ALSA-2020:4670

Source

https://errata.almalinux.org/8/ALSA-2020-4670.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json

Related

• CVE-2015-9251
• CVE-2016-10735
• CVE-2018-14040
• CVE-2018-14042
• CVE-2018-20676
• CVE-2018-20677
• CVE-2019-11358
• CVE-2019-8331
• CVE-2020-11022
• CVE-2020-1722

Published

2020-11-03T12:25:36Z

Modified

2022-04-29T15:25:47Z

Details

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)

Security Fix(es):

• js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)

• bootstrap: XSS in the data-target attribute (CVE-2016-10735)

• bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)

• bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)

• bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)

• bootstrap: XSS in the affix configuration target property (CVE-2018-20677)

• bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

• js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)

• jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)

• ipa: No password length restriction leads to denial of service (CVE-2020-1722)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

• https://errata.almalinux.org/8/ALSA-2020-4670.html
• https://vulners.com/cve/CVE-2015-9251
• https://vulners.com/cve/CVE-2016-10735
• https://vulners.com/cve/CVE-2018-14040
• https://vulners.com/cve/CVE-2018-14042
• https://vulners.com/cve/CVE-2018-20676
• https://vulners.com/cve/CVE-2018-20677
• https://vulners.com/cve/CVE-2019-11358
• https://vulners.com/cve/CVE-2019-8331
• https://vulners.com/cve/CVE-2020-11022
• https://vulners.com/cve/CVE-2020-1722