Upstream information

CVE-2024-1481 at MITRE

Description

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Liberty Linux 9
  • ipa-client >= 4.11.0-9.el9_4
  • ipa-client-common >= 4.11.0-9.el9_4
  • ipa-client-epn >= 4.11.0-9.el9_4
  • ipa-client-samba >= 4.11.0-9.el9_4
  • ipa-common >= 4.11.0-9.el9_4
  • ipa-selinux >= 4.11.0-9.el9_4
  • ipa-server >= 4.11.0-9.el9_4
  • ipa-server-common >= 4.11.0-9.el9_4
  • ipa-server-dns >= 4.11.0-9.el9_4
  • ipa-server-trust-ad >= 4.11.0-9.el9_4
  • python3-ipaclient >= 4.11.0-9.el9_4
  • python3-ipalib >= 4.11.0-9.el9_4
  • python3-ipaserver >= 4.11.0-9.el9_4
  • python3-ipatests >= 4.11.0-9.el9_4
Patchnames:
RHSA-2024:2147


SUSE Timeline for this CVE

CVE page created: Tue Feb 20 17:00:15 2024
CVE page last modified: Wed Jun 26 00:46:55 2024