Описание
ELSA-2019-3067: jss security update (IMPORTANT)
- Thu Sep 12 2019 Dogtag PKI Team <pki-devel@redhat.com 4.4.6-3
- NVR bump
[4.4.6-2]
- Bugzilla #1747966 - CVE 2019-14823 jss: OCSP policy 'Leaf and Chain' implicitly trusts the root certificate
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
jss
4.4.6-3.el7_7
jss-javadoc
4.4.6-3.el7_7
Oracle Linux x86_64
jss
4.4.6-3.el7_7
jss-javadoc
4.4.6-3.el7_7
Связанные CVE
Связанные уязвимости
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
A flaw was found in the "Leaf and Chain" OCSP policy implementation in ...
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.