Scientific Linux Security Update : ipa on SL7.x x86_64

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- It was found that IdM's ca-del, ca-disable, and
ca-enable commands did not properly check the user's
permissions while modifying CAs in Dogtag. An
authenticated, unauthorized attacker could use this flaw
to delete, disable, or enable CAs causing various denial
of service problems with certificate issuance, OCSP
signing, and deletion of secret keys. (CVE-2017-2590)

Bug Fix(es) :

- Previously, during an Identity Management (IdM) replica
installation that runs on domain level '1' or higher,
Directory Server was not configured to use TLS
encryption. As a consequence, installing a certificate
authority (CA) on that replica failed. Directory Server
is now configured to use TLS encryption during the
replica installation and as a result, the CA
installation works as expected.

- Previously, the Identity Management (IdM) public key
infrastructure (PKI) component was configured to listen
on the '::1' IPv6 localhost address. In environments
have the the IPv6 protocol disabled, the replica
installer was unable to retrieve the Directory Server
certificate, and the installation failed. The default
listening address of the PKI connector has been updated
from the IP address to 'localhost'. As a result, the PKI
connector now listens on the correct addresses in IPv4
and IPv6 environments.

- Previously, when installing a certificate authority (CA)
on a replica, Identity Management (IdM) was unable to
provide third-party CA certificates to the Certificate
System CA installer. As a consequence, the installer was
unable to connect to the remote master if the remote
master used a third-party server certificate, and the
installation failed. This updates applies a patch and as
a result, installing a CA replica works as expected in
the described situation.

- When installing a replica, the web server service entry
is created on the Identity Management (IdM) master and
replicated to all IdM servers. Previously, when
installing a replica without a certificate authority
(CA), in certain situations the service entry was not
replicated to the new replica on time, and the
installation failed. The replica installer has been
updated and now waits until the web server service entry
is replicated. As a result, the replica installation no
longer fails in the described situation.

See also :

http://www.nessus.org/u?d56d7364

Solution :

Update the affected packages.

Risk factor :

High

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 97515 ()

Bugtraq ID:

CVE ID: CVE-2017-2590

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now