Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2015-0442)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.123168

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2015-0442)

Summary: The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-0442 advisory.

Description: Summary:
The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-0442 advisory.

Vulnerability Insight:
[4.1.0-18.0.1]
- Replace login-screen-logo.png [20362818]
- Drop subscription-manager requires for OL7
- Drop redhat-access-plugin-ipa requires for OL7
- Blank out header-logo.png product-name.png

[4.1.0-18]
- Fix ipa-pwd-extop global configuration caching (#1187342)
- group-detach does not add correct objectclasses (#1187540)

[4.1.0-17]
- Wrong directories created on full restore (#1186398)
- ipa-restore crashes if replica is unreachable (#1186396)
- idoverrideuser-add option --sshpubkey does not work (#1185410)

[4.1.0-16]
- PassSync does not sync passwords due to missing ACIs (#1181093)
- ipa-replica-manage list does not list synced domain (#1181010)
- Do not assume certmonger is running in httpinstance (#1181767)
- ipa-replica-manage disconnect fails without password (#1183279)
- Put LDIF files to their original location in ipa-restore (#1175277)
- DUA profile not available anonymously (#1184149)
- IPA replica missing data after master upgraded (#1176995)

[4.1.0-15]
- Re-add accidentally removed patches for #1170695 and #1164896

[4.1.0-14]
- IPA Replicate creation fails with error 'Update failed! Status: [10 Total
update abortedLDAP error: Referral]' (#1166265)
- running ipa-server-install --setup-dns results in a crash (#1072502)
- DNS zones are not migrated into forward zones if 4.0+ replica is added
(#1175384)
- gid is overridden by uid in default trust view (#1168904)
- When migrating warn user if compat is enabled (#1177133)
- Clean up debug log for trust-add (#1168376)
- No error message thrown on restore(full kind) on replica from full backup
taken on master (#1175287)
- ipa-restore proceed even IPA not configured (#1175326)
- Data replication not working as expected after data restore from full backup
(#1175277)
- IPA externally signed CA cert expiration warning missing from log (#1178128)
- ipa-upgradeconfig fails in CA-less installs (#1181767)
- IPA certs fail to autorenew simultaneously (#1173207)
- More validation required on ipa-restore's options (#1176034)

[4.1.0-13]
- Expand the token auth/sync windows (#919228)
- Access is not rejected for disabled domain (#1172598)
- krb5kdc crash in ldap_pvt_search (#1170695)
- RHEL7.1 IPA server httpd avc denials after upgrade (#1164896)

[4.1.0-12]
- RHEL7.1 ipa-cacert-manage renewed certificate from MS ADCS not compatible
(#1169591)
- CLI doesn't show SSHFP records with SHA256 added via nsupdate (regression)
(#1172578)

[4.1.0-11]
- Throw zonemgr error message before installation proceeds (#1163849)
- Winsync: Setup is broken due to incorrect import of certificate (#1169867)
- Enable last token deletion when password auth type is configured (#919228)
- ipa-otp-lasttoken loads all user's tokens on every mod/del (#1166641)
- add --hosts and --hostgroup options to allow/retrieve keytab methods
(#1007367)
- Extend host-show to add the view attribute in set of default attributes
(#1168916)
- Prefer TCP ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ipa' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-5312
1037035
http://www.securitytracker.com/id/1037035
71106
http://www.securityfocus.com/bid/71106
DSA-3249
http://www.debian.org/security/2015/dsa-3249
FEDORA-2022-9d655503ea
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
FEDORA-2022-bf18450366
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
RHSA-2015:0442
http://rhn.redhat.com/errata/RHSA-2015-0442.html
RHSA-2015:1462
http://rhn.redhat.com/errata/RHSA-2015-1462.html
[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
[oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0
http://seclists.org/oss-sec/2014/q4/616
[oss-security] 20141114 old CVE assignments for JQuery 1.10.0
http://seclists.org/oss-sec/2014/q4/613
http://bugs.jqueryui.com/ticket/6016
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
https://security.netapp.com/advisory/ntap-20190416-0007/
https://www.drupal.org/sa-core-2022-002
jqueryui-cve20105312-xss(98696)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98696
Common Vulnerability Exposure (CVE) ID: CVE-2012-6662
BugTraq ID: 71107
http://www.securityfocus.com/bid/71107
https://github.com/jquery/jquery/issues/2432
RedHat Security Advisories: RHSA-2015:0442
RedHat Security Advisories: RHSA-2015:1462
XForce ISS Database: jqueryui-cve20126662-xss(98697)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98697

