-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ipa security and bug fix update Advisory ID: RHSA-2021:5195-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:5195 Issue date: 2021-12-16 CVE Names: CVE-2020-25719 ==================================================================== 1. Summary: An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server (BZ#2025848) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2019732 - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets 2025848 - RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ipa-4.6.8-5.el7_9.10.src.rpm noarch: ipa-client-common-4.6.8-5.el7_9.10.noarch.rpm ipa-common-4.6.8-5.el7_9.10.noarch.rpm ipa-python-compat-4.6.8-5.el7_9.10.noarch.rpm python2-ipaclient-4.6.8-5.el7_9.10.noarch.rpm python2-ipalib-4.6.8-5.el7_9.10.noarch.rpm x86_64: ipa-client-4.6.8-5.el7_9.10.x86_64.rpm ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: ipa-server-common-4.6.8-5.el7_9.10.noarch.rpm ipa-server-dns-4.6.8-5.el7_9.10.noarch.rpm python2-ipaserver-4.6.8-5.el7_9.10.noarch.rpm x86_64: ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7_9.10.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ipa-4.6.8-5.el7_9.10.src.rpm noarch: ipa-client-common-4.6.8-5.el7_9.10.noarch.rpm ipa-common-4.6.8-5.el7_9.10.noarch.rpm ipa-python-compat-4.6.8-5.el7_9.10.noarch.rpm python2-ipaclient-4.6.8-5.el7_9.10.noarch.rpm python2-ipalib-4.6.8-5.el7_9.10.noarch.rpm x86_64: ipa-client-4.6.8-5.el7_9.10.x86_64.rpm ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: ipa-server-common-4.6.8-5.el7_9.10.noarch.rpm ipa-server-dns-4.6.8-5.el7_9.10.noarch.rpm python2-ipaserver-4.6.8-5.el7_9.10.noarch.rpm x86_64: ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7_9.10.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ipa-4.6.8-5.el7_9.10.src.rpm noarch: ipa-client-common-4.6.8-5.el7_9.10.noarch.rpm ipa-common-4.6.8-5.el7_9.10.noarch.rpm ipa-python-compat-4.6.8-5.el7_9.10.noarch.rpm ipa-server-common-4.6.8-5.el7_9.10.noarch.rpm ipa-server-dns-4.6.8-5.el7_9.10.noarch.rpm python2-ipaclient-4.6.8-5.el7_9.10.noarch.rpm python2-ipalib-4.6.8-5.el7_9.10.noarch.rpm python2-ipaserver-4.6.8-5.el7_9.10.noarch.rpm ppc64: ipa-client-4.6.8-5.el7_9.10.ppc64.rpm ipa-debuginfo-4.6.8-5.el7_9.10.ppc64.rpm ppc64le: ipa-client-4.6.8-5.el7_9.10.ppc64le.rpm ipa-debuginfo-4.6.8-5.el7_9.10.ppc64le.rpm s390x: ipa-client-4.6.8-5.el7_9.10.s390x.rpm ipa-debuginfo-4.6.8-5.el7_9.10.s390x.rpm x86_64: ipa-client-4.6.8-5.el7_9.10.x86_64.rpm ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7_9.10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ipa-4.6.8-5.el7_9.10.src.rpm noarch: ipa-client-common-4.6.8-5.el7_9.10.noarch.rpm ipa-common-4.6.8-5.el7_9.10.noarch.rpm ipa-python-compat-4.6.8-5.el7_9.10.noarch.rpm ipa-server-common-4.6.8-5.el7_9.10.noarch.rpm ipa-server-dns-4.6.8-5.el7_9.10.noarch.rpm python2-ipaclient-4.6.8-5.el7_9.10.noarch.rpm python2-ipalib-4.6.8-5.el7_9.10.noarch.rpm python2-ipaserver-4.6.8-5.el7_9.10.noarch.rpm x86_64: ipa-client-4.6.8-5.el7_9.10.x86_64.rpm ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-4.6.8-5.el7_9.10.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7_9.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25719 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYbuXktzjgjWX9erEAQhRFg//ai599K6l5ZrwKPruBlWybmcdbDOw+CzK k7+5mVr0v1li6SuurKGOJsEP8GEmKO2tz1qxPJJxbF//LUdDoFaeNqUFTa1KO1cW vFB0l6/fsOuSpidBhD/MJaeFp+xCeRfCElHz76h/YaTHPTskR1cwDgQhME72OER5 aoixDr/Grua9BI4RfefSpbilSPpIvI3SA41pYGWpSfypjCgysOpzAw8bwe/dq4L9 bKRs+ha3AVT1SduEOKMADhzeZqF9XcptwPLfHLcsF+SY7jvfFMNz+E5qRBQFdSwo 4yvTpMF5LMv52ua7zpceOBVKdb90/C3eKBK4mpzMhAUrA6Abkckcc2VnQEiXh/J8 GBgXfxUdBbafXK8OOI+EX0hh9oubiAXCloCL1zRyQUgdqrvC+Cz81cOE1pU2p28V nTMFOw9b0aHDgRK0hvXdhKS4DfAXO0Vcb/vzZNSrOAvhF7A4T7Fseq0RizPmMtSJ zZEgYgk0C1asTqfyYKDsAEK4MZiNhsPPJXicto0+u88FIccmtiYGc7883Ve3CyUk AlP3wpj1M6FTWrxNxXpQHvL4Gm0D3qDtMmZ2PJdAKMekaiIqtxXX7RBkTK41A4rJ sepnnS+Nkp+q8oiSLtVnBfj9HAJm6vyAotLcvMU6l4GTKg+ZTsoMs1ildIjaRqH2 VjAgIqLSd+A=br8L -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce