[ALSA-2020:4670] Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2020-11-03
Description:
AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877) Security Fix(es): * js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676) * bootstrap: XSS in the affix configuration target property (CVE-2018-20677) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * ipa: No password length restriction leads to denial of service (CVE-2020-1722) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages:
  • python3-qrcode-core-5.1-12.module_el8.6.0+2737+7e73ea90.noarch.rpm
  • python3-custodia-0.6.0-3.module_el8.6.0+2881+2f24dc92.noarch.rpm
  • python3-yubico-1.3.2-9.module_el8.6.0+2737+7e73ea90.noarch.rpm
  • python3-pyusb-1.0.0-9.module_el8.6.0+2881+2f24dc92.noarch.rpm
  • python3-kdcproxy-0.4-5.module_el8.6.0+2881+2f24dc92.noarch.rpm
  • custodia-0.6.0-3.module_el8.6.0+2881+2f24dc92.noarch.rpm
  • python3-qrcode-5.1-12.module_el8.6.0+2881+2f24dc92.noarch.rpm
  • python3-jwcrypto-0.5.0-1.module_el8.6.0+2881+2f24dc92.noarch.rpm
  • python3-pyusb-1.0.0-9.module_el8.6.0+2737+7e73ea90.noarch.rpm
  • python3-yubico-1.3.2-9.module_el8.6.0+2881+2f24dc92.noarch.rpm
  • python3-qrcode-5.1-12.module_el8.6.0+2737+7e73ea90.noarch.rpm
  • python3-jwcrypto-0.5.0-1.module_el8.6.0+2737+7e73ea90.noarch.rpm
  • python3-qrcode-core-5.1-12.module_el8.6.0+2881+2f24dc92.noarch.rpm
  • python3-pyusb-1.0.0-9.module_el8.5.0+2641+983b221b.noarch.rpm
  • python3-yubico-1.3.2-9.module_el8.5.0+2641+983b221b.noarch.rpm
  • python3-jwcrypto-0.5.0-1.module_el8.5.0+2641+983b221b.noarch.rpm
  • python3-qrcode-5.1-12.module_el8.5.0+2641+983b221b.noarch.rpm
  • python3-qrcode-core-5.1-12.module_el8.5.0+2641+983b221b.noarch.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.