ALSA-2024:0143

[ALSA-2024:0143] Moderate: idm:DL1 security update

Type:

security

Severity:

moderate

Release date:

2024-01-16

Description:

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. 

Security Fix(es):

* Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049)
* ipa: Invalid CSRF protection (CVE-2023-5455)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	opendnssec-2.1.7-1.module_el8.6.0+2881+2f24dc92.aarch64.rpm	0e2bba20c6d1a25480f39c6eba0f90c3605a840b4d8a9090685f1895fcbd2cec
aarch64	slapi-nis-0.60.0-4.module_el8.9.0+3682+f63caf3e.alma.1.aarch64.rpm	1150f07e3ab25e176a535f70f909e1d47ce0e9a99b485767bf35ffcc76c34f63
aarch64	ipa-client-epn-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.aarch64.rpm	3a6de1291c801b549c9080fa95c4bfdf4cf713c13dedf767b6c4cdfa88a50b37
aarch64	softhsm-devel-2.6.0-5.module_el8.6.0+2881+2f24dc92.aarch64.rpm	41ccba15598559f2c4ce3d45740d258ac1e4d0de8640d2654774997e3b67e0c5
aarch64	ipa-server-trust-ad-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.aarch64.rpm	5d0d602ad3d2c80965c68d008312506854965b02e1288da8ade574c047c54b94
aarch64	ipa-client-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.aarch64.rpm	78fc727f4f36053e1a03407ff333037e3b25ca8f7e62d38a1661befdadef9dad
aarch64	ipa-client-samba-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.aarch64.rpm	7bf923bf7f3179295533c3d3d834f42af59461fe139eebc738b402d4458208d7
aarch64	bind-dyndb-ldap-11.6-4.module_el8.6.0+3339+9b5fdd22.aarch64.rpm	88eb71488f281dcad90c97b3a51ade6677c094fd25098160bf12c775e68609d4
aarch64	ipa-server-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.aarch64.rpm	9bfdf0e171e062395c5d90984fbc7722b395f248dd688c1ec329e122660fd1ef
aarch64	softhsm-2.6.0-5.module_el8.6.0+2881+2f24dc92.aarch64.rpm	a197e40c5401d2d7385eae40692efb1bf5ff59045f9cf9b24373732010966126
noarch	ipa-server-dns-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.noarch.rpm	02aacab3782c9a9c5ba6abdae55a7c36a9dd3a1070f797a7a2d54f10d43d9360
noarch	ipa-client-common-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.noarch.rpm	120ad61b4b5d233e5d11c3b3207a924cd384898ab3906404a47eb5a7c4e2b4d0
noarch	python3-kdcproxy-0.4-5.module_el8.9.0+3682+f63caf3e.noarch.rpm	137e6f0001b74c3f951113e7671782fff79d3d7e1053f7086c3dc5284031f66e
noarch	ipa-healthcheck-0.12-3.module_el8.9.0+3651+d05ea4c5.noarch.rpm	256f632b4bbfcf825ee03e258b1f1cd9f232c910107bcb967a25bb28d768e27f
noarch	python3-ipalib-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.noarch.rpm	329e7e4a2458c4473548a957349d086286c96671a54dc16920e6720d50a60117
noarch	ipa-common-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.noarch.rpm	3d07743c7c1a6123b7dbcbbcc148af93702b0a315e3b3bd04bb8cb4409c6e6c6
noarch	python3-custodia-0.6.0-3.module_el8.6.0+2881+2f24dc92.noarch.rpm	416415f024d2f5fd5573a04b9b3d4c4717e07b8f72999773e10bf94d076a7296
noarch	python3-jwcrypto-0.5.0-1.1.module_el8.7.0+3349+cfeff52e.noarch.rpm	42fb4e8b412042e16b9a08a0136e9ff56b8d75a1a0faaa070d1a2fc9b0446296
