Ausführen beliebiger Kommandos in freeipa
ID: | FEDORA-2020-e3a79248dc |
Distribution: | Fedora |
Plattformen: | Fedora 32 |
Datum: | So, 5. April 2020, 16:58 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938
https://bugzilla.redhat.com/show_bug.cgi?id=1812169 https://bugzilla.redhat.com/show_bug.cgi?id=1810963 |
Applikationen: | FreeIPA |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-e3a79248dc 2020-04-05 00:14:44.681838 -------------------------------------------------------------------------------- Name : freeipa Product : Fedora 32 Version : 4.8.6 Release : 1.fc32 URL : http://www.freeipa.org/ Summary : The Identity, Policy and Audit system Description : IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). -------------------------------------------------------------------------------- Update Information: New upstream release. Please see release notest at https://www.freeipa.org/page/Releases/4.8.6 and https://www.freeipa.org/page/Releases/4.8.5 Major highlights: * openDNSSEC 2.1 support * AJP connector protection for Dogtag/FreeIPA communication for CVE-2020-1938 mitigation. Fedora and RHEL do not force encrypted AJP connector by default with 9.0.31 but FreeIPA 4.8.5 will convert to encrypted AJP channel on upgrade or at a new deployment. Use of AJP is limited to localhost connections with integrated CA already. * Default authentication indicators are now documented in FreeIPA workshop, https://freeipa.readthedocs.io/en/latest/workshop/11-kerberos-ticket-policy.html * FreeIPA SELinux policy is now part of the upstream packaging and replaces distribution-wide policies. * New internal mechanism to promote Trust Agents in ipa-adtrust-install, to allow configuring schema compatibility plugin on remote replicas. * New "ipa-cacert-manage delete" command to allow pruning a CA certificate from LDAP store -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 27 2020 Alexander Bokovoy |