Mageia 7: 2020:0018 Critical: JSS Certificate Chain Trust Flaw
mageia
January 5, 2020
Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root cer...
Summary
Updated jss packages fix security vulnerability:
A flaw was found in the "Leaf and Chain" OCSP policy implementation in
JSS CryptoManager, where it implicitly trusted the root certificate of
a certificate chain. Applications using this policy may not properly
verify the chain and could be vulnerable to attacks such as Man in the
Middle (CVE-2019-14823).
References
- https://bugs.mageia.org/show_bug.cgi?id=25958
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/
- https://www.cve.org/CVERecord?id=CVE-2019-14823
Resolution
SRPMS
- 7/core/jss-4.6.2-1.mga7
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 05 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0018.html
Type: security
CVE: CVE-2019-14823
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!