RLSA-2020:4670
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2020:4670.json
- Related
- Published
- 2020-11-03T12:25:36Z
- Modified
- 2023-02-02T13:09:03.424700Z
- Details
-
Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)
Security Fix(es):
js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2020:4670
- https://bugzilla.redhat.com/show_bug.cgi?id=1399546
- https://bugzilla.redhat.com/show_bug.cgi?id=1430365
- https://bugzilla.redhat.com/show_bug.cgi?id=1488732
- https://bugzilla.redhat.com/show_bug.cgi?id=1585020
- https://bugzilla.redhat.com/show_bug.cgi?id=1601614
- https://bugzilla.redhat.com/show_bug.cgi?id=1601617
- https://bugzilla.redhat.com/show_bug.cgi?id=1651577
- https://bugzilla.redhat.com/show_bug.cgi?id=1668082
- https://bugzilla.redhat.com/show_bug.cgi?id=1668089
- https://bugzilla.redhat.com/show_bug.cgi?id=1668097
- https://bugzilla.redhat.com/show_bug.cgi?id=1686454
- https://bugzilla.redhat.com/show_bug.cgi?id=1701233
- https://bugzilla.redhat.com/show_bug.cgi?id=1701972
- https://bugzilla.redhat.com/show_bug.cgi?id=1746830
- https://bugzilla.redhat.com/show_bug.cgi?id=1750893
- https://bugzilla.redhat.com/show_bug.cgi?id=1751295
- https://bugzilla.redhat.com/show_bug.cgi?id=1757045
- https://bugzilla.redhat.com/show_bug.cgi?id=1759888
- https://bugzilla.redhat.com/show_bug.cgi?id=1768156
- https://bugzilla.redhat.com/show_bug.cgi?id=1777806
- https://bugzilla.redhat.com/show_bug.cgi?id=1793071
- https://bugzilla.redhat.com/show_bug.cgi?id=1801698
- https://bugzilla.redhat.com/show_bug.cgi?id=1802471
- https://bugzilla.redhat.com/show_bug.cgi?id=1809835
- https://bugzilla.redhat.com/show_bug.cgi?id=1810154
- https://bugzilla.redhat.com/show_bug.cgi?id=1810179
- https://bugzilla.redhat.com/show_bug.cgi?id=1813330
- https://bugzilla.redhat.com/show_bug.cgi?id=1816784
- https://bugzilla.redhat.com/show_bug.cgi?id=1818765
- https://bugzilla.redhat.com/show_bug.cgi?id=1818877
- https://bugzilla.redhat.com/show_bug.cgi?id=1828406
- https://bugzilla.redhat.com/show_bug.cgi?id=1831732
- https://bugzilla.redhat.com/show_bug.cgi?id=1831935
- https://bugzilla.redhat.com/show_bug.cgi?id=1832331
- https://bugzilla.redhat.com/show_bug.cgi?id=1833266
- https://bugzilla.redhat.com/show_bug.cgi?id=1834264
- https://bugzilla.redhat.com/show_bug.cgi?id=1834909
- https://bugzilla.redhat.com/show_bug.cgi?id=1845211
- https://bugzilla.redhat.com/show_bug.cgi?id=1845537
- https://bugzilla.redhat.com/show_bug.cgi?id=1845596
- https://bugzilla.redhat.com/show_bug.cgi?id=1846352
- https://bugzilla.redhat.com/show_bug.cgi?id=1846434
- https://bugzilla.redhat.com/show_bug.cgi?id=1847999
- https://bugzilla.redhat.com/show_bug.cgi?id=1849914
- https://bugzilla.redhat.com/show_bug.cgi?id=1851411
- https://bugzilla.redhat.com/show_bug.cgi?id=1852244
- https://bugzilla.redhat.com/show_bug.cgi?id=1853263
- https://bugzilla.redhat.com/show_bug.cgi?id=1857157
- https://bugzilla.redhat.com/show_bug.cgi?id=1858318
- https://bugzilla.redhat.com/show_bug.cgi?id=1859213
- https://bugzilla.redhat.com/show_bug.cgi?id=1863079
- https://bugzilla.redhat.com/show_bug.cgi?id=1863616
- https://bugzilla.redhat.com/show_bug.cgi?id=1866291
- https://bugzilla.redhat.com/show_bug.cgi?id=1866938
- https://bugzilla.redhat.com/show_bug.cgi?id=1868432
- https://bugzilla.redhat.com/show_bug.cgi?id=1869311
- https://bugzilla.redhat.com/show_bug.cgi?id=1870202
- https://bugzilla.redhat.com/show_bug.cgi?id=1874015
- https://bugzilla.redhat.com/show_bug.cgi?id=1875348
- https://bugzilla.redhat.com/show_bug.cgi?id=1879604
Affected packages
Rocky Linux:8 / custodia
Package
- Name
- custodia
Rocky Linux:8 / python-jwcrypto
Package
- Name
- python-jwcrypto
Rocky Linux:8 / python-jwcrypto
Package
- Name
- python-jwcrypto
Rocky Linux:8 / python-kdcproxy
Package
- Name
- python-kdcproxy
Rocky Linux:8 / python-qrcode
Package
- Name
- python-qrcode
Rocky Linux:8 / python-yubico
Package
- Name
- python-yubico
Rocky Linux:8 / python-yubico
Package
- Name
- python-yubico
Rocky Linux:8 / pyusb
Package
- Name
- pyusb
Rocky Linux:8 / pyusb
Package
- Name
- pyusb