RHSA-2021:0860: Moderate: ipa security and bug fix update
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.<br>Security Fix(es):<br><li> jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> cannot issue certs with multiple IP addresses corresponding to different hosts (BZ#1846349)</li> <li> CA-less install does not set required permissions on KDC certificate (BZ#1863619)</li> <li> IdM Web UI shows users as disabled (BZ#1884819)</li> <li> Authentication and login times are over several seconds due to unindexed ipaExternalMember (BZ#1892793)</li> <li> improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find (BZ#1895197)</li> <li> IPA WebUI inaccessible after upgrading to RHEL 8.3 - idoverride-memberof.js missing (BZ#1897253)</li>
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:0860?
RHSA-2021:0860 has been classified as a moderate severity vulnerability.
How do I fix RHSA-2021:0860?
To fix RHSA-2021:0860, upgrade the affected packages to version 4.6.8-5.el7_9.4 or later.
Which packages are affected by RHSA-2021:0860?
Affected packages for RHSA-2021:0860 include ipa, ipa-client, ipa-common, ipa-server, and several others.
What type of vulnerability is addressed in RHSA-2021:0860?
RHSA-2021:0860 addresses a vulnerability in jQuery related to manipulation methods.
Is RHSA-2021:0860 applicable to both traditional and cloud environments?
Yes, RHSA-2021:0860 is applicable to both traditional and cloud-based enterprise environments using Red Hat Identity Management.