ID CVE-2020-1722
Summary A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.
References
Vulnerable Configurations
  • cpe:2.3:a:freeipa:freeipa:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.1.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.1.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.2.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.2.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.4.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.4.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.6.90:pre1:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.6.90:pre1:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.6.90:pre2:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.6.90:pre2:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.7.90:pre1:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.7.90:pre1:*:*:*:*:*:*
  • cpe:2.3:a:freeipa:freeipa:4.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 5.4 (as of 26-05-2020 - 15:12)
Impact:
Exploitability:
CWE CWE-400
CAPEC
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Regular Expression Exponential Blowup
    An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions. The algorithm builds a finite state machine and based on the input transitions through all the states until the end of the input is reached. NFA engines may evaluate each character in the input string multiple times during the backtracking. The algorithm tries each path through the NFA one by one until a match is found; the malicious input is crafted so every path is tried which results in a failure. Exploitation of the Regex results in programs hanging or taking a very long time to complete. These attacks may target various layers of the Internet due to regular expressions being used in validation.
  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:N/A:C
redhat via4
advisories
  • bugzilla
    id 1842950
    title ipa-adtrust-install fails when replica is offline
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment ipa-client is earlier than 0:4.6.8-5.el7
            oval oval:com.redhat.rhsa:tst:20203936001
          • comment ipa-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20194268008
        • AND
          • comment ipa-client-common is earlier than 0:4.6.8-5.el7
            oval oval:com.redhat.rhsa:tst:20203936003
          • comment ipa-client-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20194268010
        • AND
          • comment ipa-common is earlier than 0:4.6.8-5.el7
            oval oval:com.redhat.rhsa:tst:20203936005
          • comment ipa-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20194268014
        • AND
          • comment ipa-python-compat is earlier than 0:4.6.8-5.el7
            oval oval:com.redhat.rhsa:tst:20203936007
          • comment ipa-python-compat is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20194268022
        • AND
          • comment ipa-server is earlier than 0:4.6.8-5.el7
            oval oval:com.redhat.rhsa:tst:20203936009
          • comment ipa-server is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20194268024
        • AND
          • comment ipa-server-common is earlier than 0:4.6.8-5.el7
            oval oval:com.redhat.rhsa:tst:20203936011
          • comment ipa-server-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20194268026
        • AND
          • comment ipa-server-dns is earlier than 0:4.6.8-5.el7
            oval oval:com.redhat.rhsa:tst:20203936013
          • comment ipa-server-dns is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20194268028
        • AND
          • comment ipa-server-trust-ad is earlier than 0:4.6.8-5.el7
            oval oval:com.redhat.rhsa:tst:20203936015
          • comment ipa-server-trust-ad is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20194268030
        • AND
          • comment python2-ipaclient is earlier than 0:4.6.8-5.el7
            oval oval:com.redhat.rhsa:tst:20203936017
          • comment python2-ipaclient is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170001020
        • AND
          • comment python2-ipalib is earlier than 0:4.6.8-5.el7
            oval oval:com.redhat.rhsa:tst:20203936019
          • comment python2-ipalib is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170001022
        • AND
          • comment python2-ipaserver is earlier than 0:4.6.8-5.el7
            oval oval:com.redhat.rhsa:tst:20203936021
          • comment python2-ipaserver is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170001024
    rhsa
    id RHSA-2020:3936
    released 2020-09-29
    severity Moderate
    title RHSA-2020:3936: ipa security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 1879604
    title pkispawn logs files are empty
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment Module idm:DL1 is enabled
            oval oval:com.redhat.rhba:tst:20194268065
          • OR
            • AND
              • comment bind-dyndb-ldap is earlier than 0:11.3-1.module+el8.3.0+6993+104f8db0
                oval oval:com.redhat.rhsa:tst:20204670001
              • comment bind-dyndb-ldap is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268002
            • AND
              • comment bind-dyndb-ldap-debugsource is earlier than 0:11.3-1.module+el8.3.0+6993+104f8db0
                oval oval:com.redhat.rhsa:tst:20204670003
              • comment bind-dyndb-ldap-debugsource is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268004
            • AND
              • comment custodia is earlier than 0:0.6.0-3.module+el8.1.0+4098+f286395e
