HCE1-SA-2022-0011 Important HCE 1.1 Security Fix(es): A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719) In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. (CVE-2020-11023) HCE 1.1 ipa-client-4.6.8-5.hce1c.11.x86_64.rpm ipa-client-common-4.6.8-5.hce1c.11.noarch.rpm ipa-common-4.6.8-5.hce1c.11.noarch.rpm ipa-server-4.6.8-5.hce1c.11.x86_64.rpm ipa-server-common-4.6.8-5.hce1c.11.noarch.rpm ipa-server-dns-4.6.8-5.hce1c.11.noarch.rpm ipa-server-trust-ad-4.6.8-5.hce1c.11.x86_64.rpm python2-ipaclient-4.6.8-5.hce1c.11.noarch.rpm python2-ipalib-4.6.8-5.hce1c.11.noarch.rpm python2-ipaserver-4.6.8-5.hce1c.11.noarch.rpm