Synopsis:          Moderate: ipa security and bug fix update
Advisory ID:       SLSA-2021:0860-1
Issue Date:        2021-03-16
CVE Numbers:       CVE-2020-11023
--

Security Fix(es):

* jquery: Passing HTML containing <option> elements to manipulation
methods  could result in untrusted code execution (CVE-2020-11023)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE

Bug Fix(es):

* cannot issue certs with multiple IP addresses corresponding to different
hosts

* CA-less install does not set required permissions on KDC certificate

* IdM Web UI shows users as disabled

* Authentication and login times are over several seconds due to unindexed
ipaExternalMember

* improve IPA PKI susbsystem detection by other means than a directory
presence, use pki-server subsystem-find

* IPA WebUI inaccessible after upgrading to SL 8.3 -  idoverride-
memberof.js missing
--

SL7
  x86_64
    ipa-client-4.6.8-5.el7_9.4.x86_64.rpm
    ipa-debuginfo-4.6.8-5.el7_9.4.x86_64.rpm
    ipa-server-4.6.8-5.el7_9.4.x86_64.rpm
    ipa-server-trust-ad-4.6.8-5.el7_9.4.x86_64.rpm
  noarch
    ipa-client-common-4.6.8-5.el7_9.4.noarch.rpm
    ipa-common-4.6.8-5.el7_9.4.noarch.rpm
    ipa-python-compat-4.6.8-5.el7_9.4.noarch.rpm
    python2-ipaclient-4.6.8-5.el7_9.4.noarch.rpm
    python2-ipalib-4.6.8-5.el7_9.4.noarch.rpm
    ipa-server-common-4.6.8-5.el7_9.4.noarch.rpm
    ipa-server-dns-4.6.8-5.el7_9.4.noarch.rpm
    python2-ipaserver-4.6.8-5.el7_9.4.noarch.rpm

- Scientific Linux Development Team