Synopsis: Moderate: ipa security, bug fix, and enhancement update
Advisory ID: SLSA-2020:3936-1
Issue Date: 2020-10-01
CVE Numbers: CVE-2018-20676
CVE-2018-14040
CVE-2016-10735
CVE-2020-11022
CVE-2018-14042
CVE-2019-11358
CVE-2020-1722
CVE-2015-9251
CVE-2019-8331
CVE-2018-20677
—
Security Fix(es):
* js-jquery: Cross-site scripting via cross-domain ajax requests
(CVE-2015-9251)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent
attribute (CVE-2018-14040)
* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip. (CVE-2018-14042)
* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
* bootstrap: XSS in the affix configuration target property
(CVE-2018-20677)
* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)
* js-jquery: prototype pollution in object’s prototype leading to denial of
service or remote code execution or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter
method (CVE-2020-11022)
* ipa: No password length restriction leads to denial of service
(CVE-2020-1722)
—
SL7
x86_64
ipa-client-common-4.6.8-5.el7.noarch.rpm
ipa-client-4.6.8-5.el7.x86_64.rpm
ipa-server-4.6.8-5.el7.x86_64.rpm
ipa-server-dns-4.6.8-5.el7.noarch.rpm
ipa-server-common-4.6.8-5.el7.noarch.rpm
ipa-common-4.6.8-5.el7.noarch.rpm
ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
python2-ipaclient-4.6.8-5.el7.noarch.rpm
ipa-python-compat-4.6.8-5.el7.noarch.rpm
python2-ipalib-4.6.8-5.el7.noarch.rpm
python2-ipaserver-4.6.8-5.el7.noarch.rpm
ipa-debuginfo-4.6.8-5.el7.x86_64.rpm
noarch
ipa-client-common-4.6.8-5.el7.noarch.rpm
ipa-common-4.6.8-5.el7.noarch.rpm
ipa-python-compat-4.6.8-5.el7.noarch.rpm
python2-ipaclient-4.6.8-5.el7.noarch.rpm
python2-ipalib-4.6.8-5.el7.noarch.rpm
ipa-server-common-4.6.8-5.el7.noarch.rpm
ipa-server-dns-4.6.8-5.el7.noarch.rpm
python2-ipaserver-4.6.8-5.el7.noarch.rpm
– Scientific Linux Development Team