noarch	python3-pyusb-1.0.0-9.1.module_el8.7.0+3349+cfeff52e.noarch.rpm	5f45866e2459f1c9a0b969263baab4ffed264d2998456658cafd554de6300cfa
noarch	python3-yubico-1.3.2-9.1.module_el8.7.0+3349+cfeff52e.noarch.rpm	68b28b3fb94f5026730feca1a1c3feb64c06ad5601a7cf8befb4e704510edd73
noarch	ipa-healthcheck-core-0.12-3.module_el8.9.0+3651+d05ea4c5.noarch.rpm	6e29224e5e6a92366a33c093fa580ef7885db16383aaca82fa62f0491d7e06e0
noarch	python3-ipatests-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.noarch.rpm	87fba45c77cb2e826d01920ed9fea96835b5b1e8966f977ddc9cd1f7ba26fcef
noarch	python3-ipaserver-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.noarch.rpm	882ffe6d9ba3813642ca4978846b8e583ae34c541a50ec6af58b9976d53112de
noarch	ipa-server-common-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.noarch.rpm	91b6ea49ef7fa0c00067782b007724717d05791704c1ce020f7a3b899f1eb8f8
noarch	python3-ipaclient-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.noarch.rpm	9599a002c615d04e2922f389a1861c6203d9143ca0f1d3a524412324effce02f
noarch	ipa-selinux-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.noarch.rpm	b5a23b37b43aa936797449f55043f112caf79270e0dcc8de1c792462e3968277
noarch	custodia-0.6.0-3.module_el8.6.0+2881+2f24dc92.noarch.rpm	c2ce1591d7ce3710fbdf3aa666fc69e9d06a3e691f36228836771cc64886b772
noarch	python3-qrcode-5.1-12.module_el8.6.0+2881+2f24dc92.noarch.rpm	c73d28b859eb0eb19bfe92368a92f021e46eaf2efbbeb59f41847fba52d0fc1a
noarch	ipa-python-compat-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.noarch.rpm	e80d123b9e451e541f8c87e0f9e1a64626e44cc0b17ace078ccf7948d0a52086
noarch	python3-qrcode-core-5.1-12.module_el8.6.0+2881+2f24dc92.noarch.rpm	f187b512f74a200ad6942314e30026325627c5f704061034f121ccaf817522b3
ppc64le	softhsm-devel-2.6.0-5.module_el8.6.0+2881+2f24dc92.ppc64le.rpm	0d565eba7dc881927d07fa580d8bc05ad7a4a8cc82217ef7d98c5f466d7195a1
ppc64le	ipa-client-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.ppc64le.rpm	25931d75dd377a2454bcb4fc4abffce9d354ab59ee9330c49ce32f90993b9d30
ppc64le	slapi-nis-0.60.0-4.module_el8.9.0+3682+f63caf3e.alma.1.ppc64le.rpm	3e1ae56986295783eb6faa033a50b65efbb568e003cc23e847cad9f9256f8ec5
ppc64le	ipa-server-trust-ad-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.ppc64le.rpm	4f70a15511d444e2aeb60887ea160640ac54396ae293a021de1260795c5321ad
ppc64le	bind-dyndb-ldap-11.6-4.module_el8.6.0+3339+9b5fdd22.ppc64le.rpm	82ed6ebdda44deb71f55f24e09d1a87aac3e7e8c9f88d8484ebcb9dbdd87d747
ppc64le	opendnssec-2.1.7-1.module_el8.6.0+2881+2f24dc92.ppc64le.rpm	98bed306d0c04bc91c9b20b938a3001adedda8380971ddf90870cf3902ccf37e
ppc64le	softhsm-2.6.0-5.module_el8.6.0+2881+2f24dc92.ppc64le.rpm	9e7906c48f5b221582d8e4a3ab0400317bacccf5f83827b295c73cc6e75a3dac
ppc64le	ipa-server-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.ppc64le.rpm	b04d1297fbdb017720574f5f7b9dbfaf27c3f8fc2f71020a7926f0cb3a716285
ppc64le	ipa-client-epn-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.ppc64le.rpm	e86ef6bb5112352a93083156f703fe85c5ed4a251769188e4168c23d5780b85f
