Oracle alert ELSA-2024-4222 (pki-core)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2024-4222 Important: Oracle Linux 7 pki-core security update | |
| Date: | Wed, 03 Jul 2024 13:09:02 -0700 | |
| Message-ID: | <mailman.6.1720037351.5126.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2024-4222 http://linux.oracle.com/errata/ELSA-2024-4222.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: pki-base-10.5.18-32.el7_9.noarch.rpm pki-base-java-10.5.18-32.el7_9.noarch.rpm pki-ca-10.5.18-32.el7_9.noarch.rpm pki-javadoc-10.5.18-32.el7_9.noarch.rpm pki-kra-10.5.18-32.el7_9.noarch.rpm pki-server-10.5.18-32.el7_9.noarch.rpm pki-symkey-10.5.18-32.el7_9.x86_64.rpm pki-tools-10.5.18-32.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//pki-core-10.5.18... Related CVEs: CVE-2023-4727 Description of changes: [10.5.18-32] - ########################################################################## - # RHEL 7.9 (Async Security Update CY24Q2.4): - ########################################################################## - Updated nspr-devel and nss-devel build requirements as well as nss and nss-tools runtime requirements (mharmsen) - Updated jss dependencies (mharmsen) - Added git build dependency (mharmsen) - Additional trivial fix (jmagne) - RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability [rhel-7.9.z] (jmagne) - RHEL-24339 - pki-core - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z] (mfargett) - RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett) - ########################################################################## - # RHCS 9.7 (Async Security Update CY24Q2.4): - ########################################################################## - Bug 2047831 - Coolkey Hardcoded RSA Max Key Size [RHCS 9.7.z] (jmagne) - Bug 2121463 - Add Secure Channel Support for AES-256 Keys [RHCS 9.7.z] (jmagne) - Bug 2177785 - TPS missing Host header field in HTTP/1.1 request message [RHCS 9.7.z] (mfargett) - Bug 2180920 - add AES support for TMS server-side keygen on latest HSM / FIPS environment [RHCS 9.7.z] (jmagne) - Bug 2233158 - Make key wrapping algorithm configurable between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne) - Bug 2253682 - pkidestroy log keeps HSM token password [RHCS 9.7.z] (mfargett, jmagne) - Bug 2265180 - Add Support for Symmetric Key Rollover [RHCS 9.7.z] (jmagne) - Bug 2280722 - Shared token is not generated for TPS and TKS during install despite adding pki_import_shared_secret=True param at install [RHCS 9.7.z] (jmagne) [10.5.18-31] - ########################################################################## - # RHEL 7.9 (Async Security Update CY24Q2.3): - ########################################################################## - Updated nspr-devel and nss-devel build requirements as well as nss and nss-tools runtime requirements (mharmsen) - Updated jss dependencies (mharmsen) - Added git build dependency (mharmsen) - Additional trivial fix (jmagne) - RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability [rhel-7.9.z] (jmagne) - RHEL-24339 - pki-core - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z] (mfargett) - RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett) - ########################################################################## - # RHCS 9.7 (Async Security Update CY24Q2.3): - ########################################################################## - Bug 2047831 - Coolkey Hardcoded RSA Max Key Size [RHCS 9.7.z] (jmagne) - Bug 2121463 - Add Secure Channel Support for AES-256 Keys [RHCS 9.7.z] (jmagne) - Bug 2177785 - TPS missing Host header field in HTTP/1.1 request message [RHCS 9.7.z] (mfargett) - Bug 2180920 - add AES support for TMS server-side keygen on latest HSM / FIPS environment [RHCS 9.7.z] (jmagne) - Bug 2233158 - Make key wrapping algorithm configurable between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne) - Bug 2253682 - pkidestroy log keeps HSM token password [RHCS 9.7.z] (mfargett, jmagne) - Bug 2265180 - Add Support for Symmetric Key Rollover [RHCS 9.7.z] (jmagne) - Bug 2280722 - Shared token is not generated for TPS and TKS during install despite adding pki_import_shared_secret=True param at install [RHCS 9.7.z] (jmagne) [10.5.18-30] - ########################################################################## - # RHEL 7.9 (Async Security Update CY24Q2.2): - ########################################################################## - Updated nspr-devel and nss-devel build requirements as well as nss and nss-tools runtime requirements (mharmsen) - Updated jss dependencies (mharmsen) - Added git build dependency (mharmsen) - Additional trivial fix (jmagne) - RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability [rhel-7.9.z] (jmagne) - RHEL-24339 - pki-core - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z] (mfargett) - RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett) - ########################################################################## - # RHCS 9.7 (Async Security Update CY24Q2.2): - ########################################################################## - Bug 2047831 - Coolkey Hardcoded RSA Max Key Size [RHCS 9.7.z] (jmagne) - Bug 2121463 - Add Secure Channel Support for AES-256 Keys [RHCS 9.7.z] (jmagne) - Bug 2177785 - TPS missing Host header field in HTTP/1.1 request message [RHCS 9.7.z] (mfargett) - Bug 2180920 - add AES support for TMS server-side keygen on latest HSM / FIPS environment [RHCS 9.7.z] (jmagne) - Bug 2233158 - Make key wrapping algorithm configurable between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne) - Bug 2253682 - pkidestroy log keeps HSM token password [RHCS 9.7.z] (mfargett, jmagne) - Bug 2265180 - Add Support for Symmetric Key Rollover [RHCS 9.7.z] (jmagne) - Bug 2280722 - Shared token is not generated for TPS and TKS during install despite adding pki_import_shared_secret=True param at install [RHCS 9.7.z] (jmagne) [10.5.18-29] - ########################################################################## - # RHEL 7.9 (Async Security Update CY24Q2.1): - ########################################################################## - Updated nspr-devel and nss-devel build requirements as well as nss and nss-tools runtime requirements (mharmsen) - Updated jss dependencies (mharmsen) - Added git build dependency (mharmsen) - Additional trivial fix (jmagne) - RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability [rhel-7.9.z] (jmagne) - RHEL-24339 - pki-core - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z] (mfargett) - RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett) - ########################################################################## - # RHCS 9.7 (Async Security Update CY24Q2.1): - ########################################################################## - Bug 2047831 - Coolkey Hardcoded RSA Max Key Size [RHCS 9.7.z] (jmagne) - Bug 2121463 - Add Secure Channel Support for AES-256 Keys [RHCS 9.7.z] (jmagne) - Bug 2177785 - TPS missing Host header field in HTTP/1.1 request message [RHCS 9.7.z] (mfargett) - Bug 2180920 - add AES support for TMS server-side keygen on latest HSM / FIPS environment [RHCS 9.7.z] (jmagne) - Bug 2233158 - Make key wrapping algorithm configurable between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne) - Bug 2253682 - pkidestroy log keeps HSM token password [RHCS 9.7.z] (mfargett, jmagne) - Bug 2265180 - Add Support for Symmetric Key Rollover [RHCS 9.7.z] (jmagne) - Bug 2280722 - Shared token is not generated for TPS and TKS during install despite adding pki_import_shared_secret=True param at install [RHCS 9.7.z] (jmagne) [10.5.18-28] - ########################################################################## - # RHEL 7.9 (Async Security Update CY24Q2): - ########################################################################## - Updated nspr-devel and nss-devel build requirements as well as nss and nss-tools runtime requirements (mharmsen) - Updated jss dependencies (mharmsen) - Added git build dependency (mharmsen) - RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability [rhel-7.9.z] (jmagne) - RHEL-24339 - pki-core - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z] (mfargett) - RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett) - ########################################################################## - # RHCS 9.7 (Async Security Update CY24Q2): - ########################################################################## - Bug 2047831 - Coolkey Hardcoded RSA Max Key Size [RHCS 9.7.z] (jmagne) - Bug 2121463 - Add Secure Channel Support for AES-256 Keys [RHCS 9.7.z] (jmagne) - Bug 2177785 - TPS missing Host header field in HTTP/1.1 request message [RHCS 9.7.z] (mfargett) - Bug 2180920 - add AES support for TMS server-side keygen on latest HSM / FIPS environment [RHCS 9.7.z] (jmagne) - Bug 2233158 - Make key wrapping algorithm configurable between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne) - Bug 2253682 - pkidestroy log keeps HSM token password [RHCS 9.7.z] (mfargett) - Bug 2265180 - Add Support for Symmetric Key Rollover [RHCS 9.7.z] (jmagne) _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata