ELSA-2021-0851

ULN >
Oracle Linux Errata repository >
ELSA-2021-0851

ELSA-2021-0851 - pki-core security and bug fix update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2021-03-17

Description

[10.5.18-12]
- Change variable 'TPS' to 'tps'
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug 1883639 - Add KRA Transport and Storage Certificates
profiles, audit for IPA (edewata)
- ##########################################################################
- # Backported CVEs (ascheel):
- ##########################################################################
- Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token
parameters in TPS resulting in stored XSS [certificate_system_9-default]
(edewata, ascheel)
- Bugzilla Bug 1725128 - CVE-2019-10178 pki-core: stored Cross-site
scripting (XSS) in the pki-tps web Activity tab
[certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1791100 - CVE-2020-1696 pki-core: Stored XSS in TPS profile
creation [certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1724688 - CVE-2019-10146 pki-core: Reflected Cross-Site
Scripting in 'path length' constraint field in CA's Agent page
[rhel-7.9.z] (dmoluguw, ascheel)
- Bugzilla Bug 1789843 - CVE-2019-10221 pki-core: reflected cross site
scripting in getcookies?url= endpoint in CA [rhel-7.9.z]
(dmoluguw, ascheel)
- Bugzilla Bug 1724713 - CVE-2019-10179 pki-core: pki-core/pki-kra:
Reflected XSS in recoveryID search field at KRA's DRM agent page in
authorize recovery tab [rhel-7.9.z] (ascheel)
- Bugzilla Bug 1798011 - CVE-2020-1721 pki-core: KRA vulnerable to
reflected XSS via the getPk12 page [rhel-7.9.z] (ascheel,jmagne)
- ##########################################################################
- Update to jquery v3.4.1 (ascheel)
- Update to jquery-i18n-properties v1.2.7 (ascheel)
- Update to backbone v1.4.0 (ascheel)
- Upgrade to underscore v1.9.2 (ascheel)
- Update to patternfly v3.59.3 (ascheel)
- Update to jQuery v3.5.1 (ascheel)
- Upgrade to bootstrap v3.4.1 (ascheel)
- Link in new Bootstrap CSS file (ascheel)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and

[10.5.18-11]
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug 1883639 - Add KRA Transport and Storage Certificates
profiles, audit for IPA (edewata)
- ##########################################################################
- # Backported CVEs (ascheel):
- ##########################################################################
- Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token
parameters in TPS resulting in stored XSS [certificate_system_9-default]
(edewata, ascheel)
- Bugzilla Bug 1725128 - CVE-2019-10178 pki-core: stored Cross-site
scripting (XSS) in the pki-tps web Activity tab
[certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1791100 - CVE-2020-1696 pki-core: Stored XSS in TPS profile
creation [certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1724688 - CVE-2019-10146 pki-core: Reflected Cross-Site
Scripting in 'path length' constraint field in CA's Agent page
[rhel-7.9.z] (dmoluguw, ascheel)
- Bugzilla Bug 1789843 - CVE-2019-10221 pki-core: reflected cross site
scripting in getcookies?url= endpoint in CA [rhel-7.9.z]
(dmoluguw, ascheel)
- Bugzilla Bug 1724713 - CVE-2019-10179 pki-core: pki-core/pki-kra:
Reflected XSS in recoveryID search field at KRA's DRM agent page in
authorize recovery tab [rhel-7.9.z] (ascheel)
- Bugzilla Bug 1798011 - CVE-2020-1721 pki-core: KRA vulnerable to
reflected XSS via the getPk12 page [rhel-7.9.z] (ascheel,jmagne)
- ##########################################################################
- Update to jquery v3.4.1 (ascheel)
- Update to jquery-i18n-properties v1.2.7 (ascheel)
- Update to backbone v1.4.0 (ascheel)
- Upgrade to underscore v1.9.2 (ascheel)
- Update to patternfly v3.59.3 (ascheel)
- Update to jQuery v3.5.1 (ascheel)
- Upgrade to bootstrap v3.4.1 (ascheel)
- Link in new Bootstrap CSS file (ascheel)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and

[10.5.18-10]
- Bugzilla Bug #1883639 - additional fix to upgrade script (edewata)

