-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3902
     idm:DL1 and idm:client security, bug fix, and enhancement update
                              6 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           idm:DL1
                   idm:client
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Remote with User Interaction
                   Reduced Security                -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-11022 CVE-2020-1722 CVE-2019-11358
                   CVE-2019-8331 CVE-2018-20677 CVE-2018-20676
                   CVE-2018-14042 CVE-2018-14040 CVE-2016-10735
                   CVE-2015-9251  

Reference:         ASB-2020.0195
                   ASB-2020.0194
                   ESB-2020.3875
                   ESB-2020.3700

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:4670

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:4670-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4670
Issue date:        2020-11-03
CVE Names:         CVE-2015-9251 CVE-2016-10735 CVE-2018-14040 
                   CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 
                   CVE-2019-8331 CVE-2019-11358 CVE-2020-1722 
                   CVE-2020-11022 
=====================================================================

1. Summary:

An update for the idm:DL1 and idm:client modules is now available for Red
Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat Identity Management (IdM) is a centralized authentication, identity
management, and authorization solution for both traditional and cloud-based
enterprise environments. 

The following packages have been upgraded to a later upstream version: ipa
(4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765,
BZ#1818877)

Security Fix(es):

* js-jquery: Cross-site scripting via cross-domain ajax requests
(CVE-2015-9251)

* bootstrap: XSS in the data-target attribute (CVE-2016-10735)

* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent
attribute (CVE-2018-14040)

* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)

* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)

* bootstrap: XSS in the affix configuration target property
(CVE-2018-20677)

* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)

* js-jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)

* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter
method (CVE-2020-11022)

* ipa: No password length restriction leads to denial of service
(CVE-2020-1722)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests
1430365 - [RFE] Host-group names command rename
1488732 - fake_mname in named.conf is no longer effective
1585020 - Enable compat tree to provide information about AD users and groups on trust agents
1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
1651577 - [WebUI] IPA Error 3007: RequirmentError" while adding members in "User ID overrides" tab
1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute
1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property
1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute
1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute
1701233 - [RFE] support setting supported signature methods on the token
1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
1746830 - Memory leak during search  of idview overrides
1750893 - Memory leak when slapi-nis return entries retrieved from nsswitch
1751295 - When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming
1757045 - IDM Web GUI / IPA web UI: the ID override operation doesn't work in GUI (it works only from CLI)
1759888 - Rebase OpenDNSSEC to 2.1
1768156 - ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED
1777806 - When Service weight is set as 0 for server in IPA location "IPA Error 903: InternalError" is displayed
1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service
1801698 - [RFE] Changing default hostgroup is too easy
1802471 - SELinux policy for ipa-custodia
1809835 - RFE: ipa group-add-member: number of failed should also be emphasized
1810154 - RFE: ipa-backup should compare locally and globally installed server roles
1810179 - ipa-client-install should name authselect backups and restore to that at uninstall time
1813330 - ipa-restore does not restart httpd
1816784 - KRA install fails if all KRA members are Hidden Replicas
1818765 - [Rebase] Rebase ipa to 4.8.6+
1818877 - [Rebase] Rebase to softhsm 2.6.0+
1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
1831732 - AVC avc:  denied  { dac_override } for comm="ods-enforcerd
1831935 - AD authentication with IdM against SQL Server
1832331 - [abrt] [faf] 389-ds-base: unknown function(): /usr/sbin/ns-slapd killed by 11
1833266 - [dirsrv] set 'nsslapd-enable-upgrade-hash: off' as this raises warnings
1834264 - BIND rebase: rebuild against new so version
1834909 - softhsm use-after-free on process exit
1845211 - Rebase bind-dyndb-ldap to 11.3
1845537 - IPA bind configuration issue
1845596 - ipa trust-add fails with 'Fetching domains from trusted forest failed'
1846352 - cannot issue certs with multiple IP addresses corresponding to different hosts
1846434 - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7
1847999 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn
1849914 - FreeIPA - Utilize 256-bit AJP connector passwords
1851411 - ipa: typo issue in ipanthomedirectoryrive deffinition
1852244 - ipa-healthcheck inadvertently obsoleted in RHEL 8.2
1853263 - ipa-selinux package missing
1857157 - replica install failing with avc denial for custodia component
1858318 - AttributeError: module 'ssl' has no attribute 'SSLCertVerificationError'  when upgrading ca-less ipa master
1859213 - AVC denial during ipa-adtrust-install --add-agents
1863079 - ipa-epn command displays 'exception: ConnectionRefusedError: [Errno 111] Connection refused'
1863616 - CA-less install does not set required permissions on KDC certificate
1866291 - EPN: enhance input validation
1866938 - ipa-epn fails to retrieve user data if some user attributes are not present
1868432 - Unhandled Python exception in '/usr/libexec/ipa/ipa-pki-retrieve-key'
1869311 - ipa trust-add fails with 'Fetching domains from trusted forest failed'
1870202 - File permissions of /etc/ipa/ca.crt differ between CA-ful and CA-less
1874015 - ipa hbacrule-add-service --hbacsvcs=sshd is not applied successfully for subdomain
1875348 - Valgrind reports a memory leak in the Schema Compatibility plugin.
1879604 - pkispawn logs files are empty

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.src.rpm
custodia-0.6.0-3.module+el8.1.0+4098+f286395e.src.rpm
ipa-4.8.7-12.module+el8.3.0+8222+c1bff54a.src.rpm
ipa-4.8.7-12.module+el8.3.0+8223+6212645f.src.rpm
ipa-healthcheck-0.4-6.module+el8.3.0+7710+e2408ce4.src.rpm
ipa-healthcheck-0.4-6.module+el8.3.0+7711+c4441980.src.rpm
opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.src.rpm
python-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.src.rpm
python-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.src.rpm
python-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.src.rpm
python-qrcode-5.1-12.module+el8.1.0+4098+f286395e.src.rpm
python-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.src.rpm
python-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.src.rpm
python-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.src.rpm
pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.src.rpm
pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.src.rpm
slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.src.rpm
softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.src.rpm

aarch64:
bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm
bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm
bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm
ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm
ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm
ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm
ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm
ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm
ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm
ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm
ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm
ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm
ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm
ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm
ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm
ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm
ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm
ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm
ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm
opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm
opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm
opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm
slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm
slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm
slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm
softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm
softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm
softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm
softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm

noarch:
custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm
ipa-client-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm
ipa-client-common-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm
ipa-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm
ipa-common-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm
ipa-healthcheck-0.4-6.module+el8.3.0+7710+e2408ce4.noarch.rpm
ipa-healthcheck-core-0.4-6.module+el8.3.0+7710+e2408ce4.noarch.rpm
ipa-healthcheck-core-0.4-6.module+el8.3.0+7711+c4441980.noarch.rpm
ipa-python-compat-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm
ipa-python-compat-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm
ipa-selinux-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm
ipa-selinux-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm
ipa-server-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm
ipa-server-dns-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm
python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm
python3-ipaclient-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm
python3-ipaclient-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm
python3-ipalib-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm
python3-ipalib-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm
python3-ipaserver-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm
python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch.rpm
python3-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch.rpm
python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.noarch.rpm
python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch.rpm
python3-pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch.rpm
python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm
python3-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm
python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm
python3-qrcode-core-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm
python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch.rpm
python3-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch.rpm

ppc64le:
bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm
bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm
bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm
ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm
ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm
ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm
ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm
ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm
ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm
ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm
opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm
opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm
slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm
softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm
softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm
softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm
softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm

s390x:
bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm
bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm
bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm
ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm
ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm
ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm
ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm
ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm
ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm
ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm
ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm
ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm
ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm
ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm
ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm
ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm
ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm
ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm
ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm
opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm
opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm
opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm
slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm
slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm
slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm
softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm
softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm
softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm
softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm

