[SECURITY] [DLA 3773-1] freeipa security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3773-1] freeipa security update
From: "Chris Lamb" <lamby@debian.org>
Date: Mon, 25 Mar 2024 12:47:56 +0000
Message-id: <[🔎] 171136466073.1137834.13768549289086477620@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3773-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
March 25, 2024                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : freeipa
Version        : 4.7.2-3+deb10u1
CVE ID         : CVE-2024-1481
Debian Bug     : 1065106

It was discovered that there was a command-line injection issue in
the FreeIPA identity, authentication and audit framework. A specially
crafted HTTP request could have lead to a Denial of Service (DoS)
attack and/or data exposure.

For Debian 10 buster, this problem has been fixed in version
4.7.2-3+deb10u1.

We recommend that you upgrade your freeipa packages.

For the detailed security status of freeipa please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/freeipa

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmYBWjMACgkQHpU+J9Qx
Hlg6qw/9Fv0av7JVEiXIxH+g6SUBYOdtbBdibavhmLcB8MWo4YuMYNODZwgaUTDI
M1XuWyoYvWhNY8yL5V4MxN3YF0jb3c4hhNoaAIhuIVvbRuQ297nNMvDXeid/pyde
YG8+Uhi+gTqdsWS5ofCcE/BWmqn08/4t/es4o5D4mUh5k5EqQDqY+odZPJ77ikqs
55ZPXPLqqwGYJobTE83h1TKJuHvCFEcKrgvqmayFis0YO7fBqiecOZyOF7kvpomK
bmkqfYs7kBSdhBvaZymV+4yH2F/AHUunuT7owIjUB8QrRJKC2wNDHO7juDYtVjOO
Gp/xFPNI82YEt3lBjRjHf0CZMyoYc2YKnH8v9vfMlD4zG/85MqfXME6IuBLLCXJk
nKNFEHhYF0ir9VGSZHRsDmb2Y3WYHK5VGmoRPwlUla60M4MDjl/S2AqjkbsR8LJJ
TcVHEtZIH+aXeZsAXg9j5ZxLZwpWoQlPVWO5T32/0NzQyo5SMG7SsCbpGqH5RUQu
ry/+gAmNGvqlkUc8joNOgOLGkm10G6cByH308zfeU6GNUWZRSV6HRSEp0QCimIjN
PhK20HJZ5Un1BxmNs9vk3vxUWkPHheOrDibMt7HtFp7LxxywpKz/RwDwTbb2IPdy
31eTPV+SJNapnGQVOYmmqRKkMNeJ8lu/mU02DkbmGT5f25ViiJk=
=PTcn
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3772-1] python3.7 security update
Next by Date: [SECURITY] [DLA 3774-1] gross security update
Previous by thread: [SECURITY] [DLA 3772-1] python3.7 security update
Next by thread: [SECURITY] [DLA 3774-1] gross security update
Index(es):
- Date
- Thread