-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3773-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb March 25, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : freeipa Version : 4.7.2-3+deb10u1 CVE ID : CVE-2024-1481 Debian Bug : 1065106 It was discovered that there was a command-line injection issue in the FreeIPA identity, authentication and audit framework. A specially crafted HTTP request could have lead to a Denial of Service (DoS) attack and/or data exposure. For Debian 10 buster, this problem has been fixed in version 4.7.2-3+deb10u1. We recommend that you upgrade your freeipa packages. For the detailed security status of freeipa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/freeipa Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmYBWjMACgkQHpU+J9Qx Hlg6qw/9Fv0av7JVEiXIxH+g6SUBYOdtbBdibavhmLcB8MWo4YuMYNODZwgaUTDI M1XuWyoYvWhNY8yL5V4MxN3YF0jb3c4hhNoaAIhuIVvbRuQ297nNMvDXeid/pyde YG8+Uhi+gTqdsWS5ofCcE/BWmqn08/4t/es4o5D4mUh5k5EqQDqY+odZPJ77ikqs 55ZPXPLqqwGYJobTE83h1TKJuHvCFEcKrgvqmayFis0YO7fBqiecOZyOF7kvpomK bmkqfYs7kBSdhBvaZymV+4yH2F/AHUunuT7owIjUB8QrRJKC2wNDHO7juDYtVjOO Gp/xFPNI82YEt3lBjRjHf0CZMyoYc2YKnH8v9vfMlD4zG/85MqfXME6IuBLLCXJk nKNFEHhYF0ir9VGSZHRsDmb2Y3WYHK5VGmoRPwlUla60M4MDjl/S2AqjkbsR8LJJ TcVHEtZIH+aXeZsAXg9j5ZxLZwpWoQlPVWO5T32/0NzQyo5SMG7SsCbpGqH5RUQu ry/+gAmNGvqlkUc8joNOgOLGkm10G6cByH308zfeU6GNUWZRSV6HRSEp0QCimIjN PhK20HJZ5Un1BxmNs9vk3vxUWkPHheOrDibMt7HtFp7LxxywpKz/RwDwTbb2IPdy 31eTPV+SJNapnGQVOYmmqRKkMNeJ8lu/mU02DkbmGT5f25ViiJk= =PTcn -----END PGP SIGNATURE-----