MGASA-2020-0018 - Updated jss packages fix security vulnerability

Publication date: 05 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0018.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-14823

Updated jss packages fix security vulnerability:

A flaw was found in the "Leaf and Chain" OCSP policy implementation in
JSS CryptoManager, where it implicitly trusted the root certificate of
a certificate chain. Applications using this policy may not properly
verify the chain and could be vulnerable to attacks such as Man in the
Middle (CVE-2019-14823).

References:
- https://bugs.mageia.org/show_bug.cgi?id=25958
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14823

SRPMS:
- 7/core/jss-4.6.2-1.mga7