ELSA-2022-7086

ELSA-2022-7086 - pki-core security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2022-10-24

Description

[10.5.18-23]
- ##########################################################################
- # RHEL 7.9 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
- ##########################################################################
- # RHCS 9.7 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [certificate_system_9.7.z]
(ckelley, mharmsen)
- Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)

[10.5.18-22]
- ##########################################################################
- # RHEL 7.9 (Batch Update 17):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
- ##########################################################################
- # RHCS 9.7 (Batch Update 17):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [certificate_system_9.7.z]
(ckelley, mharmsen)
- Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)

Related CVEs

CVE-2022-2393

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 7 (aarch64)	pki-core-10.5.18-23.el7_9.src.rpm	13a98b7419048459b846a21c0b9292ef	-
	pki-base-10.5.18-23.el7_9.noarch.rpm	e71eb2481bd59e97637bb23261cefbd5	-
	pki-base-java-10.5.18-23.el7_9.noarch.rpm	528ed9c71a193cef94245ec0b0e4bcea	-
	pki-ca-10.5.18-23.el7_9.noarch.rpm	dd614de8e2b808d9f1e10a35d6d0da12	-
	pki-javadoc-10.5.18-23.el7_9.noarch.rpm	7233e89ddc5fd21dfa576d4ef1075724	-
	pki-kra-10.5.18-23.el7_9.noarch.rpm	43832b191008fc134e84dde7ed22883c	-
	pki-server-10.5.18-23.el7_9.noarch.rpm	a757aec338b183881cdbce8accdd2d04	-
	pki-symkey-10.5.18-23.el7_9.aarch64.rpm	7ed948334ddff6efaf007dfcbe946dfa	-
	pki-tools-10.5.18-23.el7_9.aarch64.rpm	86de058844f0733c8e2975b390f16cb0	-
Oracle Linux 7 (x86_64)	pki-core-10.5.18-23.el7_9.src.rpm	13a98b7419048459b846a21c0b9292ef	-
	pki-base-10.5.18-23.el7_9.noarch.rpm	e71eb2481bd59e97637bb23261cefbd5	-
	pki-base-java-10.5.18-23.el7_9.noarch.rpm	528ed9c71a193cef94245ec0b0e4bcea	-
	pki-ca-10.5.18-23.el7_9.noarch.rpm	dd614de8e2b808d9f1e10a35d6d0da12	-
	pki-javadoc-10.5.18-23.el7_9.noarch.rpm	7233e89ddc5fd21dfa576d4ef1075724	-
	pki-kra-10.5.18-23.el7_9.noarch.rpm	43832b191008fc134e84dde7ed22883c	-
	pki-server-10.5.18-23.el7_9.noarch.rpm	a757aec338b183881cdbce8accdd2d04	-
	pki-symkey-10.5.18-23.el7_9.x86_64.rpm	5c108f649a95e1a5903cff24ad2c5a4e	-
	pki-tools-10.5.18-23.el7_9.x86_64.rpm	a4a492f89e84797d96f88dc7e4e9f0d8	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team