ELSA-2023-2293

ELSA-2023-2293 - pki-core security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2023-05-15

Description


jss
[5.3.0-1]
- Rebase to JSS 5.3.0

[5.3.0-0.3.beta2]
- Rebase to JSS 5.3.0-beta2
- Bug 2017098 - pki pkcs12-cert-add command failing with 'Unable to validate PKCS #12 file: Digests do not match' exception

[5.3.0-0.2.beta1]
- Rebase to JSS 5.3.0-beta1

ldapjdk
[5.3.0-1]
- Rebase to LDAP SDK 5.3.0

[5.3.0-0.2.beta1]
- Rebase to LDAP SDK 5.3.0-beta1

pki-core
[11.3.0-1.0.1]
- Replaced upstream graphical references [Orabug: 33952704]

[11.3.0-1]
- Rebase to PKI 11.3.0
- Bug #2091993 - IdM Install fails on RHEL 8.5 Beta when DISA STIG is applied
- Bug #2122409 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled

[11.3.0-0.2.beta1]
- Rebase to PKI 11.3.0-beta1
- Bug #1849834 - [RFE] Provide EST Responder (RFC 7030)
- Bug #1883477 - [RFE] Automatic expired certificate purging
- Bug #2091999 - Error displayed should be user friendly in case RSNv3 certificate serial number collision
- Bug #2106452 - softhsm2: Unable to create cert: Private key not found
- Bug #2106459 - CVE-2022-2393 pki-core: Improper authentication/authorization with caServerKeygen_DirUserCert profile

[11.2.1-1]
- Rebase to PKI 11.2.1
- Bug #2107336 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.1.0]

[11.2.0-1]
- Rebase to PKI 11.2.0
- Bug #2084639 ipa cert-request ssl error
- Bug #2099312 SKI field is not reflected back in generated CSR
- Bug #2095197 PKI cert-fix operation failing

[11.2.0-0.4.beta3]
- Rebase to PKI 11.2.0-beta3
- Bug #2062808 Drop SHA-1 use from authentication challenges [rhel-9.1.0]

[11.2.0-0.3.beta2]
- Rebase to PKI 11.2.0-beta2
- Rename packages to idm-pki

[11.2.0-0.2.beta1]
- Rebase to PKI 11.2.0-beta1

[11.0.3-1]
- Bug #2033109 Invalid certificates with creation of subCA (pkispawn single step)[rhel-9.0.0]
- Bug #2013141 kra-key-retrieve failed to accept xml input format to generate .p12 key through cli
- Bug #2029838 SHA1withRSA being listed in signing certificates while approving certificate via Agent page in browser

[11.0.1-3]
- Change gcc compiler flags to fix annobin gating failures

[11.0.1-2]
- Rebase to PKI 11.0.1

[11.0.0-1]
- Rebase to PKI 11.0.0

[11.0.0-0.6.beta1]
- Rebase to PKI 11.0.0-beta1
- Bug #1999052 - pki instance creation fails for IPA server

[11.0.0-0.5.alpha1]
- Drop BuildRequires and Requires on glassfish-jaxb-api and jaxb-impl
Resolves #2002594

[11.0.0-0.4.alpha1]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

[11.0.0-0.3]
- Drop sudo dependency

[11.0.0-0.2]
- Resolves: rhbz#1975406 - IPA installation fails during pki-tomcatd setup.

