Lucene search

CentOS ProjectCESA-2021:5195

HistoryDec 21, 2021 - 9:37 p.m.

ipa, python2 security update

2021-12-2121:37:58

CentOS Project

lists.centos.org

193

red hat identity management

samba ad dc

kerberos tickets

ipa replica

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

47.0%

JSON

CentOS Errata and Security Advisory CESA-2021:5195

Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server (BZ#2025848)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2021-December/086220.html

Affected packages:
ipa-client
ipa-client-common
ipa-common
ipa-python-compat
ipa-server
ipa-server-common
ipa-server-dns
ipa-server-trust-ad
python2-ipaclient
python2-ipalib
python2-ipaserver

Upstream details at:
https://access.redhat.com/errata/RHSA-2021:5195

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64ipa-client< 4.6.8-5.el7.centos.10ipa-client-4.6.8-5.el7.centos.10.x86_64.rpm
CentOS7noarchipa-client-common< 4.6.8-5.el7.centos.10ipa-client-common-4.6.8-5.el7.centos.10.noarch.rpm
CentOS7noarchipa-common< 4.6.8-5.el7.centos.10ipa-common-4.6.8-5.el7.centos.10.noarch.rpm
CentOS7noarchipa-python-compat< 4.6.8-5.el7.centos.10ipa-python-compat-4.6.8-5.el7.centos.10.noarch.rpm
CentOS7x86_64ipa-server< 4.6.8-5.el7.centos.10ipa-server-4.6.8-5.el7.centos.10.x86_64.rpm
CentOS7noarchipa-server-common< 4.6.8-5.el7.centos.10ipa-server-common-4.6.8-5.el7.centos.10.noarch.rpm
CentOS7noarchipa-server-dns< 4.6.8-5.el7.centos.10ipa-server-dns-4.6.8-5.el7.centos.10.noarch.rpm
CentOS7x86_64ipa-server-trust-ad< 4.6.8-5.el7.centos.10ipa-server-trust-ad-4.6.8-5.el7.centos.10.x86_64.rpm
CentOS7noarchpython2-ipaclient< 4.6.8-5.el7.centos.10python2-ipaclient-4.6.8-5.el7.centos.10.noarch.rpm
CentOS7noarchpython2-ipalib< 4.6.8-5.el7.centos.10python2-ipalib-4.6.8-5.el7.centos.10.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	x86_64	ipa-client	< 4.6.8-5.el7.centos.10	ipa-client-4.6.8-5.el7.centos.10.x86_64.rpm
CentOS	7	noarch	ipa-client-common	< 4.6.8-5.el7.centos.10	ipa-client-common-4.6.8-5.el7.centos.10.noarch.rpm
CentOS	7	noarch	ipa-common	< 4.6.8-5.el7.centos.10	ipa-common-4.6.8-5.el7.centos.10.noarch.rpm
CentOS	7	noarch	ipa-python-compat	< 4.6.8-5.el7.centos.10	ipa-python-compat-4.6.8-5.el7.centos.10.noarch.rpm
CentOS	7	x86_64	ipa-server	< 4.6.8-5.el7.centos.10	ipa-server-4.6.8-5.el7.centos.10.x86_64.rpm
CentOS	7	noarch	ipa-server-common	< 4.6.8-5.el7.centos.10	ipa-server-common-4.6.8-5.el7.centos.10.noarch.rpm
CentOS	7	noarch	ipa-server-dns	< 4.6.8-5.el7.centos.10	ipa-server-dns-4.6.8-5.el7.centos.10.noarch.rpm
CentOS	7	x86_64	ipa-server-trust-ad	< 4.6.8-5.el7.centos.10	ipa-server-trust-ad-4.6.8-5.el7.centos.10.x86_64.rpm
CentOS	7	noarch	python2-ipaclient	< 4.6.8-5.el7.centos.10	python2-ipaclient-4.6.8-5.el7.centos.10.noarch.rpm
CentOS	7	noarch	python2-ipalib	< 4.6.8-5.el7.centos.10	python2-ipalib-4.6.8-5.el7.centos.10.noarch.rpm