[Pkg-freeipa-devel] Bug#849950: Bug#849950: freeipa: CVE-2016-9575: Insufficient permission check in certprofile-mod
tjaalton at debian.org
Mon Jan 2 22:40:10 UTC 2017
On 02.01.2017 17:45, Salvatore Bonaccorso wrote:
> Source: freeipa
> Version: 4.3.2-5
> Severity: grave
> Tags: upstream security
> Justification: user security hole
> the following vulnerability was published for freeipa. Note that I'm
> not too familiar with freeipa, so just checked source wise. The code
> should be present in ipalib/plugins/certprofile.py, and according to
> the Red Hat bug  all freeipa versions above 4.2 should be affected.
> it contains a patch as well.
Yes, I'm aware of these recent cve's but can't test any updates because
tomcat 8.5 broke dogtag-pki. Will need to wait for that to get fixed
first I guess, and then push 4.4.3 out.
More information about the Pkg-freeipa-devel