Headline

RHSA-2023:2293: Red Hat Security Advisory: pki-core security, bug fix, and enhancement update

An update for jss, ldapjdk, pki-core, and tomcatjss is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #java #kubernetes #ldap #aws #auth #ibm

Skip to navigation Skip to main content

Utilities

Subscriptions
Downloads
Containers
Support Cases

Infrastructure and Management

Red Hat Enterprise Linux
Red Hat Virtualization
Red Hat Identity Management
Red Hat Directory Server
Red Hat Certificate System
Red Hat Satellite
Red Hat Subscription Management
Red Hat Update Infrastructure
Red Hat Insights
Red Hat Ansible Automation Platform

Cloud Computing

Red Hat OpenShift
Red Hat CloudForms
Red Hat OpenStack Platform
Red Hat OpenShift Container Platform
Red Hat OpenShift Data Science
Red Hat OpenShift Online
Red Hat OpenShift Dedicated
Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Management for Kubernetes
Red Hat Quay
Red Hat CodeReady Workspaces
Red Hat OpenShift Service on AWS

Storage

Red Hat Gluster Storage
Red Hat Hyperconverged Infrastructure
Red Hat Ceph Storage
Red Hat OpenShift Data Foundation

Runtimes

Red Hat Runtimes
Red Hat JBoss Enterprise Application Platform
Red Hat Data Grid
Red Hat JBoss Web Server
Red Hat Single Sign On
Red Hat support for Spring Boot
Red Hat build of Node.js
Red Hat build of Thorntail
Red Hat build of Eclipse Vert.x
Red Hat build of OpenJDK
Red Hat build of Quarkus

Integration and Automation

Red Hat Process Automation
Red Hat Process Automation Manager
Red Hat Decision Manager

All Products

Issued:

2023-05-09

Updated:

2023-05-09

RHSA-2023:2293 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: pki-core security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for jss, ldapjdk, pki-core, and tomcatjss is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.

Security Fix(es):

pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field (CVE-2022-2393)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

BZ - 1849834 - [RFE] Provide EST Responder (RFC 7030)
BZ - 1883477 - [RFE] Automatic expired certificate purging
BZ - 2017098 - pki pkcs12-cert-add command failing with ‘Unable to validate PKCS #12 file: Digests do not match’ exception
BZ - 2087105 - CA installation failing with HSM [RHEL 9.2]
BZ - 2091993 - IdM Install fails on RHEL 8.5 Beta when DISA STIG is applied
BZ - 2091999 - Error displayed should be user friendly in case RSNv3 certificate serial number collision
BZ - 2101046 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field
BZ - 2106452 - softhsm2: Unable to create cert: Private key not found
BZ - 2122409 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled
BZ - 2123379 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled [rhel-9.2.0]
BZ - 2149478 - Rebase jss to upstream JSS 5.3
BZ - 2149485 - Rebase tomcatjss to Tomcat JSS 8.3
BZ - 2149488 - Rebase ldapjdk to LDAP SDK 5.3
BZ - 2149489 - Rebase pki-core to PKI 11.3

