Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Red Hat 9.7 RHSA-2022:7077-01 Moderate: Security Fix for Certificate System

red hat
Calendar Grey October 24, 2022
Dist Redhat Esm H88
Red Hat has issued a notification for Certificate System version 9.7, concerning a moderate vulnerability. More information below.
Updated CVE security packages are now available for Red Hat Certificate System 9.7

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
* CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhcs_9.7] [BZ #2111493]
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

https://access.redhat.com/security/cve/CVE-2022-2393 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7:
Source: pki-core-10.5.18-23.el7pki.src.rpm redhat-pki-theme-10.5.18-15.el7pki.src.rpm
noarch: pki-ocsp-10.5.18-23.el7pki.noarch.rpm pki-tks-10.5.18-23.el7pki.noarch.rpm redhat-pki-console-theme-10.5.18-15.el7pki.noarch.rpm redhat-pki-server-theme-10.5.18-15.el7pki.noarch.rpm
x86_64: pki-core-debuginfo-10.5.18-23.el7pki.x86_64.rpm pki-tps-10.5.18-23.el7pki.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Advisory ID: RHSA-2022:7077-01
Product: Red Hat Certificate System
Issue date: 2022-10-24

Topic

Updated CVE security packages are now available for Red Hat CertificateSystem 9.7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section

Relevant Releases Architectures

Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7 - noarch, x86_64

Bugs Fixed

2101046 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.