Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2018-1979

Опубликовано: 27 июн. 2018
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2018-1979: pki-core security, bug fix, and enhancement update (MODERATE)

[10.5.1-13.1]

  • Rebuild due to build system database problem

[10.5.1-13]

  • ##########################################################################

  • RHEL 7.5:

  • ##########################################################################
  • Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal)
  • Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu)
  • Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor)
  • Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata)
  • Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu)
  • Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu)
  • ##########################################################################

  • RHCS 9.3:

  • ##########################################################################

  • Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,

[10.5.1-12]

  • Updated 'jss' build and runtime requirements (mharmsen)
  • ##########################################################################

  • RHEL 7.5:

  • ##########################################################################
  • Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu)
  • Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata)
  • Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu)
  • Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu)
  • Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne)
  • Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu)
  • Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu)
  • Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu)
  • ##########################################################################

  • RHCS 9.3:

  • ##########################################################################

  • Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,

[10.5.1-11]

  • ##########################################################################

  • RHEL 7.5:

  • ##########################################################################
  • Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu)
  • Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
  • ##########################################################################

  • RHCS 9.3:

  • ##########################################################################

  • Bugzilla Bug #1560233 - libtps does not directly depend on libz

[10.5.1-10]

  • ##########################################################################

  • RHEL 7.5:

  • ##########################################################################
  • Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu)
  • Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata)
  • Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen)
  • Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal)
  • Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu)
  • Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu)
  • Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
  • Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal)
  • Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat)
  • ##########################################################################

  • RHCS 9.3:

  • ##########################################################################

  • Bugzilla Bug #1560233 - libtps does not directly depend on libz

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

pki-base

10.5.1-13.1.el7_5

pki-base-java

10.5.1-13.1.el7_5

pki-ca

10.5.1-13.1.el7_5

pki-javadoc

10.5.1-13.1.el7_5

pki-kra

10.5.1-13.1.el7_5

pki-server

10.5.1-13.1.el7_5

pki-symkey

10.5.1-13.1.el7_5

pki-tools

10.5.1-13.1.el7_5

Oracle Linux x86_64

pki-base

10.5.1-13.1.el7_5

pki-base-java

10.5.1-13.1.el7_5

pki-ca

10.5.1-13.1.el7_5

pki-javadoc

10.5.1-13.1.el7_5

pki-kra

10.5.1-13.1.el7_5

pki-server

10.5.1-13.1.el7_5

pki-symkey

10.5.1-13.1.el7_5

pki-tools

10.5.1-13.1.el7_5

Связанные CVE

CVE-2018-1080

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2018-1080

CVSS3: 7.5
ubuntu
больше 7 лет назад

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.

redhat логотип

CVE-2018-1080

CVSS3: 7.5
redhat
больше 7 лет назад

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.

nvd логотип

CVE-2018-1080

CVSS3: 7.5
nvd
больше 7 лет назад

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.

debian логотип

CVE-2018-1080

CVSS3: 7.5
debian
больше 7 лет назад

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.j ...

github логотип

GHSA-h277-5r6v-m3gv

CVSS3: 8.1
github
больше 3 лет назад

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.