                oval oval:com.redhat.rhba:tst:20194268005
              • comment custodia is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268006
            • AND
              • comment ipa-client is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670007
              • comment ipa-client is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268008
            • AND
              • comment ipa-client-common is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670009
              • comment ipa-client-common is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268010
            • AND
              • comment ipa-client-epn is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670011
              • comment ipa-client-epn is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhsa:tst:20204670012
            • AND
              • comment ipa-client-samba is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670013
              • comment ipa-client-samba is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268012
            • AND
              • comment ipa-common is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670015
              • comment ipa-common is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268014
            • AND
              • comment ipa-debugsource is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670017
              • comment ipa-debugsource is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268016
            • AND
              • comment ipa-healthcheck is earlier than 0:0.4-6.module+el8.3.0+7710+e2408ce4
                oval oval:com.redhat.rhsa:tst:20204670019
              • comment ipa-healthcheck is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268018
            • AND
              • comment ipa-healthcheck-core is earlier than 0:0.4-6.module+el8.3.0+7710+e2408ce4
                oval oval:com.redhat.rhsa:tst:20204670021
              • comment ipa-healthcheck-core is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhsa:tst:20204670022
            • AND
              • comment ipa-python-compat is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670023
              • comment ipa-python-compat is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268022
            • AND
              • comment ipa-selinux is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670025
              • comment ipa-selinux is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhsa:tst:20204670026
            • AND
              • comment ipa-server is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670027
              • comment ipa-server is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268024
            • AND
              • comment ipa-server-common is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670029
              • comment ipa-server-common is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268026
            • AND
              • comment ipa-server-dns is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670031
              • comment ipa-server-dns is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268028
            • AND
              • comment ipa-server-trust-ad is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670033
              • comment ipa-server-trust-ad is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268030
            • AND
              • comment opendnssec is earlier than 0:2.1.6-2.module+el8.3.0+6580+328a3362
                oval oval:com.redhat.rhsa:tst:20204670035
              • comment opendnssec is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268032
            • AND
              • comment opendnssec-debugsource is earlier than 0:2.1.6-2.module+el8.3.0+6580+328a3362
                oval oval:com.redhat.rhsa:tst:20204670037
              • comment opendnssec-debugsource is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268034
            • AND
              • comment python3-custodia is earlier than 0:0.6.0-3.module+el8.1.0+4098+f286395e
                oval oval:com.redhat.rhba:tst:20194268035
              • comment python3-custodia is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268036
            • AND
              • comment python3-ipaclient is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670041
              • comment python3-ipaclient is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268038
            • AND
              • comment python3-ipalib is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670043
              • comment python3-ipalib is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268040
            • AND
              • comment python3-ipaserver is earlier than 0:4.8.7-12.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670045
              • comment python3-ipaserver is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268042
            • AND
              • comment python3-jwcrypto is earlier than 0:0.5.0-1.module+el8.1.0+4098+f286395e
                oval oval:com.redhat.rhba:tst:20194268043
              • comment python3-jwcrypto is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268044
            • AND
              • comment python3-kdcproxy is earlier than 0:0.4-5.module+el8.2.0+4691+a05b2456
                oval oval:com.redhat.rhsa:tst:20204670049
              • comment python3-kdcproxy is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268046
            • AND
              • comment python3-pyusb is earlier than 0:1.0.0-9.module+el8.1.0+4098+f286395e
                oval oval:com.redhat.rhba:tst:20194268047
