RHSA-2021:0860: Red Hat Security Advisory: ipa security and bug fix update

An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es):

• jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es):
• cannot issue certs with multiple IP addresses corresponding to different hosts (BZ#1846349)
• CA-less install does not set required permissions on KDC certificate (BZ#1863619)
• IdM Web UI shows users as disabled (BZ#1884819)
• Authentication and login times are over several seconds due to unindexed ipaExternalMember (BZ#1892793)
• improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find (BZ#1895197)
• IPA WebUI inaccessible after upgrading to RHEL 8.3 - idoverride-memberof.js missing (BZ#1897253) Related CVEs:
• CVE-2020-11023: jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution