[El-errata] ELSA-2021-0860 Moderate: Oracle Linux 7 ipa security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Mar 19 08:07:46 PDT 2021 

Oracle Linux Security Advisory ELSA-2021-0860

http://linux.oracle.com/errata/ELSA-2021-0860.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
ipa-client-4.6.8-5.0.1.el7_9.4.x86_64.rpm
ipa-client-common-4.6.8-5.0.1.el7_9.4.noarch.rpm
ipa-common-4.6.8-5.0.1.el7_9.4.noarch.rpm
ipa-python-compat-4.6.8-5.0.1.el7_9.4.noarch.rpm
ipa-server-4.6.8-5.0.1.el7_9.4.x86_64.rpm
ipa-server-common-4.6.8-5.0.1.el7_9.4.noarch.rpm
ipa-server-dns-4.6.8-5.0.1.el7_9.4.noarch.rpm
ipa-server-trust-ad-4.6.8-5.0.1.el7_9.4.x86_64.rpm
python2-ipaclient-4.6.8-5.0.1.el7_9.4.noarch.rpm
python2-ipalib-4.6.8-5.0.1.el7_9.4.noarch.rpm
python2-ipaserver-4.6.8-5.0.1.el7_9.4.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ipa-4.6.8-5.0.1.el7_9.4.src.rpm



Description of changes:

[4.6.8-5.0.1]
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]

[4.6.8-5.el7_9.4]
- Resolves: #1897253 IPA WebUI inaccessible after upgrading to RHEL 
8.3.- idoverride-memberof.js missing
- wgi/plugins.py: ignore empty plugin directories
- Resolves: #1895197 improve IPA PKI susbsystem detection by other means 
than a directory presence, use pki-server subsystem-find
- Improve PKI subsystem detection
- ipatests: add test for PKI subsystem detection
- ipatest: fix test_upgrade.py::TestUpgrade::()::test_kra_detection
- Resolves: #1892793 Authentication and login times are over several 
seconds due to unindexed ipaExternalMember
- Add more indices
- Resolves: #1884819 IdM Web UI shows users as disabled
- fix cert-find errors in CA-less deployment
- Resolves: #1863619 CA-less install does not set required permissions 
on KDC certificate
- CAless installation: set the perms on KDC cert file
- ipatests: check KDC cert permissions in CA less install
- Resolves: #1859248 CVE-2020-11023 ipa: jquery: Passing HTML containing 
<option> elements to manipulation methods could result in untrusted code 
execution
- WebUI: Fix jQuery DOM manipulation issues
- Resolves: #1846349 cannot issue certs with multiple IP addresses 
corresponding to different hosts
- fix iPAddress cert issuance for >1 host/service

More information about the El-errata mailing list