ALSA-2020:4670

[ALSA-2020:4670] Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2022-04-29

Description:

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. 

The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)

Security Fix(es):

* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)

* bootstrap: XSS in the data-target attribute (CVE-2016-10735)

* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)

* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)

* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)

* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)

* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

* js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)

* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)

* ipa: No password length restriction leads to denial of service (CVE-2020-1722)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
noarch	python3-pyusb-1.0.0-9.module_el8.5.0+2641+983b221b.noarch.rpm	189f21bf150e0808fb26731066daab3504997a32af09c777a9ab8a60c3a7e4bc
noarch	python3-qrcode-core-5.1-12.module_el8.6.0+2737+7e73ea90.noarch.rpm	35578ad4d8e9a458ca2ef605c6c077adc070a1d606ac1aef6f6755e1ae3b42fe
noarch	python3-custodia-0.6.0-3.module_el8.6.0+2881+2f24dc92.noarch.rpm	416415f024d2f5fd5573a04b9b3d4c4717e07b8f72999773e10bf94d076a7296
noarch	python3-yubico-1.3.2-9.module_el8.5.0+2641+983b221b.noarch.rpm	526042e306058946bfc700ca4369bdadf805e0087599e66d1f3a961f7e3ad761
noarch	python3-yubico-1.3.2-9.module_el8.6.0+2737+7e73ea90.noarch.rpm	6614796eede644eb18cd760f015e82f42c5528713e48418f8ab00e23db77dfe7
noarch	python3-pyusb-1.0.0-9.module_el8.6.0+2881+2f24dc92.noarch.rpm	91f9d74f4e9bf74b56f39b55425730114fcf13c58cd5a6f171fcbcbfd81663ac
noarch	python3-jwcrypto-0.5.0-1.module_el8.5.0+2641+983b221b.noarch.rpm	a12d429d76e9233ef3474ed2ac2d00ce655b24afc8c6efee1fd78f0bd2c91a6e
noarch	python3-kdcproxy-0.4-5.module_el8.6.0+2881+2f24dc92.noarch.rpm	bfd1c254cc3a39ac1a2aba8c812d4d825787211dd75649548e0fcae4397dca2a
noarch	custodia-0.6.0-3.module_el8.6.0+2881+2f24dc92.noarch.rpm	c2ce1591d7ce3710fbdf3aa666fc69e9d06a3e691f36228836771cc64886b772
noarch	python3-qrcode-5.1-12.module_el8.6.0+2881+2f24dc92.noarch.rpm	c73d28b859eb0eb19bfe92368a92f021e46eaf2efbbeb59f41847fba52d0fc1a
noarch	python3-jwcrypto-0.5.0-1.module_el8.6.0+2881+2f24dc92.noarch.rpm	ca523f9f01b596a05df5b18f906a5d72e682a583b6863a36b96236708a62795c
noarch	python3-pyusb-1.0.0-9.module_el8.6.0+2737+7e73ea90.noarch.rpm	ce501350a8cfb378bf3554b396191727a02a32afea640930f05155a7463d066a
noarch	python3-yubico-1.3.2-9.module_el8.6.0+2881+2f24dc92.noarch.rpm	d6f0fd709956e67451adbfc2ec5e9c2d608232b6d90554bef9dbbd62139c2b42
noarch	python3-qrcode-5.1-12.module_el8.5.0+2641+983b221b.noarch.rpm	db1b17845b0906c4bc63e5636505e4dbbcd8738fcd595e098975b7c6ceb71290
noarch	python3-qrcode-5.1-12.module_el8.6.0+2737+7e73ea90.noarch.rpm	e57fed8f11bcb11aa9223888ba486c23bb889553c56a2b08c2549fb7198f9698
noarch	python3-jwcrypto-0.5.0-1.module_el8.6.0+2737+7e73ea90.noarch.rpm	e7181e32732011f2fbe1f8711ac9564db09bafd81b7729a9f619c89bdabab375
noarch	python3-qrcode-core-5.1-12.module_el8.6.0+2881+2f24dc92.noarch.rpm	f187b512f74a200ad6942314e30026325627c5f704061034f121ccaf817522b3
noarch	python3-qrcode-core-5.1-12.module_el8.5.0+2641+983b221b.noarch.rpm	f4d3b15af0280a978c849687da8d65cf041009c73e61c2f90ef7343d12c13861

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.