ALSA-2024:3755

Source
https://errata.almalinux.org/8/ALSA-2024-3755.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3755.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2024:3755
Related
Published
2024-06-10T00:00:00Z
Modified
2024-06-20T15:58:27Z
Summary
Important: idm:DL1 security update
Details

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

  • CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
  • CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / bind-dyndb-ldap

Package

Name
bind-dyndb-ldap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.6-5.module_el8.10.0+3844+20e075e5.alma.2

AlmaLinux:8 / custodia

Package

Name
custodia

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.0-3.module_el8.6.0+2881+2f24dc92

AlmaLinux:8 / ipa-client

Package

Name
ipa-client

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / ipa-client-common

Package

Name
ipa-client-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / ipa-client-epn

Package

Name
ipa-client-epn

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / ipa-client-samba

Package

Name
ipa-client-samba

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / ipa-common

Package

Name
ipa-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / ipa-healthcheck

Package

Name
ipa-healthcheck

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.12-3.module_el8.9.0+3651+d05ea4c5

AlmaLinux:8 / ipa-healthcheck-core

Package

Name
ipa-healthcheck-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.12-3.module_el8.9.0+3651+d05ea4c5

AlmaLinux:8 / ipa-python-compat

Package

Name
ipa-python-compat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / ipa-selinux

Package

Name
ipa-selinux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / ipa-server

Package

Name
ipa-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / ipa-server-common

Package

Name
ipa-server-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / ipa-server-dns

Package

Name
ipa-server-dns

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / ipa-server-trust-ad

Package

Name
ipa-server-trust-ad

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / opendnssec

Package

Name
opendnssec

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.7-1.module_el8.6.0+2881+2f24dc92

AlmaLinux:8 / opendnssec

Package

Name
opendnssec

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.7-1.module_el8.6.0+3031+2f24dc92

AlmaLinux:8 / python3-custodia

Package

Name
python3-custodia

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.0-3.module_el8.6.0+2881+2f24dc92

AlmaLinux:8 / python3-ipaclient

Package

Name
python3-ipaclient

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / python3-ipalib

Package

Name
python3-ipalib

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / python3-ipaserver

Package

Name
python3-ipaserver

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / python3-ipatests

Package

Name
python3-ipatests

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.13-10.module_el8.10.0+3857+9c8da539

AlmaLinux:8 / python3-jwcrypto

Package

Name
python3-jwcrypto

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-2.module_el8.10.0+3844+20e075e5

AlmaLinux:8 / python3-kdcproxy

Package

Name
python3-kdcproxy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4-5.module_el8.9.0+3785+2238a12a

AlmaLinux:8 / python3-pyusb

Package

Name
python3-pyusb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.0-9.1.module_el8.7.0+3349+cfeff52e

AlmaLinux:8 / python3-qrcode

Package

Name
python3-qrcode

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1-12.module_el8.6.0+2881+2f24dc92

AlmaLinux:8 / python3-qrcode-core

Package

Name
python3-qrcode-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1-12.module_el8.6.0+2881+2f24dc92

AlmaLinux:8 / python3-yubico

Package

Name
python3-yubico

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.2-9.1.module_el8.7.0+3349+cfeff52e

AlmaLinux:8 / slapi-nis

Package

Name
slapi-nis

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60.0-4.module_el8.10.0+3844+20e075e5.alma.1

AlmaLinux:8 / softhsm

Package

Name
softhsm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.0-5.module_el8.6.0+2881+2f24dc92

AlmaLinux:8 / softhsm

Package

Name
softhsm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.0-5.module_el8.6.0+3031+2f24dc92

AlmaLinux:8 / softhsm-devel

Package

Name
softhsm-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.0-5.module_el8.6.0+2881+2f24dc92

AlmaLinux:8 / softhsm-devel

Package

Name
softhsm-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.0-5.module_el8.6.0+3031+2f24dc92