Test ID:	1.3.6.1.4.1.25623.1.0.871399
Category:	Red Hat Local Security Checks
Title:	RedHat Update for ipa RHSA-2015:1462-01
Summary:	The remote host is missing an update for the 'ipa'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'ipa' package(s) announced via the referenced advisory. Vulnerability Insight: Two cross-site scripting (XSS) flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. (CVE-2010-5312, CVE-2012-6662) Note: The IdM version provided by this update no longer uses jQuery. Bug fixes: * The ipa-server-install, ipa-replica-install, and ipa-client-install utilities are not supported on machines running in FIPS-140 mode. Previously, IdM did not warn users about this. Now, IdM does not allow running the utilities in FIPS-140 mode, and displays an explanatory message. (BZ#1131571) * If an Active Directory (AD) server was specified or discovered automatically when running the ipa-client-install utility, the utility produced a traceback instead of informing the user that an IdM server is expected in this situation. Now, ipa-client-install detects the AD server and fails with an explanatory message. (BZ#1132261) * When IdM servers were configured to require the TLS protocol version 1.1 (TLSv1.1) or later in the httpd server, the ipa utility failed. With this update, running ipa works as expected with TLSv1.1 or later. (BZ#1154687) * In certain high-load environments, the Kerberos authentication step of the IdM client installer can fail. Previously, the entire client installation failed in this situation. This update modifies ipa-client-install to prefer the TCP protocol over the UDP protocol and to retry the authentication attempt in case of failure. (BZ#1161722) * If ipa-client-install updated or created the /etc/nsswitch.conf file, the sudo utility could terminate unexpectedly with a segmentation fault. Now, ipa-client-install puts a new line character at the end of nsswitch.conf if it modifies the last line of the file, fixing this bug. (BZ#1185207) * The ipa-client-automount utility failed with the 'UNWILLING_TO_PERFORM' LDAP error when the nsslapd-minssf Red Hat Directory Server configuration parameter was set to '1'. This update modifies ipa-client-automount to use encrypted connection for LDAP searches by default, and the utility now finishes successfully even with nsslapd-minssf specified. (BZ#1191040) * If installing an IdM server failed after the Certificate Authority (CA) installation, the 'ipa-server-install --uninstall' command did not perform a proper cleanup. After the user issued 'ipa-server-install --uninstall' and then attempted to install the server again, the installation failed. Now, 'ipa-server-install --uninst ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: ipa on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-5312 1037035 http://www.securitytracker.com/id/1037035 71106 http://www.securityfocus.com/bid/71106 DSA-3249 http://www.debian.org/security/2015/dsa-3249 FEDORA-2022-9d655503ea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/ FEDORA-2022-bf18450366 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/ RHSA-2015:0442 http://rhn.redhat.com/errata/RHSA-2015-0442.html RHSA-2015:1462 http://rhn.redhat.com/errata/RHSA-2015-1462.html [debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E [oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0 http://seclists.org/oss-sec/2014/q4/616 [oss-security] 20141114 old CVE assignments for JQuery 1.10.0 http://seclists.org/oss-sec/2014/q4/613 http://bugs.jqueryui.com/ticket/6016 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3 https://security.netapp.com/advisory/ntap-20190416-0007/ https://www.drupal.org/sa-core-2022-002 jqueryui-cve20105312-xss(98696) https://exchange.xforce.ibmcloud.com/vulnerabilities/98696 Common Vulnerability Exposure (CVE) ID: CVE-2012-6662 BugTraq ID: 71107 http://www.securityfocus.com/bid/71107 https://github.com/jquery/jquery/issues/2432 RedHat Security Advisories: RHSA-2015:0442 RedHat Security Advisories: RHSA-2015:1462 XForce ISS Database: jqueryui-cve20126662-xss(98697) https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.