ipa-4.12.1-1

- CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force Resolves: RHEL-32233 - CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service Resolves: RHEL-40881 Signed-off-by: Julien Rische <jrische@redhat.com>
2024-06-12 14:14:20 +02:00 · 2024-06-12 14:14:20 +02:00 · 38e4126e68
commit 38e4126e68
parent 881a120bf5
3 changed files with 9 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -134,3 +134,5 @@
 /freeipa-4.11.1.tar.gz.asc
 /freeipa-4.12.0.tar.gz
 /freeipa-4.12.0.tar.gz.asc
+/freeipa-4.12.1.tar.gz.asc
+/freeipa-4.12.1.tar.gz
--- a/freeipa.spec
+++ b/freeipa.spec
@ -192,7 +192,7 @@

 # Work-around fact that RPM SPEC parser does not accept
 # "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement
-%define IPA_VERSION 4.12.0
+%define IPA_VERSION 4.12.1
 # Release candidate version -- uncomment with one percent for RC versions
 #%%global rc_version
 %define AT_SIGN @
@ -1854,6 +1854,10 @@ fi
 %endif

 %changelog
+* Wed Jun 12 2024 Julien Rische <jrische@redhat.com> - 4.12.1-1
+- Resolves: RHEL-32233 CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
+- Resolves: RHEL-40881 CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
+
 * Tue Jun 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-1
 - Resolves: RHEL-39144 Rebase ipa to the latest 4.12 version for RHEL 10
 - Resolves: RHEL-30537 ipa: freeipa: argument injection into the username field of the /ipa/session/login_password requests
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (freeipa-4.12.0.tar.gz) = 1e95250a6892e85b4782a1f2451a99d21c90ce82db2be369d9e0e1706575229d4539b20f8dd2b97da0d6f73f4fb59168ab6e05eb2fe185b4bb854f42c1e7fd29
-SHA512 (freeipa-4.12.0.tar.gz.asc) = 896170fee005acc3cf46b22053d9f0f0e75f0af31af5c9fbd993674dc26549e479ea3468412ff35f947f7cf42bb7b9bf96f1ead21d754eec92a27b30d731dbe1
+SHA512 (freeipa-4.12.1.tar.gz) = a419c4251a55a69f90e6e3d2a514d6ba9e0609573bd5dbc9ff446c95b09164831233987c8cb70d3c2b53dae9b6600f3efd50c976007637cf18e6679e51f2c2f9
+SHA512 (freeipa-4.12.1.tar.gz.asc) = 759de997443d608bb26e684c5de8678cb01d15077a2506ee4cc6102f1b5255a3ffd4bf25fb4a07578e590eb72b44e9f6b42645eac1f6f451d652f36271d3a806