Alerts This Week
Warning Icon 1 1,179
Alerts This Week
Warning Icon 1 1,179

Ubuntu 7146-1: Dogtag PKI Security Advisory Updates

ubuntu
Calendar Grey December 10, 2024
Dist Ubuntu Esm H88
Several vulnerabilities fixed in Dogtag PKI for Ubuntu 22.04 and 16.04 LTS. Update recommended for security.
Several security issues were fixed in dogtag-pki.

Summary

Several security issues were fixed in dogtag-pki.

Software Description:

- dogtag-pki: Dogtag Public Key Infrastructure (PKI) Suite

Details:

Christina Fu discovered that Dogtag PKI accidentally enabled a mock

authentication plugin by default. An attacker could potentially use

this flaw to bypass the regular authentication process and trick the

CA server into issuing certificates. This issue only affected Ubuntu

16.04 LTS. (CVE-2017-7537)

It was discovered that Dogtag PKI did not properly sanitize user

input. An attacker could possibly use this issue to perform cross site

scripting and obtain sensitive information. This issue only affected

Ubuntu 22.04 LTS. (CVE-2020-25715)

It was discovered that the XML parser did not properly handle entity

expansion. A remote attacker could potentially retrieve the content of

arbitrary files by sending specially crafted HTTP requests. This issue

only affected Ubuntu 16.04 LTS. (CVE-2022-2414)

Topics%20covered

Topics Covered

No topics assigned

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  dogtag-pki                      11.0.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  pki-base                        11.0.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  pki-base-java                   11.0.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  pki-ca                          11.0.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  pki-server                      11.0.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  dogtag-pki                      10.2.6+git20160317-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  pki-base                        10.2.6+git20160317-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  pki-ca                          10.2.6+git20160317-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  pki-server                      10.2.6+git20160317-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7146-1

CVE-2017-7537, CVE-2020-25715, CVE-2022-2414

Severity
important
Lowest
Low
Medium
High
Critical

==========================================================================

Topics%20covered

Topics Covered

No topics assigned

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here