Main Vulnerability Database SB20250328159

SB20250328159 - Anolis OS update for idm:client module

Published: March 28, 2025

Security Bulletin ID SB20250328159

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2023-6681)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of the p2c header. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

2) Resource exhaustion (CVE-ID: CVE-2024-28102)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing highly compressed data within the deserialize() function. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2024:0472

Vulnerable Software

Anolis OS: 8
python3-jwcrypto: before 0.5.0-2
python3-ipalib: before 4.9.13-9.0.1
python3-ipaclient: before 4.9.13-9.0.1
ipa-selinux: before 4.9.13-9.0.1
ipa-python-compat: before 4.9.13-9.0.1
ipa-common: before 4.9.13-9.0.1
ipa-client-common: before 4.9.13-9.0.1
ipa-client-samba: before 4.9.13-9.0.1
ipa-client-epn: before 4.9.13-9.0.1
ipa-client: before 4.9.13-9.0.1
ipa-healthcheck-core: before 0.12-3
python3-yubico: before 1.3.2-9.1
python3-pyusb: before 1.0.0-9.1
python3-qrcode-core: before 5.1-12
python3-qrcode: before 5.1-12

SB20250328159 - Anolis OS update for idm:client module

Breakdown by Severity

Description

Remediation

References

Please verify you're human