              • comment python3-pyusb is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268048
            • AND
              • comment python3-qrcode is earlier than 0:5.1-12.module+el8.1.0+4098+f286395e
                oval oval:com.redhat.rhba:tst:20194268049
              • comment python3-qrcode is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268050
            • AND
              • comment python3-qrcode-core is earlier than 0:5.1-12.module+el8.1.0+4098+f286395e
                oval oval:com.redhat.rhba:tst:20194268051
              • comment python3-qrcode-core is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268052
            • AND
              • comment python3-yubico is earlier than 0:1.3.2-9.module+el8.1.0+4098+f286395e
                oval oval:com.redhat.rhba:tst:20194268053
              • comment python3-yubico is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268054
            • AND
              • comment slapi-nis is earlier than 0:0.56.5-4.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670059
              • comment slapi-nis is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268056
            • AND
              • comment slapi-nis-debugsource is earlier than 0:0.56.5-4.module+el8.3.0+8222+c1bff54a
                oval oval:com.redhat.rhsa:tst:20204670061
              • comment slapi-nis-debugsource is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268058
            • AND
              • comment softhsm is earlier than 0:2.6.0-3.module+el8.3.0+6909+fb33717d
                oval oval:com.redhat.rhsa:tst:20204670063
              • comment softhsm is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268060
            • AND
              • comment softhsm-debugsource is earlier than 0:2.6.0-3.module+el8.3.0+6909+fb33717d
                oval oval:com.redhat.rhsa:tst:20204670065
              • comment softhsm-debugsource is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268062
            • AND
              • comment softhsm-devel is earlier than 0:2.6.0-3.module+el8.3.0+6909+fb33717d
                oval oval:com.redhat.rhsa:tst:20204670067
              • comment softhsm-devel is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268064
        • AND
          • comment Module idm:client is enabled
            oval oval:com.redhat.rhsa:tst:20204670086
          • OR
            • AND
              • comment ipa-client is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
                oval oval:com.redhat.rhsa:tst:20204670070
              • comment ipa-client is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268008
            • AND
              • comment ipa-client-common is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
                oval oval:com.redhat.rhsa:tst:20204670071
              • comment ipa-client-common is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268010
            • AND
              • comment ipa-client-epn is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
                oval oval:com.redhat.rhsa:tst:20204670072
              • comment ipa-client-epn is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhsa:tst:20204670012
            • AND
              • comment ipa-client-samba is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
                oval oval:com.redhat.rhsa:tst:20204670073
              • comment ipa-client-samba is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268012
            • AND
              • comment ipa-common is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
                oval oval:com.redhat.rhsa:tst:20204670074
              • comment ipa-common is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268014
            • AND
              • comment ipa-debugsource is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
                oval oval:com.redhat.rhsa:tst:20204670075
              • comment ipa-debugsource is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268016
            • AND
              • comment ipa-healthcheck-core is earlier than 0:0.4-6.module+el8.3.0+7711+c4441980
                oval oval:com.redhat.rhsa:tst:20204670076
              • comment ipa-healthcheck-core is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhsa:tst:20204670022
            • AND
              • comment ipa-python-compat is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
                oval oval:com.redhat.rhsa:tst:20204670077
              • comment ipa-python-compat is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268022
            • AND
              • comment ipa-selinux is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
                oval oval:com.redhat.rhsa:tst:20204670078
              • comment ipa-selinux is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhsa:tst:20204670026
            • AND
              • comment python3-ipaclient is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
                oval oval:com.redhat.rhsa:tst:20204670079
              • comment python3-ipaclient is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268038
            • AND
              • comment python3-ipalib is earlier than 0:4.8.7-12.module+el8.3.0+8223+6212645f
                oval oval:com.redhat.rhsa:tst:20204670080
              • comment python3-ipalib is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268040
            • AND
              • comment python3-jwcrypto is earlier than 0:0.5.0-1.module+el8.1.0+4107+4a66eb87
                oval oval:com.redhat.rhsa:tst:20204670081
