{"id":"ALSA-2024:0143","summary":"Moderate: idm:DL1 security update","details":"AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nSecurity Fix(es):\n\n* Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049)\n* ipa: Invalid CSRF protection (CVE-2023-5455)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-04T03:57:29.048758Z","published":"2024-01-10T00:00:00Z","related":["CVE-2020-17049","CVE-2023-5455"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0143"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2020-17049"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-5455"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2025721"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2242828"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2024-0143.html"}],"affected":[{"package":{"name":"bind-dyndb-ldap","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/bind-dyndb-ldap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.6-4.module_el8.6.0+3339+9b5fdd22"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"custodia","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/custodia"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.0-3.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-client","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-client"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-client-common","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-client-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-client-epn","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-client-epn"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-client-samba","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-client-samba"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-common","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-healthcheck","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-healthcheck"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.12-3.module_el8.9.0+3651+d05ea4c5"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-healthcheck-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-healthcheck-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.12-3.module_el8.9.0+3651+d05ea4c5"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-python-compat","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-python-compat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-selinux","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-selinux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-server","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-server-common","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-server-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-server-dns","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-server-dns"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"ipa-server-trust-ad","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/ipa-server-trust-ad"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"opendnssec","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/opendnssec"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.7-1.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"opendnssec","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/opendnssec"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.7-1.module_el8.6.0+3031+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"python3-custodia","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-custodia"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.0-3.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"python3-ipaclient","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-ipaclient"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"python3-ipalib","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-ipalib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"python3-ipaserver","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-ipaserver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"python3-ipatests","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-ipatests"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.12-11.module_el8.9.0+3715+e4197dc9.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"python3-jwcrypto","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-jwcrypto"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.0-1.1.module_el8.7.0+3349+cfeff52e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"python3-kdcproxy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-kdcproxy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4-5.module_el8.9.0+3682+f63caf3e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"python3-pyusb","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-pyusb"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0-9.1.module_el8.7.0+3349+cfeff52e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"python3-qrcode","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-qrcode"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1-12.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"python3-qrcode-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-qrcode-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1-12.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"python3-yubico","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-yubico"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2-9.1.module_el8.7.0+3349+cfeff52e"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"slapi-nis","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/slapi-nis"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.60.0-4.module_el8.9.0+3682+f63caf3e.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"softhsm","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/softhsm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.0-5.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"softhsm","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/softhsm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.0-5.module_el8.6.0+3031+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"softhsm-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/softhsm-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.0-5.module_el8.6.0+2881+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}},{"package":{"name":"softhsm-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/softhsm-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.0-5.module_el8.6.0+3031+2f24dc92"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:0143.json"}}],"schema_version":"1.7.3"}