Описание
ELSA-2021-2235: pki-core:10.6 security update (IMPORTANT)
pki-core [10.10.5-3.0.1]
- Remove upstream reference.
[10.10.5-3]
- Bug 1960146 - CVE-2021-3551 Dogtag installer 'pkispawn' logs admin credentials into a world-readable log file
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module pki-core:10.6 is enabled
jss
4.8.1-2.module+el8.4.0+20154+9830f79e
jss-javadoc
4.8.1-2.module+el8.4.0+20154+9830f79e
ldapjdk
4.22.0-1.module+el8.3.0+7857+983338ee
ldapjdk-javadoc
4.22.0-1.module+el8.3.0+7857+983338ee
pki-acme
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-base
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-base-java
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-ca
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-kra
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-server
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-symkey
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-tools
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
python3-pki
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
tomcatjss
7.6.1-1.module+el8.4.0+20053+7cddd5b6
Oracle Linux x86_64
Module pki-core:10.6 is enabled
jss
4.8.1-2.module+el8.4.0+20154+9830f79e
jss-javadoc
4.8.1-2.module+el8.4.0+20154+9830f79e
ldapjdk
4.22.0-1.module+el8.3.0+7857+983338ee
ldapjdk-javadoc
4.22.0-1.module+el8.3.0+7857+983338ee
pki-acme
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-base
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-base-java
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-ca
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-kra
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-server
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-symkey
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
pki-tools
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
python3-pki
10.10.5-3.0.1.module+el8.4.0+20181+8592f730
tomcatjss
7.6.1-1.module+el8.4.0+20053+7cddd5b6
Связанные CVE
Связанные уязвимости
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the PKI-server, where the spkispawn command, when ...
