nis is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268056

AND

comment slapi-nis-debugsource is earlier than 0:0.56.5-4.module+el8.3.0+8222+c1bff54a
oval oval:com.redhat.rhsa:tst:20204670061
comment slapi-nis-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268058

AND

comment softhsm is earlier than 0:2.6.0-3.module+el8.3.0+6909+fb33717d
oval oval:com.redhat.rhsa:tst:20204670063
comment softhsm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268060

AND

comment softhsm-debugsource is earlier than 0:2.6.0-3.module+el8.3.0+6909+fb33717d
oval oval:com.redhat.rhsa:tst:20204670065
comment softhsm-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268062

AND

comment softhsm-devel is earlier than 0:2.6.0-3.module+el8.3.0+6909+fb33717d
oval oval:com.redhat.rhsa:tst:20204670067
comment softhsm-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268064

AND

comment Module idm:client is enabled
oval oval:com.redhat.rhsa:tst:20204670086

AND

comment ipa-client is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
oval oval:com.redhat.rhsa:tst:20204670070
comment ipa-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268008

AND

comment ipa-client-common is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
oval oval:com.redhat.rhsa:tst:20204670071
comment ipa-client-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268010

AND

comment ipa-client-epn is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
oval oval:com.redhat.rhsa:tst:20204670072
comment ipa-client-epn is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204670012

AND

comment ipa-client-samba is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
oval oval:com.redhat.rhsa:tst:20204670073
comment ipa-client-samba is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268012

AND

comment ipa-common is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
oval oval:com.redhat.rhsa:tst:20204670074
comment ipa-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268014

AND

comment ipa-debugsource is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
oval oval:com.redhat.rhsa:tst:20204670075
comment ipa-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268016

AND

comment ipa-healthcheck-core is earlier than 0:0.4-6.module+el8.3.0+7711+c4441980
oval oval:com.redhat.rhsa:tst:20204670076
comment ipa-healthcheck-core is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204670022

AND

comment ipa-python-compat is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
oval oval:com.redhat.rhsa:tst:20204670077
comment ipa-python-compat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268022

AND

comment ipa-selinux is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
oval oval:com.redhat.rhsa:tst:20204670078
comment ipa-selinux is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204670026

AND

comment python3-ipaclient is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
oval oval:com.redhat.rhsa:tst:20204670079
comment python3-ipaclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268038

AND

comment python3-ipalib is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
oval oval:com.redhat.rhsa:tst:20204670080
comment python3-ipalib is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268040

AND

comment python3-jwcrypto is earlier than 0:0.5.0-1.module+el8.1.0+4107+4a66eb87
oval oval:com.redhat.rhsa:tst:20204670081
comment python3-jwcrypto is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268044

AND

comment python3-pyusb is earlier than 0:1.0.0-9.module+el8.1.0+4107+4a66eb87
oval oval:com.redhat.rhsa:tst:20204670082
comment python3-pyusb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268048

AND

comment python3-qrcode is earlier than 0:5.1-12.module+el8.1.0+4107+4a66eb87
oval oval:com.redhat.rhsa:tst:20204670083
comment python3-qrcode is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268050

AND

comment python3-qrcode-core is earlier than 0:5.1-12.module+el8.1.0+4107+4a66eb87
oval oval:com.redhat.rhsa:tst:20204670084
comment python3-qrcode-core is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268052

AND

comment python3-yubico is earlier than 0:1.3.2-9.module+el8.1.0+4107+4a66eb87
oval oval:com.redhat.rhsa:tst:20204670085
comment python3-yubico is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20194268054

rhsa

id	RHSA-2020:4670
released	2020-11-04
severity	Moderate
title	RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate)

rpms

ipa-client-0:4.6.8-5.el7
ipa-client-common-0:4.6.8-5.el7
ipa-common-0:4.6.8-5.el7
ipa-debuginfo-0:4.6.8-5.el7
ipa-python-compat-0:4.6.8-5.el7
ipa-server-0:4.6.8-5.el7
ipa-server-common-0:4.6.8-5.el7
ipa-server-dns-0:4.6.8-5.el7
ipa-server-trust-ad-0:4.6.8-5.el7
python2-ipaclient-0:4.6.8-5.el7
python2-ipalib-0:4.6.8-5.el7
python2-ipaserver-0:4.6.8-5.el7
bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0
bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0
bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0
custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e
ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f
ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f
ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f
ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f
ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f
ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f
ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f
ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f
ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4
ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4
ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980
ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f
ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f
ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362
opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362
opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362
python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e
python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f
python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f
python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e
python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87
python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456
python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e
python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87
python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e
python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87
python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e
python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87
python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e
python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87
slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a
slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a
slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a
softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d
softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d
softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d
softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d

refmap via4

confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722

Last major update

12-02-2023 - 23:40

Published

27-04-2020 - 21:15

Last modified

12-02-2023 - 23:40