RHSA-2020:4670-01 -- Redhat bind-dyndb-ldap, custodia, ipa, ipa-healthcheck, opendnssec, python-jwcrypto, python-kdcproxy, python-qrcode, python-yubico, pyusb, slapi-nis, softhsmID: oval:org.secpod.oval:def:504711 | Date: (C)2020-12-23 (M)2024-05-16 |
Class: PATCH | Family: unix |
Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa , softhsm , opendnssec . Security Fix: * js-jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribute * bootstrap: Cross-site Scripting in the data-container property of tooltip * bootstrap: XSS in the tooltip data-viewport attribute * bootstrap: XSS in the affix configuration target property * bootstrap: XSS in the tooltip or popover data-template attribute * js-jquery: Prototype pollution in object"s prototype leading to denial of service, remote code execution, or property injection * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method * ipa: No password length restriction leads to denial of service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 8 |
Product: |
bind-dyndb-ldap |
custodia |
ipa |
ipa-healthcheck |
opendnssec |
python-jwcrypto |
python-kdcproxy |
python-qrcode |
python-yubico |
pyusb |
slapi-nis |
softhsm |