Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
98
security advisorymoderatesecurity issueRed Hat 9.7 RHSA-2022:7077-01 Moderate: Security Fix for Certificate System
Updated CVE security packages are now available for Red Hat Certificate System 9.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Certificate System 9.7 CVE bug fix update Advisory ID: RHSA-2022:7077-01 Product: Red Hat Certificate System Advisory URL: https://access.redhat.com/errata/RHSA-2022:7077 Issue date: 2022-10-24 CVE Names: CVE-2022-2393 ==================================================================== 1. Summary: Updated CVE security packages are now available for Red Hat Certificate System 9.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section 2. Relevant releases/architectures: Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7 - noarch, x86_64 3. Description: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhcs_9.7] [BZ #2111493] For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2101046 -CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field 6. Package List: Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7: Source: pki-core-10.5.18-23.el7pki.src.rpm redhat-pki-theme-10.5.18-15.el7pki.src.rpm noarch: pki-ocsp-10.5.18-23.el7pki.noarch.rpm pki-tks-10.5.18-23.el7pki.noarch.rpm redhat-pki-console-theme-10.5.18-15.el7pki.noarch.rpm redhat-pki-server-theme-10.5.18-15.el7pki.noarch.rpm x86_64: pki-core-debuginfo-10.5.18-23.el7pki.x86_64.rpm pki-tps-10.5.18-23.el7pki.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-2393 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY1ZTUdzjgjWX9erEAQg+lA//ZN5z3MCWmSEwuQ8KUH64XoB3QTNO61ZQ 29uF1hFQwAWPvJvkVanoBtGUHYb99e/lfq9OuEueFQ+6VEA+w8G/P4wVM/MhhQmJ wdBeBMzNY/pl+6LcCxj7f5vEprGER7n0knZ1SoiThbuXGT/t30V9FaznEqft8GPy UG5xQ8teMSW6g5uU07D7EEeqsdwlBIOOFjdIUFK2qol+zjmM7mSFn1VoqBXCjFSS bRJzZ7NuhA11nZELBPLz7gklFo0tIc09bKaoIPOY6lq8sp7Z5jARNqc0YvXaWOMT ai6s2oBn1rQkiWcRFKNO5tGLm+vx3N46yLkZBUVO/xAGaJ1JKF+gtKJPTZ+UDGMx HGVb0OWMbQZxZcRzoEiRCfD19WVHS+dDl0kWAFjD4xHagrG1Crzjx52vnWgdquSn gxoxVL1HzhNfBCmgq1x6IkbCNKNa5Hdd/38a43gKvvoVPH9r5aMA+uExdYmTu1ca 9ORDgc+1KaPOfrA6v8RyYo3rPpnKEiEWhYl8NPlKwMjEfoed+obzRAUwPO7H8/PC WHUcY/b51+EnFuqguFNzXpxe+/Ngp/CFrabLjJjSRp3hX0oI/6RcXzeIXLxG9DHS wXhqSnfhgpneyJXojBPIOJHrZa6A6LR5YNXBcoBx41hnlXL9ceAAICgOsORWgJ4T sQKzMkjHDb8=6fiQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 24, 2022
Red Hat
98
security advisorymoderatesecurity updateRed Hat Certificate System 9.7 RHSA-2021-0947-01 Moderate: pki-core XSS
An update for pki-core and redhat-pki-theme is now available for Red Hat Certificate System 9.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pki-core and redhat-pki-theme security and bug fix update Advisory ID: RHSA-2021:0947-01 Product: Red Hat Certificate System Advisory URL: https://access.redhat.com/errata/RHSA-2021:0947 Issue date: 2021-03-22 CVE Names: CVE-2019-10178 CVE-2019-10180 CVE-2020-1696 ==================================================================== 1. Summary: An update for pki-core and redhat-pki-theme is now available for Red Hat Certificate System 9.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7 - noarch, x86_64 3. Description: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity tab (CVE-2019-10178) * pki-core: unsanitized token parameters in TPS resulting in stored XSS (CVE-2019-10180) * pki-core: Stored XSS in TPS profile creation (CVE-2020-1696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * TPS - Add logging to tdbAddCertificatesForCUID if adding or searching for cert record fails (BZ#1710978) * TPS - Update ErrorCodes returned to client (CIW/ESC) to Match CS8 (BZ#1858860) * TPS - Server side key generation is not working for Identity only tokens - - Missing some commits (BZ#1858861) * TPS does not check token cuid on the user registration record during PIN reset (BZ#1858867) * Update RHCS version of CA, KRA, OCSP, and TKS so that it can be identified using a browser [RHCS 9.7.z BU 2] (BZ#1895104) * Update RHCS version of CA, KRA, OCSP, and TKS so that it can be identified using a browser [RHCS 9.7.z BU 4] (BZ#1914474) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1719042 - CVE-2019-10178 pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity tab 1721137 - CVE-2019-10180 pki-core: unsanitized token parameters in TPS resulting in stored XSS 1780707 - CVE-2020-1696 pki-core: Stored XSS in TPS profile creation 6. Package List: Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7: Source: pki-core-10.5.18-12.el7pki.src.rpm redhat-pki-theme-10.5.18-5.el7pki.src.rpm noarch: pki-ocsp-10.5.18-12.el7pki.noarch.rpm pki-tks-10.5.18-12.el7pki.noarch.rpm redhat-pki-console-theme-10.5.18-5.el7pki.noarch.rpm redhat-pki-server-theme-10.5.18-5.el7pki.noarch.rpm x86_64: pki-core-debuginfo-10.5.18-12.el7pki.x86_64.rpm pki-tps-10.5.18-12.el7pki.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-10178 https://access.redhat.com/security/cve/CVE-2019-10180 https://access.redhat.com/security/cve/CVE-2020-1696 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGPSIGNATURE----- Version: GnuPG v1 iQIVAwUBYFhQ6tzjgjWX9erEAQgznw/8CXabpC7kn8wNVevZQGxeeyLv3s4IJ9ii hxY6ZJuft87FsRlH5dT4tzAhybJN2igQGAL29OjLx6RcNkscJHr+mdKosV1CyTNd dafD7K6LnH3X/b6PKurkfDr8ehv2xpn5Gn5p2kB6x15AceGGPrMJ6WjiYM+J0yYY bAFaRRWbO3G27l4ZNKRSinDTU8cVxnV9olGwRcrHu8T5EdxudcEB6PHTy4dSbgwn H5z5JF92+IbbKiD/FvfW4ryuljb+IIf2EYqDzSmKZd3bGqP7Xt1K6+Sw3K3FzSxn nbdfAiKwMUZLJaKQWZRgwjwP2jYSeGjyMmvzyBk/a+6AsA69F7LlMjQ3jGkt2yst O8miYKURucBY4ghtu/CngtD/wypra2zkTtxDUTMiEc0fSjwI95SPjCcvg3UZQLOE QiKDeTptoyzrL2g4x4SSewIOEfBHEVAFy3S8a6XObGRpKG4dZvZB/tH1U+WqABBC 5z8rxRPWKPFN+4mBGLpp7S4gD2GOn1aoaZoMvPzLYIhVgHWZ+3maoDw6K1uMdl3G TZ6wdfdfPqvlbbmRz4sn7yVOR40dWirpju26qTcPhNquN0AdXiNJZiKkX9GVP9Y0 QegBtc7phSQOKl6jKT/foj592YQLP+j9vMR0Xy6+kbUmGAFC10A3ffRlRwcbpFLw HjTvuM1MjUI=yvFZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 22, 2021
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!