[10.5.18-9]
- Bugzilla Bug #1883639 - additional support on upgrade for audit
cert profile and auditProfileUpgrade + auditProfileUpgrade part 2 (cfu)

[10.5.18-8]
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug #1883639 - add profile caAuditSigningCert (cfu)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- # Bugzilla Bug #1710978 - TPS - Add logging to tdbAddCertificatesForCUID if
- # Bugzilla Bug #1858860 - TPS - Update Error Codes returned to client
- # Bugzilla Bug #1858861 - TPS - Server side key generation is not working
- # Bugzilla Bug #1858867 - TPS does not check token cuid on the user

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	pki-core-10.5.18-12.el7_9.src.rpm	3aeff202b68e0d76a25ea40c81605f02349b340689f03628be92bba6e87d5ce1	ELSA-2024-4222	ol7_aarch64_latest
	pki-core-10.5.18-12.el7_9.src.rpm	3aeff202b68e0d76a25ea40c81605f02349b340689f03628be92bba6e87d5ce1	ELSA-2024-4222	ol7_aarch64_optional_latest
	pki-core-10.5.18-12.el7_9.src.rpm	3aeff202b68e0d76a25ea40c81605f02349b340689f03628be92bba6e87d5ce1	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-base-10.5.18-12.el7_9.noarch.rpm	8007fe34657ba43a95f394e94b20d0fc4e74a8ab04e9ba2e488ee6c591ae2fc8	ELSA-2024-4222	ol7_aarch64_latest
	pki-base-10.5.18-12.el7_9.noarch.rpm	8007fe34657ba43a95f394e94b20d0fc4e74a8ab04e9ba2e488ee6c591ae2fc8	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-base-java-10.5.18-12.el7_9.noarch.rpm	5d2e0a249770bf073333fa5569df5721bf82bc50296f30494d08a82b0c17107f	ELSA-2024-4222	ol7_aarch64_latest
	pki-base-java-10.5.18-12.el7_9.noarch.rpm	5d2e0a249770bf073333fa5569df5721bf82bc50296f30494d08a82b0c17107f	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-ca-10.5.18-12.el7_9.noarch.rpm	e878cf214ed23d20b11186e25ceb3d9d1b985dfcf6cb45a8939d9aed35388f5c	ELSA-2024-4222	ol7_aarch64_latest
	pki-ca-10.5.18-12.el7_9.noarch.rpm	e878cf214ed23d20b11186e25ceb3d9d1b985dfcf6cb45a8939d9aed35388f5c	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-javadoc-10.5.18-12.el7_9.noarch.rpm	e164f86352bdbd56ff6ff91493257c12b546fbe11571cf8d5db762c6f421ee40	ELSA-2024-4222	ol7_aarch64_optional_latest
	pki-kra-10.5.18-12.el7_9.noarch.rpm	332ebd3fa98a9d460176e41af284ac41e67b8b2be57f426fe85ca7fdb5043485	ELSA-2024-4222	ol7_aarch64_latest
	pki-kra-10.5.18-12.el7_9.noarch.rpm	332ebd3fa98a9d460176e41af284ac41e67b8b2be57f426fe85ca7fdb5043485	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-server-10.5.18-12.el7_9.noarch.rpm	99b9f12ecf3f8a4a4a070f5af60b1d624bd78dbffceae7e127b61c532c4b8f38	ELSA-2024-4222	ol7_aarch64_latest
	pki-server-10.5.18-12.el7_9.noarch.rpm	99b9f12ecf3f8a4a4a070f5af60b1d624bd78dbffceae7e127b61c532c4b8f38	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-symkey-10.5.18-12.el7_9.aarch64.rpm	8773dacdde72d28dad5bc79c26982ab8dfd94ffa49692494db61d71a86b1f39a	ELSA-2024-4222	ol7_aarch64_latest
	pki-symkey-10.5.18-12.el7_9.aarch64.rpm	8773dacdde72d28dad5bc79c26982ab8dfd94ffa49692494db61d71a86b1f39a	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-tools-10.5.18-12.el7_9.aarch64.rpm	7b2e91ff62ebfca6904e0b214b1eef51e92f67f758b602ba60a6b23ef2a93fba	ELSA-2024-4222	ol7_aarch64_latest
	pki-tools-10.5.18-12.el7_9.aarch64.rpm	7b2e91ff62ebfca6904e0b214b1eef51e92f67f758b602ba60a6b23ef2a93fba	ELSA-2024-4222	ol7_aarch64_u9_patch