[11.0.0-0.1]
- Rebase to PKI 11.0.0-alpha1

[10.11.0-0.1]
- Rebase to PKI 10.11.0-alpha1

tomcatjss
[8.3.0-1]
- Rebase to Tomcat JSS 8.3.0

[8.3.0-0.2.beta1]
- Rebase to Tomcat JSS 8.3.0-beta1


Related CVEs


CVE-2022-2393

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 9 (aarch64) jss-5.3.0-1.el9.src.rpmf0660c62a8334a4782578e2d42c25e97-
ldapjdk-5.3.0-1.el9.src.rpm2b61645deaaccbd87cc6e675ae82202f-
pki-core-11.3.0-1.0.1.el9.src.rpm5f1bed2508b3b5f56847c710f5b9cf4a-
tomcatjss-8.3.0-1.el9.src.rpma6a5db2ca78cd016920f6d4d367b1d8b-
idm-jss-5.3.0-1.el9.aarch64.rpmfa454860963ed679c502bd5a4e91fd8b-
idm-ldapjdk-5.3.0-1.el9.noarch.rpmc664cb2c2f20ce6b370badac47096557-
idm-pki-acme-11.3.0-1.0.1.el9.noarch.rpm91c17a2b0c99af4049d49df115da7d99-
idm-pki-base-11.3.0-1.0.1.el9.noarch.rpmd77bca01b782bf036b59e1440590bf4b-
idm-pki-ca-11.3.0-1.0.1.el9.noarch.rpmc7ef0336401023e124c5d017a5314823-
idm-pki-est-11.3.0-1.0.1.el9.noarch.rpm28be3cf4dc62565b762551cf40eea87e-
idm-pki-java-11.3.0-1.0.1.el9.noarch.rpmf0a397a4bf80f87fc7e228a0ed626e84-
idm-pki-kra-11.3.0-1.0.1.el9.noarch.rpmbe48ac0ae6795744a623f82484722101-
idm-pki-server-11.3.0-1.0.1.el9.noarch.rpm8898c9af0474ace1717876f66f412275-
idm-pki-tools-11.3.0-1.0.1.el9.aarch64.rpmff68d564ab3067b68acda960665f9927-
idm-tomcatjss-8.3.0-1.el9.noarch.rpm98568aeb31b79c9c3965cd643eef9106-
python3-idm-pki-11.3.0-1.0.1.el9.noarch.rpm083469da5b015816ba780e7b4d84a925-
Oracle Linux 9 (x86_64) jss-5.3.0-1.el9.src.rpmf0660c62a8334a4782578e2d42c25e97-
ldapjdk-5.3.0-1.el9.src.rpm2b61645deaaccbd87cc6e675ae82202f-
pki-core-11.3.0-1.0.1.el9.src.rpm5f1bed2508b3b5f56847c710f5b9cf4a-
tomcatjss-8.3.0-1.el9.src.rpma6a5db2ca78cd016920f6d4d367b1d8b-
idm-jss-5.3.0-1.el9.x86_64.rpma456287a8bb96247c4c4303effae5c1c-
idm-ldapjdk-5.3.0-1.el9.noarch.rpmc664cb2c2f20ce6b370badac47096557-
idm-pki-acme-11.3.0-1.0.1.el9.noarch.rpm91c17a2b0c99af4049d49df115da7d99-
idm-pki-base-11.3.0-1.0.1.el9.noarch.rpmd77bca01b782bf036b59e1440590bf4b-
idm-pki-ca-11.3.0-1.0.1.el9.noarch.rpmc7ef0336401023e124c5d017a5314823-
idm-pki-est-11.3.0-1.0.1.el9.noarch.rpm28be3cf4dc62565b762551cf40eea87e-
idm-pki-java-11.3.0-1.0.1.el9.noarch.rpmf0a397a4bf80f87fc7e228a0ed626e84-
idm-pki-kra-11.3.0-1.0.1.el9.noarch.rpmbe48ac0ae6795744a623f82484722101-
idm-pki-server-11.3.0-1.0.1.el9.noarch.rpm8898c9af0474ace1717876f66f412275-
idm-pki-tools-11.3.0-1.0.1.el9.x86_64.rpm9040325e773aa066d6089995e8d46774-
idm-tomcatjss-8.3.0-1.el9.noarch.rpm98568aeb31b79c9c3965cd643eef9106-
python3-idm-pki-11.3.0-1.0.1.el9.noarch.rpm083469da5b015816ba780e7b4d84a925-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete