LWN.net Logo

Advertisement

GStreamer Conference 2013, 22-23 Oct, Edinburgh

GStreamer, Embedded Linux, Android, VoD, Smooth Streaming, DRM, RTSP, HEVC, PulseAudio, OpenGL. Register now to attend.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2013-9258 (pki-tps)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 17 Update: pki-tps-9.0.11-1.fc17 


Date:
    	      Thu, 06 Jun 2013 01:41:43 +0000


Message-ID:
    	      <20130606014142.5F47821A1F@bastion01.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-9258
2013-05-26 02:08:23
--------------------------------------------------------------------------------

Name        : pki-tps
Product     : Fedora 17
Version     : 9.0.11
Release     : 1.fc17
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Token Processing System
Description :
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

The Token Processing System (TPS) is an optional PKI subsystem that acts
as a Registration Authority (RA) for authenticating and processing
enrollment requests, PIN reset requests, and formatting requests from
the Enterprise Security Client (ESC).

TPS is designed to communicate with tokens that conform to
Global Platform's Open Platform Specification.

TPS communicates over SSL with various PKI backend subsystems (including
the Certificate Authority (CA), the Data Recovery Manager (DRM), and the
Token Key Service (TKS)) to fulfill the user's requests.

TPS also interacts with the token database, an LDAP server that stores
information about individual tokens.

For deployment purposes, a TPS requires the following components from the
PKI Core package:

  * pki-setup
  * pki-native-tools
  * pki-selinux

and can also make use of the following optional components from the
PKI CORE package:

  * pki-silent

Additionally, Certificate System requires ONE AND ONLY ONE of the
following "Mutually-Exclusive" PKI Theme packages:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
  * redhat-pki-theme (Red Hat Certificate System deployments)




==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================
${overview}

--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #923039 - (CVE-2013-1885) Certificate System: pki-tps XSS flaw, Bugzilla Bug #924870 -
(CVE-2013-1886) Certificate System: pki-tps format string injection
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 24 2013 Andrew Wnuk <awnuk@redhat.com> 9.0.11-1
- Bugzilla Bug #903401 - TMS: RSA token enrollment failed : public key decode
- Bugzilla Bug #923039 - (CVE-2013-1885) Certificate System: pki-tps XSS flaw
- Bugzilla Bug #924870 - (CVE-2013-1886) Certificate System: pki-tps format string injection
* Thu Dec  6 2012 Jack Magne <jmagne@rehdat.com> 9.0.10-1
- Bugzilla Bug #863272 - rhcs81 tps httpd segfault on interrupted token format operations. -
- Bugzilla Bug #864607 - Empty certificate search in TPS results in httpd.worker segmentation fault
then server error.
* Tue Oct 30 2012 Andrew Wnuk <awnuk@redhat.com> 9.0.9-1
- New official build
- Changes to allow tps to start correctly - (alee)
- TMS - ECC Key Recovery - ticket #252 (cfu)
- Provide default for operations transition list, related #858816 - (jmagne)
- TMS ECC infrastructure - ticket #304 (cfu)
* Wed Aug 22 2012 Ade Lee <alee@redhat.com> 9.0.8-1
- Added systemd scripts
* Tue Aug  7 2012 Nathan Kinder <nkinder@redhat.com> 9.0.7-4
- The API changed between httpd 2.2 and 2.4.  We now need to pass
  the module index to ap_log_error() when calling it.  The remote_ip
  member of the connection struct also was renamed to client_ip.
  (Patch for Fedora 18 only)
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.0.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #923039 - CVE-2013-1885 Certificate System: pki-tps XSS flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=923039
  [ 2 ] Bug #924870 - CVE-2013-1886 Certificate System: pki-tps format string injection
        https://bugzilla.redhat.com/show_bug.cgi?id=924870
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pki-tps' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds