{"id":"ALSA-2020:4670","summary":"Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update","details":"AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property (CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)\n\n* js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service (CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-02-04T03:56:28.598932Z","published":"2020-11-03T12:25:36Z","related":["CVE-2015-9251","CVE-2016-10735","CVE-2018-14040","CVE-2018-14042","CVE-2018-20676","CVE-2018-20677","CVE-2019-11358","CVE-2019-8331","CVE-2020-11022","CVE-2020-1722"],"references":[{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2020-4670.html"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2015-9251"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2016-10735"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2018-14040"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2018-14042"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2018-20676"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2018-20677"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-11358"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-8331"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-11022"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-1722"}],"affected":[{"package":{"name":"custodia","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/custodia"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.0-3.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-custodia","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-custodia"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.0-3.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-jwcrypto","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-jwcrypto"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.0-1.module_el8.5.0+2641+983b221b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-jwcrypto","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-jwcrypto"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.0-1.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-jwcrypto","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-jwcrypto"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.0-1.module_el8.6.0+2737+7e73ea90"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-kdcproxy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-kdcproxy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4-5.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-pyusb","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-pyusb"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0-9.module_el8.5.0+2641+983b221b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-pyusb","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-pyusb"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0-9.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-pyusb","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-pyusb"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0-9.module_el8.6.0+2737+7e73ea90"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-qrcode","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-qrcode"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1-12.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-qrcode","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-qrcode"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1-12.module_el8.5.0+2641+983b221b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-qrcode","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-qrcode"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1-12.module_el8.6.0+2737+7e73ea90"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-qrcode-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-qrcode-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1-12.module_el8.6.0+2737+7e73ea90"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-qrcode-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-qrcode-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1-12.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-qrcode-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-qrcode-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1-12.module_el8.5.0+2641+983b221b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-yubico","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-yubico"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2-9.module_el8.5.0+2641+983b221b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-yubico","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-yubico"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2-9.module_el8.6.0+2737+7e73ea90"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}},{"package":{"name":"python3-yubico","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-yubico"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2-9.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4670.json"}}],"schema_version":"1.7.3"}