RHSA-2020:3936: Moderate: ipa security, bug fix, and enhancement update

Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.<br>The following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)<br>Security Fix(es):<br><li> js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)</li> <li> bootstrap: XSS in the data-target attribute (CVE-2016-10735)</li> <li> bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)</li> <li> bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)</li> <li> bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)</li> <li> bootstrap: XSS in the affix configuration target property (CVE-2018-20677)</li> <li> bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)</li> <li> js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)</li> <li> jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)</li> <li> ipa: No password length restriction leads to denial of service (CVE-2020-1722)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.