Oracle Linux 7 (x86_64)	pki-core-10.5.18-12.el7_9.src.rpm	3aeff202b68e0d76a25ea40c81605f02349b340689f03628be92bba6e87d5ce1	ELSA-2024-4222	ol7_x86_64_latest
	pki-core-10.5.18-12.el7_9.src.rpm	3aeff202b68e0d76a25ea40c81605f02349b340689f03628be92bba6e87d5ce1	ELSA-2024-4222	ol7_x86_64_optional_latest
	pki-core-10.5.18-12.el7_9.src.rpm	3aeff202b68e0d76a25ea40c81605f02349b340689f03628be92bba6e87d5ce1	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-base-10.5.18-12.el7_9.noarch.rpm	8007fe34657ba43a95f394e94b20d0fc4e74a8ab04e9ba2e488ee6c591ae2fc8	ELSA-2024-4222	ol7_x86_64_latest
	pki-base-10.5.18-12.el7_9.noarch.rpm	8007fe34657ba43a95f394e94b20d0fc4e74a8ab04e9ba2e488ee6c591ae2fc8	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-base-java-10.5.18-12.el7_9.noarch.rpm	5d2e0a249770bf073333fa5569df5721bf82bc50296f30494d08a82b0c17107f	ELSA-2024-4222	ol7_x86_64_latest
	pki-base-java-10.5.18-12.el7_9.noarch.rpm	5d2e0a249770bf073333fa5569df5721bf82bc50296f30494d08a82b0c17107f	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-ca-10.5.18-12.el7_9.noarch.rpm	e878cf214ed23d20b11186e25ceb3d9d1b985dfcf6cb45a8939d9aed35388f5c	ELSA-2024-4222	ol7_x86_64_latest
	pki-ca-10.5.18-12.el7_9.noarch.rpm	e878cf214ed23d20b11186e25ceb3d9d1b985dfcf6cb45a8939d9aed35388f5c	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-javadoc-10.5.18-12.el7_9.noarch.rpm	e164f86352bdbd56ff6ff91493257c12b546fbe11571cf8d5db762c6f421ee40	ELSA-2024-4222	ol7_x86_64_optional_latest
	pki-kra-10.5.18-12.el7_9.noarch.rpm	332ebd3fa98a9d460176e41af284ac41e67b8b2be57f426fe85ca7fdb5043485	ELSA-2024-4222	ol7_x86_64_latest
	pki-kra-10.5.18-12.el7_9.noarch.rpm	332ebd3fa98a9d460176e41af284ac41e67b8b2be57f426fe85ca7fdb5043485	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-server-10.5.18-12.el7_9.noarch.rpm	99b9f12ecf3f8a4a4a070f5af60b1d624bd78dbffceae7e127b61c532c4b8f38	ELSA-2024-4222	ol7_x86_64_latest
	pki-server-10.5.18-12.el7_9.noarch.rpm	99b9f12ecf3f8a4a4a070f5af60b1d624bd78dbffceae7e127b61c532c4b8f38	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-symkey-10.5.18-12.el7_9.x86_64.rpm	5567985216b9bf40d26c14f88b342f807a04c2e92e2b9fd71e84689dcb78e146	ELSA-2024-4222	ol7_x86_64_latest
	pki-symkey-10.5.18-12.el7_9.x86_64.rpm	5567985216b9bf40d26c14f88b342f807a04c2e92e2b9fd71e84689dcb78e146	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-tools-10.5.18-12.el7_9.x86_64.rpm	3f1d0a05690934de5a23a80f2291718e65157be3511460be4acfb55f3f6a8435	ELSA-2024-4222	ol7_x86_64_latest
	pki-tools-10.5.18-12.el7_9.x86_64.rpm	3f1d0a05690934de5a23a80f2291718e65157be3511460be4acfb55f3f6a8435	ELSA-2024-4222	ol7_x86_64_u9_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691