MGASA-2020-0018 - Updated jss packages fix security vulnerability

Publication date: 05 Jan 2020
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-14823

Updated jss packages fix security vulnerability:

A flaw was found in the "Leaf and Chain" OCSP policy implementation in
JSS CryptoManager, where it implicitly trusted the root certificate of
a certificate chain. Applications using this policy may not properly
verify the chain and could be vulnerable to attacks such as Man in the
Middle (CVE-2019-14823).

-[email protected]/thread/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/

- 7/core/jss-4.6.2-1.mga7