[Secure-testing-team] Bug#849950: freeipa: CVE-2016-9575: Insufficient permission check in certprofile-mod
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 2 15:45:08 UTC 2017
Source: freeipa
Version: 4.3.2-5
Severity: grave
Tags: upstream security
Justification: user security hole
Hi,
the following vulnerability was published for freeipa. Note that I'm
not too familiar with freeipa, so just checked source wise. The code
should be present in ipalib/plugins/certprofile.py, and according to
the Red Hat bug [1] all freeipa versions above 4.2 should be affected.
it contains a patch as well.
CVE-2016-9575[0]:
Insufficient permission check in certprofile-mod
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9575
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1395311
Regards,
Salvatore
More information about the Secure-testing-team
mailing list