RLSA-2020:4670

Source
https://errata.rockylinux.org/RLSA-2020:4670
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2020:4670.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2020:4670
Related
Published
2020-11-03T12:25:36Z
Modified
2023-02-02T13:09:03.424700Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
Details

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)

Security Fix(es):

  • js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)

  • bootstrap: XSS in the data-target attribute (CVE-2016-10735)

  • bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)

  • bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)

  • bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)

  • bootstrap: XSS in the affix configuration target property (CVE-2018-20677)

  • bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

  • js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)

  • jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)

  • ipa: No password length restriction leads to denial of service (CVE-2020-1722)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / custodia

Package

Name
custodia
Purl
pkg:rpm/rocky-linux/custodia?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.6.0-3.module+el8.4.0+429+6bd33fea

Rocky Linux:8 / python-jwcrypto

Package

Name
python-jwcrypto
Purl
pkg:rpm/rocky-linux/python-jwcrypto?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.5.0-1.module+el8.4.0+429+6bd33fea

Rocky Linux:8 / python-jwcrypto

Package

Name
python-jwcrypto
Purl
pkg:rpm/rocky-linux/python-jwcrypto?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.5.0-1.1.module+el8.7.0+1074+aae18f3a

Rocky Linux:8 / python-kdcproxy

Package

Name
python-kdcproxy
Purl
pkg:rpm/rocky-linux/python-kdcproxy?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.4-5.module+el8.3.0+244+0b2ae752

Rocky Linux:8 / python-qrcode

Package

Name
python-qrcode
Purl
pkg:rpm/rocky-linux/python-qrcode?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.1-12.module+el8.4.0+429+6bd33fea

Rocky Linux:8 / python-yubico

Package

Name
python-yubico
Purl
pkg:rpm/rocky-linux/python-yubico?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.3.2-9.module+el8.4.0+429+6bd33fea

Rocky Linux:8 / python-yubico

Package

Name
python-yubico
Purl
pkg:rpm/rocky-linux/python-yubico?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.3.2-9.1.module+el8.7.0+1074+aae18f3a

Rocky Linux:8 / pyusb

Package

Name
pyusb
Purl
pkg:rpm/rocky-linux/pyusb?distro=rocky-linux-8-4-x86-64-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0.0-9.module+el8.4.0+429+6bd33fea

Rocky Linux:8 / pyusb

Package

Name
pyusb
Purl
pkg:rpm/rocky-linux/pyusb?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0.0-9.1.module+el8.7.0+1074+aae18f3a