References

https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

jss-5.3.0-1.el9.src.rpm

SHA-256: be153704751840f2799d0b6b974ae866ddd5084dd164e4972aa152e09b17c3da

ldapjdk-5.3.0-1.el9.src.rpm

SHA-256: 31937ad811b2a17ff649bf2c2bad520e1618a4cdbc183bc90596425d54666dec

pki-core-11.3.0-1.el9.src.rpm

SHA-256: 741963f12635442fec0f72aaa1bfcef0b8bd50911a35f77d1a566094ab25bdc0

tomcatjss-8.3.0-1.el9.src.rpm

SHA-256: 193f3d1836c382eed8339c58e4e25fc8789c69388ec968bbe93dd86972152a68

x86_64

idm-jss-5.3.0-1.el9.x86_64.rpm

SHA-256: e4cb4db51689dee15a7aba975ddc5b02140f2f1b8f48a05d81f0ad38895d1ba6

idm-jss-debuginfo-5.3.0-1.el9.x86_64.rpm

SHA-256: 60470117ac4cc96cf01bcce5c0349900bcd8b940850fc22229e37a095bbab505

idm-ldapjdk-5.3.0-1.el9.noarch.rpm

SHA-256: c519d18bcec95be5a4664e1384b51d42295fb33b8249decef7e232dae6a4dfe4

idm-pki-acme-11.3.0-1.el9.noarch.rpm

SHA-256: 60e79e3a20026b1f301d994b8a3e2570e855f3903cf8c37ad405f9dfdeb3a5d8

idm-pki-base-11.3.0-1.el9.noarch.rpm

SHA-256: e8ef0cdcaf7fd2836c63d19070d808c21ca5ec7f4d7869697a1088beb38c82a3

idm-pki-ca-11.3.0-1.el9.noarch.rpm

SHA-256: 66e6f0ec22213bc25cb30c3d1a8940a52ccad62015e2c631d6d5a7715a9ee3fe

idm-pki-est-11.3.0-1.el9.noarch.rpm

SHA-256: c86297be3c1213850285ccb6b2c198f9856a29c39291bada1e54050fdbf09004

idm-pki-java-11.3.0-1.el9.noarch.rpm

SHA-256: 3fca493f7a4b8d4c1616228f9ecb7df369195dfe2c635b971344943de11606ad

idm-pki-kra-11.3.0-1.el9.noarch.rpm

SHA-256: f7c80f6078287eb3f2636c35f153357afa62b6d3d6548413e5de537dd79d0216

idm-pki-server-11.3.0-1.el9.noarch.rpm

SHA-256: bdafac0035c2b8eec6e5d7f215860926e986f9bc5d44549dc44950732ac6c362

idm-pki-tools-11.3.0-1.el9.x86_64.rpm

SHA-256: 1d61b1eb311a7ffd769b7bc081bd048a0412f7533004bc351efc3c6d893e402f

idm-tomcatjss-8.3.0-1.el9.noarch.rpm

SHA-256: bde8631c5e941354fdcad22c4aaede7867112e93b6f6e7fa61d83646964a27b1

jss-debugsource-5.3.0-1.el9.x86_64.rpm

SHA-256: 8608ebb9494363cfe229256cdb95598f8038b114fbe03967ae64d8a7ad540432

python3-idm-pki-11.3.0-1.el9.noarch.rpm

SHA-256: 210d9919802821266f0ef3a3fa73aaaf9575b5557ec603bb8943dfafe248d7bf

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

jss-5.3.0-1.el9.src.rpm

SHA-256: be153704751840f2799d0b6b974ae866ddd5084dd164e4972aa152e09b17c3da

ldapjdk-5.3.0-1.el9.src.rpm

SHA-256: 31937ad811b2a17ff649bf2c2bad520e1618a4cdbc183bc90596425d54666dec

pki-core-11.3.0-1.el9.src.rpm

SHA-256: 741963f12635442fec0f72aaa1bfcef0b8bd50911a35f77d1a566094ab25bdc0

tomcatjss-8.3.0-1.el9.src.rpm

SHA-256: 193f3d1836c382eed8339c58e4e25fc8789c69388ec968bbe93dd86972152a68

s390x

idm-jss-5.3.0-1.el9.s390x.rpm

SHA-256: 03e90ba0ec0be724b44ce9d67e0d1f21cd2955c84c1099102385253a3b01ff72

idm-jss-debuginfo-5.3.0-1.el9.s390x.rpm

SHA-256: b8314b0eb7ede99fbed48257d9050a06b1bb777c1ba24ddc97bf9dc97db8ddba

idm-ldapjdk-5.3.0-1.el9.noarch.rpm

SHA-256: c519d18bcec95be5a4664e1384b51d42295fb33b8249decef7e232dae6a4dfe4

idm-pki-acme-11.3.0-1.el9.noarch.rpm

SHA-256: 60e79e3a20026b1f301d994b8a3e2570e855f3903cf8c37ad405f9dfdeb3a5d8

idm-pki-base-11.3.0-1.el9.noarch.rpm

SHA-256: e8ef0cdcaf7fd2836c63d19070d808c21ca5ec7f4d7869697a1088beb38c82a3

idm-pki-ca-11.3.0-1.el9.noarch.rpm

SHA-256: 66e6f0ec22213bc25cb30c3d1a8940a52ccad62015e2c631d6d5a7715a9ee3fe

idm-pki-est-11.3.0-1.el9.noarch.rpm

SHA-256: c86297be3c1213850285ccb6b2c198f9856a29c39291bada1e54050fdbf09004