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.123168
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2015-0442)
Summary:	The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-0442 advisory.
Description:	Summary: The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2015-0442 advisory. Vulnerability Insight: [4.1.0-18.0.1] - Replace login-screen-logo.png [20362818] - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png [4.1.0-18] - Fix ipa-pwd-extop global configuration caching (#1187342) - group-detach does not add correct objectclasses (#1187540) [4.1.0-17] - Wrong directories created on full restore (#1186398) - ipa-restore crashes if replica is unreachable (#1186396) - idoverrideuser-add option --sshpubkey does not work (#1185410) [4.1.0-16] - PassSync does not sync passwords due to missing ACIs (#1181093) - ipa-replica-manage list does not list synced domain (#1181010) - Do not assume certmonger is running in httpinstance (#1181767) - ipa-replica-manage disconnect fails without password (#1183279) - Put LDIF files to their original location in ipa-restore (#1175277) - DUA profile not available anonymously (#1184149) - IPA replica missing data after master upgraded (#1176995) [4.1.0-15] - Re-add accidentally removed patches for #1170695 and #1164896 [4.1.0-14] - IPA Replicate creation fails with error 'Update failed! Status: [10 Total update abortedLDAP error: Referral]' (#1166265) - running ipa-server-install --setup-dns results in a crash (#1072502) - DNS zones are not migrated into forward zones if 4.0+ replica is added (#1175384) - gid is overridden by uid in default trust view (#1168904) - When migrating warn user if compat is enabled (#1177133) - Clean up debug log for trust-add (#1168376) - No error message thrown on restore(full kind) on replica from full backup taken on master (#1175287) - ipa-restore proceed even IPA not configured (#1175326) - Data replication not working as expected after data restore from full backup (#1175277) - IPA externally signed CA cert expiration warning missing from log (#1178128) - ipa-upgradeconfig fails in CA-less installs (#1181767) - IPA certs fail to autorenew simultaneously (#1173207) - More validation required on ipa-restore's options (#1176034) [4.1.0-13] - Expand the token auth/sync windows (#919228) - Access is not rejected for disabled domain (#1172598) - krb5kdc crash in ldap_pvt_search (#1170695) - RHEL7.1 IPA server httpd avc denials after upgrade (#1164896) [4.1.0-12] - RHEL7.1 ipa-cacert-manage renewed certificate from MS ADCS not compatible (#1169591) - CLI doesn't show SSHFP records with SHA256 added via nsupdate (regression) (#1172578) [4.1.0-11] - Throw zonemgr error message before installation proceeds (#1163849) - Winsync: Setup is broken due to incorrect import of certificate (#1169867) - Enable last token deletion when password auth type is configured (#919228) - ipa-otp-lasttoken loads all user's tokens on every mod/del (#1166641) - add --hosts and --hostgroup options to allow/retrieve keytab methods (#1007367) - Extend host-show to add the view attribute in set of default attributes (#1168916) - Prefer TCP ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'ipa' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-5312 1037035 http://www.securitytracker.com/id/1037035 71106 http://www.securityfocus.com/bid/71106 DSA-3249 http://www.debian.org/security/2015/dsa-3249 FEDORA-2022-9d655503ea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ FEDORA-2022-bf18450366 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ RHSA-2015:0442 http://rhn.redhat.com/errata/RHSA-2015-0442.html RHSA-2015:1462 http://rhn.redhat.com/errata/RHSA-2015-1462.html [debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E [oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0 http://seclists.org/oss-sec/2014/q4/616 [oss-security] 20141114 old CVE assignments for JQuery 1.10.0 http://seclists.org/oss-sec/2014/q4/613 http://bugs.jqueryui.com/ticket/6016 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3 https://security.netapp.com/advisory/ntap-20190416-0007/ https://www.drupal.org/sa-core-2022-002 jqueryui-cve20105312-xss(98696) https://exchange.xforce.ibmcloud.com/vulnerabilities/98696 Common Vulnerability Exposure (CVE) ID: CVE-2012-6662 BugTraq ID: 71107 http://www.securityfocus.com/bid/71107 https://github.com/jquery/jquery/issues/2432 RedHat Security Advisories: RHSA-2015:0442 RedHat Security Advisories: RHSA-2015:1462 XForce ISS Database: jqueryui-cve20126662-xss(98697) https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
Copyright	Copyright (C) 2015 Greenbone AG