[Pkg-freeipa-devel] Bug#849950: freeipa: CVE-2016-9575: Insufficient permission check in certprofile-mod

Salvatore Bonaccorso carnil at debian.org
Mon Jan 2 15:45:08 UTC 2017

Source: freeipa
Version: 4.3.2-5
Severity: grave
Tags: upstream security
Justification: user security hole


the following vulnerability was published for freeipa. Note that I'm
not too familiar with freeipa, so just checked source wise. The code
should be present in ipalib/plugins/certprofile.py, and according to
the Red Hat bug [1] all freeipa versions above 4.2 should be affected.
it contains a patch as well.

Insufficient permission check in certprofile-mod

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9575
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1395311


More information about the Pkg-freeipa-devel mailing list