|
|
Subscribe / Log in / New account

Scientific Linux alert SL-ipa-20111206 (ipa)



From:
    	      riehecky@fnal.gov 


To:
    	      scientific-linux-errata@fnal.gov 


Subject:
    	      Security ERRATA Moderate: ipa on SL6.x i386/x86_64 


Date:
    	      Wed, 11 Jan 2012 10:11:56 -0600


Message-ID:
    	      <201201111611.q0BGBuSn017146@fefmon2.fnal.gov>



Synopsis:    Moderate: ipa security and bug fix update
Issue Date:  2011-12-06
CVE Numbers: CVE-2011-3636


This Identity Management Application is a centralized authentication, identity
management and authorization solution for both traditional and cloud based
enterprise environments. It integrates components of the Upstream Directory
Server, MIT Kerberos, the Upstream Certificate System, NTP, and DNS. It provides
web browser and command-line interfaces. Its administration tools allow an
administrator to quickly install, set up, and administer a group of domain
controllers to meet the authentication and identity management requirements
of large scale Linux and UNIX deployments.

A Cross-Site Request Forgery (CSRF) flaw was found in this package.
 If a remote attacker could trick a user, who was logged into
the management web interface, into visiting a specially-crafted URL, the
attacker could perform configuration changes with the privileges of the
logged in user. (CVE-2011-3636)

Due to the changes required to fix CVE-2011-3636, client tools will need to
be updated for client systems to communicate with updated servers. New client
systems will need to have the updated ipa-client package installed to be enrolled. Already enrolled
client systems will need to have the updated certmonger package installed to be able to renew their
system certificate. Note that system
certificates are valid for two years by default.

This update includes several bug fixes. Space precludes documenting all of
these changes in this advisory.

Users of this software should upgrade to these updated packages, which correct
these issues.

A number of additional packages were added to the security repository so
that this package could be installed on older SL systems.

SL6:
  i386
     ipa-admintools-2.1.3-9.el6.i686.rpm
     ipa-client-2.1.3-9.el6.i686.rpm
     ipa-debuginfo-2.1.3-9.el6.i686.rpm
     ipa-python-2.1.3-9.el6.i686.rpm
     ipa-server-2.1.3-9.el6.i686.rpm
     ipa-server-selinux-2.1.3-9.el6.i686.rpm
  x86_64
     ipa-admintools-2.1.3-9.el6.x86_64.rpm
     ipa-client-2.1.3-9.el6.x86_64.rpm
     ipa-debuginfo-2.1.3-9.el6.x86_64.rpm
     ipa-python-2.1.3-9.el6.x86_64.rpm
     ipa-server-2.1.3-9.el6.x86_64.rpm
     ipa-server-selinux-2.1.3-9.el6.x86_64.rpm

- Scientific Linux Development Team
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds