Oracle Linux: CVE-2024-11029: ELSA-2025-0334: ipa security update (MODERATE) (Multiple Advisories)

Oracle Linux: CVE-2024-11029: ELSA-2025-0334:ipa security update (MODERATE) (Multiple Advisories)

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:N)

Published

01/15/2025

Created

01/18/2025

Added

01/16/2025

Modified

01/23/2025

Description

A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.

Solution(s)

• oracle-linux-upgrade-ipa-client
• oracle-linux-upgrade-ipa-client-common
• oracle-linux-upgrade-ipa-client-epn
• oracle-linux-upgrade-ipa-client-samba
• oracle-linux-upgrade-ipa-common
• oracle-linux-upgrade-ipa-selinux
• oracle-linux-upgrade-ipa-selinux-luna
• oracle-linux-upgrade-ipa-selinux-nfast
• oracle-linux-upgrade-ipa-server
• oracle-linux-upgrade-ipa-server-common
• oracle-linux-upgrade-ipa-server-dns
• oracle-linux-upgrade-ipa-server-trust-ad
• oracle-linux-upgrade-python3-ipaclient
• oracle-linux-upgrade-python3-ipalib
• oracle-linux-upgrade-python3-ipaserver
• oracle-linux-upgrade-python3-ipatests

References

• https://attackerkb.com/topics/cve-2024-11029
• CVE - 2024-11029
• ELSA-2025-0334