x86_64:
bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm
bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm
bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm
ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm
ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm
ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm
ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm
ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm
ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm
ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm
ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm
ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm
ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm
ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm
ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm
ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm
ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm
ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm
ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm
opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm
opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm
opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm
slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm
slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm
slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm
softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm
softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm
softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm
softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-9251
https://access.redhat.com/security/cve/CVE-2016-10735
https://access.redhat.com/security/cve/CVE-2018-14040
https://access.redhat.com/security/cve/CVE-2018-14042
https://access.redhat.com/security/cve/CVE-2018-20676
https://access.redhat.com/security/cve/CVE-2018-20677
https://access.redhat.com/security/cve/CVE-2019-8331
https://access.redhat.com/security/cve/CVE-2019-11358
https://access.redhat.com/security/cve/CVE-2020-1722
https://access.redhat.com/security/cve/CVE-2020-11022
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX6I0xtzjgjWX9erEAQioFw/+IiVoE8tPMkiNgSNrk05OezzG/Cev8wXY
mTJ+clSxujruzDZ1GyYz5Ua5v4+fwEHbTKVHiite3HKbYGgV9E5H9Y/JVR75rbPN
mIfAOLmvYDp3JeHT3RBqRrtviz2UaWRTmE8E30EoC0C912w0NHpwS3fhuRmJov1X
lflTtWlQCuPE/7yFQEZqYYjmKMqAVeDk4K6smM/aTzMyM+uFgaksiSTrLzU0mcHJ
AAn9h59qlwUXNGRbyBCoLMJrKq5Sw1+xz518XIIjJOQDJbSqu8syzKgi/qSFuLRp
2c/OSKJ98CVoiCcyhsBW/c3B6eoDmSfeKqt6JwVH/Sva+d7Oj5vpWTB5GW4hDFFh
t3cuhvyavPnyAzxRnYw5syn/RTyjaOK1U6+6SbEtJVnlx9+FW0lKs/Pcx2ocYmfO
UCDXHgxmEP8DTKwJZyIZtybVkpqbXh6jf69NLROTTZMtEwJzE1NGG4ulcl6tutTq
S0gchuiUuxItZlD3a9ISBXXxV0iqqd7I5p78maohzIwfyZR13S++rFt7JnoVb7SO
DECfEs6VinGH0Z0YInceF6Y9N+SURBrcQpQK12/wtGSChFFU83FII2sxy6iG7pTF
HPTzByu+aYgFpuEF4EKSrDlZCVJ8Es5lyp+cF401o3oGJuNo9WYScKjb51a0+SLJ
zbmM3GoiGZI=
=QyyK
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6THwuNLKJtyKPYoAQgHaw/8CTBYjQpV2u+x1Um8SrVH42YX6OWvW47a
mCnKAgGB1VvaCrJXPE7ZJrMx7o39FGhkdjokjF5to/HkGNWU+6uh3XIA9r55Uzgg
Yti5R3AaKCtNCi61o6jm4dOLirsvuFb/klJ52+YStLToW/TsB8tEy086xUwMCule
tSQXOP9aZJNh4x65F4E5QRX8xJmRyDqNJaLIRJG7Dku2r/i5vTJntnQtVNixk0VV
ya2yPivd+P2WiuREIRO1vXeoxEfCsgOIqDRK+gjOv+PCcuwzVyZzGMzFAjBi9tK+
cMcAZlT+u6Biy+98ZEaUM1KyKEkD7Jfjmf3OiQ59v9EZQbKApCZHSHbCiTN/B8W4
E0O9KozXaxrgpOXQSktVVycn4xJQ215gtpa625vzO5cvFvXaGHMHObpM0Iu4GLB4
JVsoLGxu03IZwFLGWDM8lCquFbdu7PwOT8R/LNeX178UoM0lHIoierisUGLj4BPa
huHLSexUWbgc8GDkCaNYlUQb/CAepY5gappStkEPeA0Tpid8/6YRJ5JqX2M4wdrL
iLj2TZ/yX3YXfxagHjPEwekSeKrqOEgXAt3VRJAOIXb6gHmBUTTkDFhTRsVV4u9/
dnP/fPaWrQhm7dYuhYBh5DfapYUCWgULa9CwG6vfH0nwfK7zx4cZlzeJwJmccajz
8v0+qUdIy60=
=N8XN
-----END PGP SIGNATURE-----