idm-pki-java-11.3.0-1.el9.noarch.rpm

SHA-256: 3fca493f7a4b8d4c1616228f9ecb7df369195dfe2c635b971344943de11606ad

idm-pki-kra-11.3.0-1.el9.noarch.rpm

SHA-256: f7c80f6078287eb3f2636c35f153357afa62b6d3d6548413e5de537dd79d0216

idm-pki-server-11.3.0-1.el9.noarch.rpm

SHA-256: bdafac0035c2b8eec6e5d7f215860926e986f9bc5d44549dc44950732ac6c362

idm-pki-tools-11.3.0-1.el9.s390x.rpm

SHA-256: 999a2527e07c72081c8046b9f1c488f1b81db085f3422b9191b88afe5647d611

idm-tomcatjss-8.3.0-1.el9.noarch.rpm

SHA-256: bde8631c5e941354fdcad22c4aaede7867112e93b6f6e7fa61d83646964a27b1

jss-debugsource-5.3.0-1.el9.s390x.rpm

SHA-256: 854b741be28ee729af333abe70968ebd6576e9293569b6521504a008cba1215f

python3-idm-pki-11.3.0-1.el9.noarch.rpm

SHA-256: 210d9919802821266f0ef3a3fa73aaaf9575b5557ec603bb8943dfafe248d7bf

Red Hat Enterprise Linux for Power, little endian 9

SRPM

jss-5.3.0-1.el9.src.rpm

SHA-256: be153704751840f2799d0b6b974ae866ddd5084dd164e4972aa152e09b17c3da

ldapjdk-5.3.0-1.el9.src.rpm

SHA-256: 31937ad811b2a17ff649bf2c2bad520e1618a4cdbc183bc90596425d54666dec

pki-core-11.3.0-1.el9.src.rpm

SHA-256: 741963f12635442fec0f72aaa1bfcef0b8bd50911a35f77d1a566094ab25bdc0

tomcatjss-8.3.0-1.el9.src.rpm

SHA-256: 193f3d1836c382eed8339c58e4e25fc8789c69388ec968bbe93dd86972152a68

ppc64le

idm-jss-5.3.0-1.el9.ppc64le.rpm

SHA-256: 7d4c788eab837ffdee17db64a904ccb2f49be736feac49ddde3c523009efc7d1

idm-jss-debuginfo-5.3.0-1.el9.ppc64le.rpm

SHA-256: 1699d3a3d04f4908892a5519600ffa2e8e86396733d27744818438163f07c819

idm-ldapjdk-5.3.0-1.el9.noarch.rpm

SHA-256: c519d18bcec95be5a4664e1384b51d42295fb33b8249decef7e232dae6a4dfe4

idm-pki-acme-11.3.0-1.el9.noarch.rpm

SHA-256: 60e79e3a20026b1f301d994b8a3e2570e855f3903cf8c37ad405f9dfdeb3a5d8

idm-pki-base-11.3.0-1.el9.noarch.rpm

SHA-256: e8ef0cdcaf7fd2836c63d19070d808c21ca5ec7f4d7869697a1088beb38c82a3

idm-pki-ca-11.3.0-1.el9.noarch.rpm

SHA-256: 66e6f0ec22213bc25cb30c3d1a8940a52ccad62015e2c631d6d5a7715a9ee3fe

idm-pki-est-11.3.0-1.el9.noarch.rpm

SHA-256: c86297be3c1213850285ccb6b2c198f9856a29c39291bada1e54050fdbf09004

idm-pki-java-11.3.0-1.el9.noarch.rpm

SHA-256: 3fca493f7a4b8d4c1616228f9ecb7df369195dfe2c635b971344943de11606ad

idm-pki-kra-11.3.0-1.el9.noarch.rpm

SHA-256: f7c80f6078287eb3f2636c35f153357afa62b6d3d6548413e5de537dd79d0216

idm-pki-server-11.3.0-1.el9.noarch.rpm

SHA-256: bdafac0035c2b8eec6e5d7f215860926e986f9bc5d44549dc44950732ac6c362

idm-pki-tools-11.3.0-1.el9.ppc64le.rpm

SHA-256: 24ade7223ed96645aac8fdb5ee57f23303204ee978d578a0ecfe76eb49dfe319

idm-tomcatjss-8.3.0-1.el9.noarch.rpm

SHA-256: bde8631c5e941354fdcad22c4aaede7867112e93b6f6e7fa61d83646964a27b1

jss-debugsource-5.3.0-1.el9.ppc64le.rpm

SHA-256: 01986e74a66d283a1edf5019549edee3805861e01eb7be6d1e7fe993f82acb17

python3-idm-pki-11.3.0-1.el9.noarch.rpm

SHA-256: 210d9919802821266f0ef3a3fa73aaaf9575b5557ec603bb8943dfafe248d7bf

Red Hat Enterprise Linux for ARM 64 9

SRPM

jss-5.3.0-1.el9.src.rpm

SHA-256: be153704751840f2799d0b6b974ae866ddd5084dd164e4972aa152e09b17c3da

ldapjdk-5.3.0-1.el9.src.rpm

SHA-256: 31937ad811b2a17ff649bf2c2bad520e1618a4cdbc183bc90596425d54666dec

pki-core-11.3.0-1.el9.src.rpm

SHA-256: 741963f12635442fec0f72aaa1bfcef0b8bd50911a35f77d1a566094ab25bdc0

tomcatjss-8.3.0-1.el9.src.rpm

SHA-256: 193f3d1836c382eed8339c58e4e25fc8789c69388ec968bbe93dd86972152a68

