Bug#849950: [Pkg-freeipa-devel] Bug#849950: freeipa: CVE-2016-9575: Insufficient permission check in certprofile-mod
Hello Timo, On Tue, Jan 03, 2017 at 12:40:10AM +0200, Timo Aaltonen wrote: > On 02.01.2017 17:45, Salvatore Bonaccorso wrote: > > Source: freeipa > > Version: 4.3.2-5 > > Severity: grave > > Tags: upstream security > > Justification: user security hole > > > > Hi, > > > > the following vulnerability was published for freeipa. Note that I'm > > not too familiar with freeipa, so just checked source wise. The code > > should be present in ipalib/plugins/certprofile.py, and according to > > the Red Hat bug [1] all freeipa versions above 4.2 should be affected. > > it contains a patch as well. > > Yes, I'm aware of these recent cve's but can't test any updates because > tomcat 8.5 broke dogtag-pki. Will need to wait for that to get fixed > first I guess, and then push 4.4.3 out. Great, thank you for you quick feedback! Regards, Salvatore
Bug#849950: [Pkg-freeipa-devel] Bug#849950: freeipa: CVE-2016-9575: Insufficient permission check in certprofile-mod
On 02.01.2017 17:45, Salvatore Bonaccorso wrote: > Source: freeipa > Version: 4.3.2-5 > Severity: grave > Tags: upstream security > Justification: user security hole > > Hi, > > the following vulnerability was published for freeipa. Note that I'm > not too familiar with freeipa, so just checked source wise. The code > should be present in ipalib/plugins/certprofile.py, and according to > the Red Hat bug [1] all freeipa versions above 4.2 should be affected. > it contains a patch as well. Yes, I'm aware of these recent cve's but can't test any updates because tomcat 8.5 broke dogtag-pki. Will need to wait for that to get fixed first I guess, and then push 4.4.3 out. -- t