Source: freeipa Version: 4.3.2-5 Severity: grave Tags: upstream security Justification: user security hole
Hi, the following vulnerability was published for freeipa. Note that I'm not too familiar with freeipa, so just checked source wise. The code should be present in ipalib/plugins/certprofile.py, and according to the Red Hat bug [1] all freeipa versions above 4.2 should be affected. it contains a patch as well. CVE-2016-9575[0]: Insufficient permission check in certprofile-mod If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9575 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9575 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1395311 Regards, Salvatore
