Описание
ELSA-2023-2293: pki-core security, bug fix, and enhancement update (MODERATE)
jss [5.3.0-1]
- Rebase to JSS 5.3.0
[5.3.0-0.3.beta2]
- Rebase to JSS 5.3.0-beta2
- Bug 2017098 - pki pkcs12-cert-add command failing with 'Unable to validate PKCS #12 file: Digests do not match' exception
[5.3.0-0.2.beta1]
- Rebase to JSS 5.3.0-beta1
ldapjdk [5.3.0-1]
- Rebase to LDAP SDK 5.3.0
[5.3.0-0.2.beta1]
- Rebase to LDAP SDK 5.3.0-beta1
pki-core [11.3.0-1.0.1]
- Replaced upstream graphical references [Orabug: 33952704]
[11.3.0-1]
- Rebase to PKI 11.3.0
- Bug #2091993 - IdM Install fails on RHEL 8.5 Beta when DISA STIG is applied
- Bug #2122409 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled
[11.3.0-0.2.beta1]
- Rebase to PKI 11.3.0-beta1
- Bug #1849834 - [RFE] Provide EST Responder (RFC 7030)
- Bug #1883477 - [RFE] Automatic expired certificate purging
- Bug #2091999 - Error displayed should be user friendly in case RSNv3 certificate serial number collision
- Bug #2106452 - softhsm2: Unable to create cert: Private key not found
- Bug #2106459 - CVE-2022-2393 pki-core: Improper authentication/authorization with caServerKeygen_DirUserCert profile
[11.2.1-1]
- Rebase to PKI 11.2.1
- Bug #2107336 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.1.0]
[11.2.0-1]
- Rebase to PKI 11.2.0
- Bug #2084639 ipa cert-request ssl error
- Bug #2099312 SKI field is not reflected back in generated CSR
- Bug #2095197 PKI cert-fix operation failing
[11.2.0-0.4.beta3]
- Rebase to PKI 11.2.0-beta3
- Bug #2062808 Drop SHA-1 use from authentication challenges [rhel-9.1.0]
[11.2.0-0.3.beta2]
- Rebase to PKI 11.2.0-beta2
- Rename packages to idm-pki
[11.2.0-0.2.beta1]
- Rebase to PKI 11.2.0-beta1
[11.0.3-1]
- Bug #2033109 Invalid certificates with creation of subCA (pkispawn single step)[rhel-9.0.0]
- Bug #2013141 kra-key-retrieve failed to accept xml input format to generate .p12 key through cli
- Bug #2029838 SHA1withRSA being listed in signing certificates while approving certificate via Agent page in browser
[11.0.1-3]
- Change gcc compiler flags to fix annobin gating failures
[11.0.1-2]
- Rebase to PKI 11.0.1
[11.0.0-1]
- Rebase to PKI 11.0.0
[11.0.0-0.6.beta1]
- Rebase to PKI 11.0.0-beta1
- Bug #1999052 - pki instance creation fails for IPA server
[11.0.0-0.5.alpha1]
- Drop BuildRequires and Requires on glassfish-jaxb-api and jaxb-impl Resolves #2002594
[11.0.0-0.4.alpha1]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688
[11.0.0-0.3]
- Drop sudo dependency
[11.0.0-0.2]
- Resolves: rhbz#1975406 - IPA installation fails during pki-tomcatd setup.
[11.0.0-0.1]
- Rebase to PKI 11.0.0-alpha1
[10.11.0-0.1]
- Rebase to PKI 10.11.0-alpha1
tomcatjss [8.3.0-1]
- Rebase to Tomcat JSS 8.3.0
[8.3.0-0.2.beta1]
- Rebase to Tomcat JSS 8.3.0-beta1
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
idm-jss
5.3.0-1.el9
idm-ldapjdk
5.3.0-1.el9
idm-pki-acme
11.3.0-1.0.1.el9
idm-pki-base
11.3.0-1.0.1.el9
idm-pki-ca
11.3.0-1.0.1.el9
idm-pki-est
11.3.0-1.0.1.el9
idm-pki-java
11.3.0-1.0.1.el9
idm-pki-kra
11.3.0-1.0.1.el9
idm-pki-server
11.3.0-1.0.1.el9
idm-pki-tools
11.3.0-1.0.1.el9
idm-tomcatjss
8.3.0-1.el9
python3-idm-pki
11.3.0-1.0.1.el9
Oracle Linux x86_64
idm-jss
5.3.0-1.el9
idm-ldapjdk
5.3.0-1.el9
idm-pki-acme
11.3.0-1.0.1.el9
idm-pki-base
11.3.0-1.0.1.el9
idm-pki-ca
11.3.0-1.0.1.el9
idm-pki-est
11.3.0-1.0.1.el9
idm-pki-java
11.3.0-1.0.1.el9
idm-pki-kra
11.3.0-1.0.1.el9
idm-pki-server
11.3.0-1.0.1.el9
idm-pki-tools
11.3.0-1.0.1.el9
idm-tomcatjss
8.3.0-1.el9
python3-idm-pki
11.3.0-1.0.1.el9
Связанные CVE
Связанные уязвимости
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
A flaw was found in pki-core, which could allow a user to get a certif ...
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.