Synopsis:          Moderate: ipa security and bug fix update
Advisory ID:       SLSA-2021:5195-1
Issue Date:        2021-12-16
CVE Numbers:       CVE-2020-25719
--

Security Fix(es):

* samba: Samba AD DC did not always rely on the SID and PAC in Kerberos
tickets (CVE-2020-25719)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE

Bug Fix(es):

* SL 8.6 IPA Replica Failed to configure PKINIT setup against a SL 7.9
IPA server
--

SL7
  x86_64
    ipa-client-4.6.8-5.el7_9.10.x86_64.rpm
    ipa-debuginfo-4.6.8-5.el7_9.10.x86_64.rpm
    ipa-server-4.6.8-5.el7_9.10.x86_64.rpm
    ipa-server-trust-ad-4.6.8-5.el7_9.10.x86_64.rpm
  noarch
    ipa-client-common-4.6.8-5.el7_9.10.noarch.rpm
    ipa-common-4.6.8-5.el7_9.10.noarch.rpm
    ipa-python-compat-4.6.8-5.el7_9.10.noarch.rpm
    python2-ipaclient-4.6.8-5.el7_9.10.noarch.rpm
    python2-ipalib-4.6.8-5.el7_9.10.noarch.rpm
    ipa-server-common-4.6.8-5.el7_9.10.noarch.rpm
    ipa-server-dns-4.6.8-5.el7_9.10.noarch.rpm
    python2-ipaserver-4.6.8-5.el7_9.10.noarch.rpm

- Scientific Linux Development Team