Bugzilla – Bug 941396
VUL-0: CVE-2015-5179: FreeIPA: non-printable characters aren't checked in every case of user data
Last modified: 2016-07-15 07:55:59 UTC
https://fedorahosted.org/freeipa/ticket/5153 Reported by: alich We might need more string checks for non-printable characters (same issue with \177 - DEL). VERSION: 4.2.90.201507201402GIT37b1af9, API_VERSION: 2.146 Affected: openSUSE:Factory/freeipa available on Tumbleweed: No OBS bugowner found. Assign to last committer Howard Guo. References: https://bugzilla.redhat.com/show_bug.cgi?id=1252567 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5179
bugbot adjusting priority
Redhat seems to have planned to address the issue in a future release of FreeIPA. I will keep track of their progress and upgrade the package as soon as a fix is available.
freeipa has been removed from tw.
sorry, didn't get a chance to resolve the issue before running out of time on a freeipa upgrade.