Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-0442)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.123168

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2015-0442)

Zusammenfassung: The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-0442 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-0442 advisory.

Vulnerability Insight:
[4.1.0-18.0.1]
- Replace login-screen-logo.png [20362818]
- Drop subscription-manager requires for OL7
- Drop redhat-access-plugin-ipa requires for OL7
- Blank out header-logo.png product-name.png

[4.1.0-18]
- Fix ipa-pwd-extop global configuration caching (#1187342)
- group-detach does not add correct objectclasses (#1187540)

[4.1.0-17]
- Wrong directories created on full restore (#1186398)
- ipa-restore crashes if replica is unreachable (#1186396)
- idoverrideuser-add option --sshpubkey does not work (#1185410)

[4.1.0-16]
- PassSync does not sync passwords due to missing ACIs (#1181093)
- ipa-replica-manage list does not list synced domain (#1181010)
- Do not assume certmonger is running in httpinstance (#1181767)
- ipa-replica-manage disconnect fails without password (#1183279)
- Put LDIF files to their original location in ipa-restore (#1175277)
- DUA profile not available anonymously (#1184149)
- IPA replica missing data after master upgraded (#1176995)

[4.1.0-15]
- Re-add accidentally removed patches for #1170695 and #1164896

[4.1.0-14]
- IPA Replicate creation fails with error 'Update failed! Status: [10 Total
update abortedLDAP error: Referral]' (#1166265)
- running ipa-server-install --setup-dns results in a crash (#1072502)
- DNS zones are not migrated into forward zones if 4.0+ replica is added
(#1175384)
- gid is overridden by uid in default trust view (#1168904)
- When migrating warn user if compat is enabled (#1177133)
- Clean up debug log for trust-add (#1168376)
- No error message thrown on restore(full kind) on replica from full backup
taken on master (#1175287)
- ipa-restore proceed even IPA not configured (#1175326)
- Data replication not working as expected after data restore from full backup
(#1175277)
- IPA externally signed CA cert expiration warning missing from log (#1178128)
- ipa-upgradeconfig fails in CA-less installs (#1181767)
- IPA certs fail to autorenew simultaneously (#1173207)
- More validation required on ipa-restore's options (#1176034)

[4.1.0-13]
- Expand the token auth/sync windows (#919228)
- Access is not rejected for disabled domain (#1172598)
- krb5kdc crash in ldap_pvt_search (#1170695)
- RHEL7.1 IPA server httpd avc denials after upgrade (#1164896)

[4.1.0-12]
- RHEL7.1 ipa-cacert-manage renewed certificate from MS ADCS not compatible
(#1169591)
- CLI doesn't show SSHFP records with SHA256 added via nsupdate (regression)
(#1172578)

[4.1.0-11]
- Throw zonemgr error message before installation proceeds (#1163849)
- Winsync: Setup is broken due to incorrect import of certificate (#1169867)
- Enable last token deletion when password auth type is configured (#919228)
- ipa-otp-lasttoken loads all user's tokens on every mod/del (#1166641)
- add --hosts and --hostgroup options to allow/retrieve keytab methods
(#1007367)
- Extend host-show to add the view attribute in set of default attributes
(#1168916)
- Prefer TCP ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ipa' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-5312
1037035
http://www.securitytracker.com/id/1037035
71106
http://www.securityfocus.com/bid/71106
DSA-3249
http://www.debian.org/security/2015/dsa-3249
FEDORA-2022-9d655503ea
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
FEDORA-2022-bf18450366
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
RHSA-2015:0442
http://rhn.redhat.com/errata/RHSA-2015-0442.html
RHSA-2015:1462
http://rhn.redhat.com/errata/RHSA-2015-1462.html
[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
[oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0
http://seclists.org/oss-sec/2014/q4/616
[oss-security] 20141114 old CVE assignments for JQuery 1.10.0
http://seclists.org/oss-sec/2014/q4/613
http://bugs.jqueryui.com/ticket/6016
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
https://security.netapp.com/advisory/ntap-20190416-0007/
https://www.drupal.org/sa-core-2022-002
jqueryui-cve20105312-xss(98696)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98696
Common Vulnerability Exposure (CVE) ID: CVE-2012-6662
BugTraq ID: 71107
http://www.securityfocus.com/bid/71107
https://github.com/jquery/jquery/issues/2432
RedHat Security Advisories: RHSA-2015:0442
RedHat Security Advisories: RHSA-2015:1462
XForce ISS Database: jqueryui-cve20126662-xss(98697)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98697