              • comment python3-jwcrypto is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268044
            • AND
              • comment python3-pyusb is earlier than 0:1.0.0-9.module+el8.1.0+4107+4a66eb87
                oval oval:com.redhat.rhsa:tst:20204670082
              • comment python3-pyusb is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268048
            • AND
              • comment python3-qrcode is earlier than 0:5.1-12.module+el8.1.0+4107+4a66eb87
                oval oval:com.redhat.rhsa:tst:20204670083
              • comment python3-qrcode is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268050
            • AND
              • comment python3-qrcode-core is earlier than 0:5.1-12.module+el8.1.0+4107+4a66eb87
                oval oval:com.redhat.rhsa:tst:20204670084
              • comment python3-qrcode-core is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268052
            • AND
              • comment python3-yubico is earlier than 0:1.3.2-9.module+el8.1.0+4107+4a66eb87
                oval oval:com.redhat.rhsa:tst:20204670085
              • comment python3-yubico is signed with Red Hat redhatrelease2 key
                oval oval:com.redhat.rhba:tst:20194268054
    rhsa
    id RHSA-2020:4670
    released 2020-11-04
    severity Moderate
    title RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate)
rpms
  • ipa-client-0:4.6.8-5.el7
  • ipa-client-common-0:4.6.8-5.el7
  • ipa-common-0:4.6.8-5.el7
  • ipa-debuginfo-0:4.6.8-5.el7
  • ipa-python-compat-0:4.6.8-5.el7
  • ipa-server-0:4.6.8-5.el7
  • ipa-server-common-0:4.6.8-5.el7
  • ipa-server-dns-0:4.6.8-5.el7
  • ipa-server-trust-ad-0:4.6.8-5.el7
  • python2-ipaclient-0:4.6.8-5.el7
  • python2-ipalib-0:4.6.8-5.el7
  • python2-ipaserver-0:4.6.8-5.el7
  • bind-dyndb-ldap-0:11.3-1.module+el8.3.0+6993+104f8db0
  • bind-dyndb-ldap-debuginfo-0:11.3-1.module+el8.3.0+6993+104f8db0
  • bind-dyndb-ldap-debugsource-0:11.3-1.module+el8.3.0+6993+104f8db0
  • custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e
  • ipa-client-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-client-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • ipa-client-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-client-common-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-client-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • ipa-client-epn-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-client-epn-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • ipa-client-samba-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-client-samba-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • ipa-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-common-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-debuginfo-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • ipa-debugsource-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-debugsource-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • ipa-healthcheck-0:0.4-6.module+el8.3.0+7710+e2408ce4
  • ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7710+e2408ce4
  • ipa-healthcheck-core-0:0.4-6.module+el8.3.0+7711+c4441980
  • ipa-python-compat-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-python-compat-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • ipa-selinux-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-selinux-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • ipa-server-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-server-common-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-server-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-server-dns-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-server-trust-ad-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • ipa-server-trust-ad-debuginfo-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • opendnssec-0:2.1.6-2.module+el8.3.0+6580+328a3362
  • opendnssec-debuginfo-0:2.1.6-2.module+el8.3.0+6580+328a3362
  • opendnssec-debugsource-0:2.1.6-2.module+el8.3.0+6580+328a3362
  • python3-custodia-0:0.6.0-3.module+el8.1.0+4098+f286395e
  • python3-ipaclient-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • python3-ipaclient-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • python3-ipalib-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • python3-ipalib-0:4.8.7-12.module+el8.3.0+8223+6212645f
  • python3-ipaserver-0:4.8.7-12.module+el8.3.0+8222+c1bff54a
  • python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4098+f286395e
  • python3-jwcrypto-0:0.5.0-1.module+el8.1.0+4107+4a66eb87
  • python3-kdcproxy-0:0.4-5.module+el8.2.0+4691+a05b2456
  • python3-pyusb-0:1.0.0-9.module+el8.1.0+4098+f286395e
  • python3-pyusb-0:1.0.0-9.module+el8.1.0+4107+4a66eb87
  • python3-qrcode-0:5.1-12.module+el8.1.0+4098+f286395e
  • python3-qrcode-0:5.1-12.module+el8.1.0+4107+4a66eb87
  • python3-qrcode-core-0:5.1-12.module+el8.1.0+4098+f286395e
  • python3-qrcode-core-0:5.1-12.module+el8.1.0+4107+4a66eb87
  • python3-yubico-0:1.3.2-9.module+el8.1.0+4098+f286395e
  • python3-yubico-0:1.3.2-9.module+el8.1.0+4107+4a66eb87
  • slapi-nis-0:0.56.5-4.module+el8.3.0+8222+c1bff54a
  • slapi-nis-debuginfo-0:0.56.5-4.module+el8.3.0+8222+c1bff54a
  • slapi-nis-debugsource-0:0.56.5-4.module+el8.3.0+8222+c1bff54a
  • softhsm-0:2.6.0-3.module+el8.3.0+6909+fb33717d
  • softhsm-debuginfo-0:2.6.0-3.module+el8.3.0+6909+fb33717d
  • softhsm-debugsource-0:2.6.0-3.module+el8.3.0+6909+fb33717d
  • softhsm-devel-0:2.6.0-3.module+el8.3.0+6909+fb33717d
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722
Last major update 26-05-2020 - 15:12
Published 27-04-2020 - 21:15
Last modified 26-05-2020 - 15:12
Back to Top