Описание
Important: pki-deps:10.6 security update
The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System.
Security Fix(es):
-
tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037)
-
tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014)
-
tomcat: Open redirect in default servlet (CVE-2018-11784)
-
tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 1579611
- Red Hat - 1607580
- Red Hat - 1607582
- Red Hat - 1636512
