Описание
ELSA-2017-2335: pki-core security update (MODERATE)
[10.4.1-11]
- Resolves: rhbz #1469432
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1469432 - CMC plugin default change
- Resolves CVE-2017-7537
- Fixes BZ #1470948
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
pki-base
10.4.1-11.el7
pki-base-java
10.4.1-11.el7
pki-ca
10.4.1-11.el7
pki-javadoc
10.4.1-11.el7
pki-kra
10.4.1-11.el7
pki-server
10.4.1-11.el7
pki-symkey
10.4.1-11.el7
pki-tools
10.4.1-11.el7
Связанные CVE
Связанные уязвимости
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
It was found that a mock CMC authentication plugin with a hardcoded se ...
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.