Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-7086

Опубликовано: 24 окт. 2022
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2022-7086: pki-core security update (MODERATE)

[10.5.18-23]

  • ##########################################################################

  • RHEL 7.9 (Batch Update 18):

  • ##########################################################################
  • Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
  • Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
  • ##########################################################################

  • RHCS 9.7 (Batch Update 18):

  • ##########################################################################
  • Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [certificate_system_9.7.z] (ckelley, mharmsen)
  • Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)

[10.5.18-22]

  • ##########################################################################

  • RHEL 7.9 (Batch Update 17):

  • ##########################################################################
  • Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
  • Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
  • ##########################################################################

  • RHCS 9.7 (Batch Update 17):

  • ##########################################################################
  • Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [certificate_system_9.7.z] (ckelley, mharmsen)
  • Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

pki-base

10.5.18-23.el7_9

pki-base-java

10.5.18-23.el7_9

pki-ca

10.5.18-23.el7_9

pki-javadoc

10.5.18-23.el7_9

pki-kra

10.5.18-23.el7_9

pki-server

10.5.18-23.el7_9

pki-symkey

10.5.18-23.el7_9

pki-tools

10.5.18-23.el7_9

Oracle Linux x86_64

pki-base

10.5.18-23.el7_9

pki-base-java

10.5.18-23.el7_9

pki-ca

10.5.18-23.el7_9

pki-javadoc

10.5.18-23.el7_9

pki-kra

10.5.18-23.el7_9

pki-server

10.5.18-23.el7_9

pki-symkey

10.5.18-23.el7_9

pki-tools

10.5.18-23.el7_9

Связанные CVE

CVE-2022-2393

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2022-2393

CVSS3: 5.7
ubuntu
около 3 лет назад

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

redhat логотип

CVE-2022-2393

CVSS3: 7.6
redhat
около 3 лет назад

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

nvd логотип

CVE-2022-2393

CVSS3: 5.7
nvd
около 3 лет назад

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

debian логотип

CVE-2022-2393

CVSS3: 5.7
debian
около 3 лет назад

A flaw was found in pki-core, which could allow a user to get a certif ...

github логотип

GHSA-hjh3-jq28-5qcc

CVSS3: 5.7
github
около 3 лет назад

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.