[Pkg-freeipa-devel] Bug#849950: freeipa: CVE-2016-9575: Insufficient permission check in certprofile-mod
carnil at debian.org
Mon Jan 2 15:45:08 UTC 2017
Tags: upstream security
Justification: user security hole
the following vulnerability was published for freeipa. Note that I'm
not too familiar with freeipa, so just checked source wise. The code
should be present in ipalib/plugins/certprofile.py, and according to
the Red Hat bug  all freeipa versions above 4.2 should be affected.
it contains a patch as well.
Insufficient permission check in certprofile-mod
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
More information about the Pkg-freeipa-devel