Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:7470

Опубликовано: 08 нояб. 2022
Источник: rocky
Оценка: Important

Описание

Important: pki-core:10.6 and pki-deps:10.6 security and bug fix update

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System.

Security Fix(es):

  • pki-core: access to external entities when parsing XML can lead to XXE (CVE-2022-2414)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
apache-commons-collectionsnoarch10.module+el8.3.0+53+ea062990apache-commons-collections-3.2.2-10.module+el8.3.0+53+ea062990.noarch.rpm
apache-commons-langnoarch21.module+el8.3.0+53+ea062990apache-commons-lang-2.6-21.module+el8.3.0+53+ea062990.noarch.rpm
apache-commons-netnoarch3.module+el8.3.0+53+ea062990apache-commons-net-3.6-3.module+el8.3.0+53+ea062990.noarch.rpm
bea-stax-apinoarch16.module+el8.3.0+53+ea062990bea-stax-api-1.2.0-16.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-fastinfosetnoarch9.module+el8.3.0+53+ea062990glassfish-fastinfoset-1.2.13-9.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-apinoarch8.module+el8.3.0+53+ea062990glassfish-jaxb-api-2.2.12-8.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-corenoarch11.module+el8.3.0+53+ea062990glassfish-jaxb-core-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-runtimenoarch11.module+el8.3.0+53+ea062990glassfish-jaxb-runtime-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-txw2noarch11.module+el8.3.0+53+ea062990glassfish-jaxb-txw2-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
jackson-annotationsnoarch1.module+el8.3.0+53+ea062990jackson-annotations-2.10.0-1.module+el8.3.0+53+ea062990.noarch.rpm

Показывать по

Связанные CVE

CVE-2022-2414

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-2414

CVSS3: 7.5
ubuntu
почти 3 года назад

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

redhat логотип

CVE-2022-2414

CVSS3: 7.5
redhat
около 3 лет назад

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

nvd логотип

CVE-2022-2414

CVSS3: 7.5
nvd
почти 3 года назад

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

debian логотип

CVE-2022-2414

CVSS3: 7.5
debian
почти 3 года назад

Access to external entities when parsing XML documents can lead to XML ...

redos логотип

ROS-20230418-04

CVSS3: 7.5
redos
около 2 лет назад

Уязвимость pki-core