ELSA-2022-7086

ULN >
Oracle Linux Errata repository >
ELSA-2022-7086

ELSA-2022-7086 - pki-core security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2022-10-24

Description

[10.5.18-23]
- ##########################################################################
- # RHEL 7.9 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
- ##########################################################################
- # RHCS 9.7 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [certificate_system_9.7.z]
(ckelley, mharmsen)
- Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)

[10.5.18-22]
- ##########################################################################
- # RHEL 7.9 (Batch Update 17):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
- ##########################################################################
- # RHCS 9.7 (Batch Update 17):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [certificate_system_9.7.z]
(ckelley, mharmsen)
- Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)

Related CVEs

CVE-2022-2393

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (aarch64)	pki-core-10.5.18-23.el7_9.src.rpm	052a51696fcea7006f9bfcab10f9419702fd644e77724701c8fcfe76c910a4d1	ELSA-2024-4222	ol7_aarch64_latest
	pki-core-10.5.18-23.el7_9.src.rpm	052a51696fcea7006f9bfcab10f9419702fd644e77724701c8fcfe76c910a4d1	ELSA-2024-4222	ol7_aarch64_optional_latest
	pki-core-10.5.18-23.el7_9.src.rpm	052a51696fcea7006f9bfcab10f9419702fd644e77724701c8fcfe76c910a4d1	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-base-10.5.18-23.el7_9.noarch.rpm	b28099ce6e24f1f04ea74d3c1d5dafa8266a73868945bd8f36ba9d056ed0859a	ELSA-2024-4222	ol7_aarch64_latest
	pki-base-10.5.18-23.el7_9.noarch.rpm	b28099ce6e24f1f04ea74d3c1d5dafa8266a73868945bd8f36ba9d056ed0859a	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-base-java-10.5.18-23.el7_9.noarch.rpm	99259db4f0e2ea4d3ca57bfc565068e24df227e1bf625a48df451b8732ea8580	ELSA-2024-4222	ol7_aarch64_latest
	pki-base-java-10.5.18-23.el7_9.noarch.rpm	99259db4f0e2ea4d3ca57bfc565068e24df227e1bf625a48df451b8732ea8580	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-ca-10.5.18-23.el7_9.noarch.rpm	5c0e3691b182d7b2ec45670a0160fed8f7956b5961ab1c03dfb72b7916eaf92f	ELSA-2024-4222	ol7_aarch64_latest
	pki-ca-10.5.18-23.el7_9.noarch.rpm	5c0e3691b182d7b2ec45670a0160fed8f7956b5961ab1c03dfb72b7916eaf92f	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-javadoc-10.5.18-23.el7_9.noarch.rpm	33f81bd6459f7188f81ac6c25ac391db01e2123a8139ea81bc0fe7305469bdd9	ELSA-2024-4222	ol7_aarch64_optional_latest
	pki-kra-10.5.18-23.el7_9.noarch.rpm	af2db6e7f49e0a889028e3b9b3bad0fd67bfd51f0f4aa89be151e016decb2ed4	ELSA-2024-4222	ol7_aarch64_latest
	pki-kra-10.5.18-23.el7_9.noarch.rpm	af2db6e7f49e0a889028e3b9b3bad0fd67bfd51f0f4aa89be151e016decb2ed4	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-server-10.5.18-23.el7_9.noarch.rpm	52e3319b79331dd470ce8d2984e16e6e0b9418c4a1c87faa9299fbf69e342309	ELSA-2024-4222	ol7_aarch64_latest
	pki-server-10.5.18-23.el7_9.noarch.rpm	52e3319b79331dd470ce8d2984e16e6e0b9418c4a1c87faa9299fbf69e342309	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-symkey-10.5.18-23.el7_9.aarch64.rpm	16d75fcc9e0b274deebef9de4d08d671d11555c2b47aa7df90f8dfdd8039caf3	ELSA-2024-4222	ol7_aarch64_latest
	pki-symkey-10.5.18-23.el7_9.aarch64.rpm	16d75fcc9e0b274deebef9de4d08d671d11555c2b47aa7df90f8dfdd8039caf3	ELSA-2024-4222	ol7_aarch64_u9_patch
	pki-tools-10.5.18-23.el7_9.aarch64.rpm	0cfbaa76aefd2bccf4487759a9425694f0799602ec31ead719b6106b64fe1ae4	ELSA-2024-4222	ol7_aarch64_latest
	pki-tools-10.5.18-23.el7_9.aarch64.rpm	0cfbaa76aefd2bccf4487759a9425694f0799602ec31ead719b6106b64fe1ae4	ELSA-2024-4222	ol7_aarch64_u9_patch