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.123168
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2015-0442)
Zusammenfassung:	The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-0442 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-0442 advisory. Vulnerability Insight: [4.1.0-18.0.1] - Replace login-screen-logo.png [20362818] - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png [4.1.0-18] - Fix ipa-pwd-extop global configuration caching (#1187342) - group-detach does not add correct objectclasses (#1187540) [4.1.0-17] - Wrong directories created on full restore (#1186398) - ipa-restore crashes if replica is unreachable (#1186396) - idoverrideuser-add option --sshpubkey does not work (#1185410) [4.1.0-16] - PassSync does not sync passwords due to missing ACIs (#1181093) - ipa-replica-manage list does not list synced domain (#1181010) - Do not assume certmonger is running in httpinstance (#1181767) - ipa-replica-manage disconnect fails without password (#1183279) - Put LDIF files to their original location in ipa-restore (#1175277) - DUA profile not available anonymously (#1184149) - IPA replica missing data after master upgraded (#1176995) [4.1.0-15] - Re-add accidentally removed patches for #1170695 and #1164896 [4.1.0-14] - IPA Replicate creation fails with error 'Update failed! Status: [10 Total update abortedLDAP error: Referral]' (#1166265) - running ipa-server-install --setup-dns results in a crash (#1072502) - DNS zones are not migrated into forward zones if 4.0+ replica is added (#1175384) - gid is overridden by uid in default trust view (#1168904) - When migrating warn user if compat is enabled (#1177133) - Clean up debug log for trust-add (#1168376) - No error message thrown on restore(full kind) on replica from full backup taken on master (#1175287) - ipa-restore proceed even IPA not configured (#1175326) - Data replication not working as expected after data restore from full backup (#1175277) - IPA externally signed CA cert expiration warning missing from log (#1178128) - ipa-upgradeconfig fails in CA-less installs (#1181767) - IPA certs fail to autorenew simultaneously (#1173207) - More validation required on ipa-restore's options (#1176034) [4.1.0-13] - Expand the token auth/sync windows (#919228) - Access is not rejected for disabled domain (#1172598) - krb5kdc crash in ldap_pvt_search (#1170695) - RHEL7.1 IPA server httpd avc denials after upgrade (#1164896) [4.1.0-12] - RHEL7.1 ipa-cacert-manage renewed certificate from MS ADCS not compatible (#1169591) - CLI doesn't show SSHFP records with SHA256 added via nsupdate (regression) (#1172578) [4.1.0-11] - Throw zonemgr error message before installation proceeds (#1163849) - Winsync: Setup is broken due to incorrect import of certificate (#1169867) - Enable last token deletion when password auth type is configured (#919228) - ipa-otp-lasttoken loads all user's tokens on every mod/del (#1166641) - add --hosts and --hostgroup options to allow/retrieve keytab methods (#1007367) - Extend host-show to add the view attribute in set of default attributes (#1168916) - Prefer TCP ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'ipa' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-5312 1037035 http://www.securitytracker.com/id/1037035 71106 http://www.securityfocus.com/bid/71106 DSA-3249 http://www.debian.org/security/2015/dsa-3249 FEDORA-2022-9d655503ea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ FEDORA-2022-bf18450366 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ RHSA-2015:0442 http://rhn.redhat.com/errata/RHSA-2015-0442.html RHSA-2015:1462 http://rhn.redhat.com/errata/RHSA-2015-1462.html [debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E [oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0 http://seclists.org/oss-sec/2014/q4/616 [oss-security] 20141114 old CVE assignments for JQuery 1.10.0 http://seclists.org/oss-sec/2014/q4/613 http://bugs.jqueryui.com/ticket/6016 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3 https://security.netapp.com/advisory/ntap-20190416-0007/ https://www.drupal.org/sa-core-2022-002 jqueryui-cve20105312-xss(98696) https://exchange.xforce.ibmcloud.com/vulnerabilities/98696 Common Vulnerability Exposure (CVE) ID: CVE-2012-6662 BugTraq ID: 71107 http://www.securityfocus.com/bid/71107 https://github.com/jquery/jquery/issues/2432 RedHat Security Advisories: RHSA-2015:0442 RedHat Security Advisories: RHSA-2015:1462 XForce ISS Database: jqueryui-cve20126662-xss(98697) https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
Copyright	Copyright (C) 2015 Greenbone AG