aarch64

idm-jss-5.3.0-1.el9.aarch64.rpm

SHA-256: 03b4ce94ba9a5c8fc654cb045e62ce183ec2442c5ee882da39d76ce94f7b8999

idm-jss-debuginfo-5.3.0-1.el9.aarch64.rpm

SHA-256: f628aeb2590e21dac2056e1c436293b5e6d717badd326d38e9d12f4457bb1d54

idm-ldapjdk-5.3.0-1.el9.noarch.rpm

SHA-256: c519d18bcec95be5a4664e1384b51d42295fb33b8249decef7e232dae6a4dfe4

idm-pki-acme-11.3.0-1.el9.noarch.rpm

SHA-256: 60e79e3a20026b1f301d994b8a3e2570e855f3903cf8c37ad405f9dfdeb3a5d8

idm-pki-base-11.3.0-1.el9.noarch.rpm

SHA-256: e8ef0cdcaf7fd2836c63d19070d808c21ca5ec7f4d7869697a1088beb38c82a3

idm-pki-ca-11.3.0-1.el9.noarch.rpm

SHA-256: 66e6f0ec22213bc25cb30c3d1a8940a52ccad62015e2c631d6d5a7715a9ee3fe

idm-pki-est-11.3.0-1.el9.noarch.rpm

SHA-256: c86297be3c1213850285ccb6b2c198f9856a29c39291bada1e54050fdbf09004

idm-pki-java-11.3.0-1.el9.noarch.rpm

SHA-256: 3fca493f7a4b8d4c1616228f9ecb7df369195dfe2c635b971344943de11606ad

idm-pki-kra-11.3.0-1.el9.noarch.rpm

SHA-256: f7c80f6078287eb3f2636c35f153357afa62b6d3d6548413e5de537dd79d0216

idm-pki-server-11.3.0-1.el9.noarch.rpm

SHA-256: bdafac0035c2b8eec6e5d7f215860926e986f9bc5d44549dc44950732ac6c362

idm-pki-tools-11.3.0-1.el9.aarch64.rpm

SHA-256: 546223527861b7126b6450dfe98e5046d9712e5928495b4642acc70055e73c29

idm-tomcatjss-8.3.0-1.el9.noarch.rpm

SHA-256: bde8631c5e941354fdcad22c4aaede7867112e93b6f6e7fa61d83646964a27b1

jss-debugsource-5.3.0-1.el9.aarch64.rpm

SHA-256: bcc7a1919bb8d9edc4f5d94dd6296b851a315bd1b67e7c73efbccadd3671232e

python3-idm-pki-11.3.0-1.el9.noarch.rpm

SHA-256: 210d9919802821266f0ef3a3fa73aaaf9575b5557ec603bb8943dfafe248d7bf

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-3394-01

Red Hat Security Advisory 2023-3394-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

1 year ago

Packet Storm

Open in Source

#vulnerability #linux #red_hat #js #java #ldap

RHSA-2023:3394: Red Hat Security Advisory: pki-core:10.6 security update

An update for the pki-core:10.6 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able t...

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #linux #red_hat #js #java #ldap #auth #ibm #sap

Red Hat Security Advisory 2022-7086-01

Red Hat Security Advisory 2022-7086-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

1 year ago

Packet Storm

Open in Source

#vulnerability #linux #red_hat #js #java

RHSA-2022:7086: Red Hat Security Advisory: pki-core security update

An update for pki-core is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2393: pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #java #kubernetes #aws #ibm

Red Hat Security Advisory 2022-7077-01

Red Hat Security Advisory 2022-7077-01 - Updated CVE security packages are now available for Red Hat Certificate System 9.7.

1 year ago

Packet Storm

Open in Source

#vulnerability #red_hat #js

RHSA-2022:7077: Red Hat Security Advisory: Red Hat Certificate System 9.7 CVE bug fix update

Updated CVE security packages are now available for Red Hat Certificate System 9.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References sectionThis content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2393: pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #java #kubernetes #aws

CVE-2022-2393: Invalid Bug ID

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

2 years ago

CVE

Open in Source

#auth