Headline

RHSA-2023:3394: Red Hat Security Advisory: pki-core:10.6 security update

An update for the pki-core:10.6 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
CVE-2022-2414: A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #linux #red_hat #js #java #ldap #auth #ibm #sap

Synopsis

Important: pki-core:10.6 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the pki-core:10.6 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.

Security Fix(es):

pki-core: access to external entities when parsing XML can lead to XXE (CVE-2022-2414)
pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field (CVE-2022-2393)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
Red Hat Enterprise Linux Server - AUS 8.6 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
Red Hat Enterprise Linux Server - TUS 8.6 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

BZ - 2101046 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field
BZ - 2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

jss-4.9.3-1.module+el8.6.0+14244+60d461b7.src.rpm

SHA-256: 07b06880a9dab59e89506d337ec4ddf19982c4e824aa7661f8c500aeaf079152

Download

ldapjdk-4.23.0-1.module+el8.5.0+11983+6ba118b4.src.rpm

SHA-256: 58a848cf23192bd02ab5db927ca346569505eeec7aca92f84bc557473e181830

Download

pki-core-10.12.7-1.module+el8.6.0+18623+dea80f17.src.rpm

SHA-256: 36bfbd27f679ec711f4a7e39c566a8f0fd9e37551c8869346be9fc620635330c

Download

tomcatjss-7.7.1-1.module+el8.6.0+13291+248751b1.src.rpm

SHA-256: 3316c321a8799fb1832eda0bbf9fbffe4ff84500dcbf593a13a26e86117b1e62

Download

x86_64

ldapjdk-4.23.0-1.module+el8.5.0+11983+6ba118b4.noarch.rpm

SHA-256: 5e4020e3b4cac3f48a9d267916bb729d518f5cc4c5dd5d3501997b9e36ab8f0e

Download

ldapjdk-javadoc-4.23.0-1.module+el8.5.0+11983+6ba118b4.noarch.rpm

SHA-256: 4024d30eac18efb7ddf337934e58da46fcdc3871e4ec5fbea0c6bd0d7548ddae

Download

pki-acme-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm

SHA-256: 654aef343ef848d76a94c86b16b77d2b069ec0f6e6d0e7afe0df20b867bf621f

Download

pki-base-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm

SHA-256: 0f7e1d8d7948875b3601609a18fb9006f312a3937352a772d3398932ec468306

Download

pki-base-java-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm

SHA-256: d96f3eff5fd58fddcc1c0b02bc7768249e091b5f42ee361db90e2b196c225915

Download

pki-ca-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm

SHA-256: 39b39065d32774a6bb977638f223b42580b7c487278c0db779af454ebf2ccf97

Download

pki-kra-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm

SHA-256: 85c5e409a5afaa907c1c0638cc97b85f4ad2faa01f06504941836a218178176a

Download

pki-server-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm

SHA-256: c07a7979e7fd74eca9e72f699b0d9c30f21bc0795081cd705ca9329d1f6e311c

Download

python3-pki-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm

SHA-256: 16d3f07038866e698a8d88a3a7e5263eb71eb7605e6738a83b8e7dec242570c3

Download

tomcatjss-7.7.1-1.module+el8.6.0+13291+248751b1.noarch.rpm

SHA-256: 1399f3b4eba8e1f14fa336436f4767633daab00890753f88457acbf1692ec9f8

Download

jss-4.9.3-1.module+el8.6.0+14244+60d461b7.x86_64.rpm

SHA-256: 9ce5568235409bcfe8cc136309519ef42f6ad7e5f9e796d7108894cd0dc6b16d

Download

jss-debuginfo-4.9.3-1.module+el8.6.0+14244+60d461b7.x86_64.rpm

SHA-256: d6fa4967d2a226af80a16aac088dfcaf9fdca7da717d629ff2319e1cfe2ff8a2

Download

jss-debugsource-4.9.3-1.module+el8.6.0+14244+60d461b7.x86_64.rpm

SHA-256: 8b706e3a8167a3c90c4623f80556a65114c5522d52f830661c2524d9ec7792b1

Download

jss-javadoc-4.9.3-1.module+el8.6.0+14244+60d461b7.x86_64.rpm

SHA-256: 29b3630ae067f10d40835fa08268d454d18bc729a4a58afd699278f1b3e3305a

Download

pki-core-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm

SHA-256: 62739efd46e83ad87b78ed2166f34f0304632d38508c56a6109f1ab0431c6a8f

Download

pki-core-debugsource-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm

SHA-256: 2daa34f38fa5a98c933e642b37ed048ba5bbbf6c780e743953d5d4e4ad72b279

Download

pki-symkey-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm

SHA-256: 73325c8f85e6099dc9794e0809d2da49c5d905b0aa1b6cd672953038978ad360

Download

pki-symkey-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm

SHA-256: bc7e09fd958ae8e71d6cc10c0c8a5641410971ef4bc5fa478f26c24890ae9c7b

Download

pki-tools-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm

SHA-256: af1ce044304dd9910d591f0038e5ec1a6cfcc7e5b0c6c73039f47cb9c72c23e9

Download

pki-tools-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm

SHA-256: 082868e8b919d308e3ca2083535f00942d0c739562cf863955d550c8d373e174

Download

Red Hat Enterprise Linux Server - AUS 8.6