Oracle Linux 7 (x86_64)	pki-core-10.5.18-23.el7_9.src.rpm	052a51696fcea7006f9bfcab10f9419702fd644e77724701c8fcfe76c910a4d1	ELSA-2024-4222	ol7_x86_64_latest
	pki-core-10.5.18-23.el7_9.src.rpm	052a51696fcea7006f9bfcab10f9419702fd644e77724701c8fcfe76c910a4d1	ELSA-2024-4222	ol7_x86_64_optional_latest
	pki-core-10.5.18-23.el7_9.src.rpm	052a51696fcea7006f9bfcab10f9419702fd644e77724701c8fcfe76c910a4d1	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-base-10.5.18-23.el7_9.noarch.rpm	b28099ce6e24f1f04ea74d3c1d5dafa8266a73868945bd8f36ba9d056ed0859a	ELSA-2024-4222	ol7_x86_64_latest
	pki-base-10.5.18-23.el7_9.noarch.rpm	b28099ce6e24f1f04ea74d3c1d5dafa8266a73868945bd8f36ba9d056ed0859a	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-base-java-10.5.18-23.el7_9.noarch.rpm	99259db4f0e2ea4d3ca57bfc565068e24df227e1bf625a48df451b8732ea8580	ELSA-2024-4222	ol7_x86_64_latest
	pki-base-java-10.5.18-23.el7_9.noarch.rpm	99259db4f0e2ea4d3ca57bfc565068e24df227e1bf625a48df451b8732ea8580	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-ca-10.5.18-23.el7_9.noarch.rpm	5c0e3691b182d7b2ec45670a0160fed8f7956b5961ab1c03dfb72b7916eaf92f	ELSA-2024-4222	ol7_x86_64_latest
	pki-ca-10.5.18-23.el7_9.noarch.rpm	5c0e3691b182d7b2ec45670a0160fed8f7956b5961ab1c03dfb72b7916eaf92f	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-javadoc-10.5.18-23.el7_9.noarch.rpm	33f81bd6459f7188f81ac6c25ac391db01e2123a8139ea81bc0fe7305469bdd9	ELSA-2024-4222	ol7_x86_64_optional_latest
	pki-kra-10.5.18-23.el7_9.noarch.rpm	af2db6e7f49e0a889028e3b9b3bad0fd67bfd51f0f4aa89be151e016decb2ed4	ELSA-2024-4222	ol7_x86_64_latest
	pki-kra-10.5.18-23.el7_9.noarch.rpm	af2db6e7f49e0a889028e3b9b3bad0fd67bfd51f0f4aa89be151e016decb2ed4	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-server-10.5.18-23.el7_9.noarch.rpm	52e3319b79331dd470ce8d2984e16e6e0b9418c4a1c87faa9299fbf69e342309	ELSA-2024-4222	ol7_x86_64_latest
	pki-server-10.5.18-23.el7_9.noarch.rpm	52e3319b79331dd470ce8d2984e16e6e0b9418c4a1c87faa9299fbf69e342309	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-symkey-10.5.18-23.el7_9.x86_64.rpm	98c25ea385fb42a5097886c32b23c4ef470f16c2aa2657047aa549d77d48df6f	ELSA-2024-4222	ol7_x86_64_latest
	pki-symkey-10.5.18-23.el7_9.x86_64.rpm	98c25ea385fb42a5097886c32b23c4ef470f16c2aa2657047aa549d77d48df6f	ELSA-2024-4222	ol7_x86_64_u9_patch
	pki-tools-10.5.18-23.el7_9.x86_64.rpm	7a18221aa20d9d2ef475c9e7229ef9392b68b9079f27c8bef09777d527825b23	ELSA-2024-4222	ol7_x86_64_latest
	pki-tools-10.5.18-23.el7_9.x86_64.rpm	7a18221aa20d9d2ef475c9e7229ef9392b68b9079f27c8bef09777d527825b23	ELSA-2024-4222	ol7_x86_64_u9_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691