ppc64le	ipa-client-samba-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.ppc64le.rpm	f777455ae2c297c69d963f1e974b0256a2116a216bd7052086c28d6b227f9df5
s390x	ipa-client-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.s390x.rpm	0c601061a5dc676ea9eddecd73f28e77e81e098a94a8979ff8f13fd77358fdad
s390x	ipa-server-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.s390x.rpm	51b483c1524cf4c315490d22a2877f840ea37e9e75c3cb062426edbdc95de515
s390x	opendnssec-2.1.7-1.module_el8.6.0+3031+2f24dc92.s390x.rpm	70507943973619cb0dcbeacad47947e0edfc24e6bd7cf67323083e2fcb0ea086
s390x	ipa-server-trust-ad-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.s390x.rpm	70728b01304070b6b8c5f1e18a63076f7457b872c45267dc5cdf990610b715be
s390x	ipa-client-epn-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.s390x.rpm	957e603bdd1e2109aebb11c14e0c43356af65c29922ea8474fda093bddd6c343
s390x	softhsm-devel-2.6.0-5.module_el8.6.0+3031+2f24dc92.s390x.rpm	99b0ac3696d5de6fbbd0e2bb5882b9a36feef44b0fcb4f42dd82963f3077f8ab
s390x	bind-dyndb-ldap-11.6-4.module_el8.6.0+3339+9b5fdd22.s390x.rpm	a817713d7704d250c4aa0d8ce2a497506a6717e6714d704b0893d006f3956dd0
s390x	softhsm-2.6.0-5.module_el8.6.0+3031+2f24dc92.s390x.rpm	ad706f5e338373e1c6880dce46ce69f7e82ebf416e464ec0abc5c316b27306a1
s390x	ipa-client-samba-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.s390x.rpm	c7843a78948c28bc3d10d398d02f0ba73f407acd6affcdb91f95848b724bc93a
s390x	slapi-nis-0.60.0-4.module_el8.9.0+3682+f63caf3e.alma.1.s390x.rpm	e283b0e8ad5b99af68c893d6be3fbbf4c283e9b3b845a7fb6ff96e5c75475639
x86_64	opendnssec-2.1.7-1.module_el8.6.0+2881+2f24dc92.x86_64.rpm	1fe673d6d2c3499b5db94d8410ff2d2151e8289777634e839b0095afd19404e6
x86_64	ipa-server-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.x86_64.rpm	4d0cc81725abe995e7ed3b685f8309f2b7d9b563801a5c2658d8628bfcad759c
x86_64	bind-dyndb-ldap-11.6-4.module_el8.6.0+3339+9b5fdd22.x86_64.rpm	4e2c035693bca0948aa7c8307e91bc5711a6e72dda003346ca8903796883ee6e
x86_64	ipa-server-trust-ad-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.x86_64.rpm	710b4c9712155710d7749d35932d574f4e2572d198d3ec442e9d63961073e2e9
x86_64	ipa-client-epn-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.x86_64.rpm	763f808329ca7c40695da6d2a97250f1e3692d6cb80a6458c8ac80c31e36ea70
x86_64	softhsm-2.6.0-5.module_el8.6.0+2881+2f24dc92.x86_64.rpm	811210ae191e3e43bd6c050dc62929aa8ceffa91282ea200b96845b8a1425de2
x86_64	ipa-client-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.x86_64.rpm	9a75281c7493b2c0e5953c8d034564e98a86bf772b729666673f4ed0ce0a0b3a
x86_64	slapi-nis-0.60.0-4.module_el8.9.0+3682+f63caf3e.alma.1.x86_64.rpm	e46d1b7878ccf9ce079d30427616d6bbdfb72296019a40fe991e7108ecd4256c
x86_64	ipa-client-samba-4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1.x86_64.rpm	eb41dd379e4198b6418350cab9f6c6e695a2b07d4123dce586c2361376eecb7d
x86_64	softhsm-devel-2.6.0-5.module_el8.6.0+2881+2f24dc92.x86_64.rpm	f004bec0bb3248d09ad4724c0c8acfc9cc5466028bcd72bb63d52490efb4bfe8

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.