RedHat: RHSA-2022-8915:01 Important: Red Hat Certificate System 9.7
Summary
The Public Key Infrastructure (PKI) Core contains fundamental packages
required by Red Hat Certificate System.
Security Fix(es):
* pki-core: access to external entities when parsing XML can lead to XXE
(CVE-2022-2414)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Update RHCS version of CA, KRA, OCSP, and TKS so that it can be
identified using a browser [RHCS 9.7.z BU 19] (BZ#2136537)
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2022-2414 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7:
Source:
pki-core-10.5.18-24.el7pki.src.rpm
redhat-pki-theme-10.5.18-16.el7pki.src.rpm
noarch:
pki-ocsp-10.5.18-24.el7pki.noarch.rpm
pki-tks-10.5.18-24.el7pki.noarch.rpm
redhat-pki-console-theme-10.5.18-16.el7pki.noarch.rpm
redhat-pki-server-theme-10.5.18-16.el7pki.noarch.rpm
x86_64:
pki-core-debuginfo-10.5.18-24.el7pki.x86_64.rpm
pki-tps-10.5.18-24.el7pki.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update is now available for Red Hat Certificate System 9.7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7 - noarch, x86_64
Bugs Fixed
2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE