ELSA-2023-2293

ULN >
Oracle Linux Errata repository >
ELSA-2023-2293

ELSA-2023-2293 - pki-core security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2023-05-15

Description

jss
[5.3.0-1]
- Rebase to JSS 5.3.0

[5.3.0-0.3.beta2]
- Rebase to JSS 5.3.0-beta2
- Bug 2017098 - pki pkcs12-cert-add command failing with 'Unable to validate PKCS #12 file: Digests do not match' exception

[5.3.0-0.2.beta1]
- Rebase to JSS 5.3.0-beta1

ldapjdk
[5.3.0-1]
- Rebase to LDAP SDK 5.3.0

[5.3.0-0.2.beta1]
- Rebase to LDAP SDK 5.3.0-beta1

pki-core
[11.3.0-1.0.1]
- Replaced upstream graphical references [Orabug: 33952704]

[11.3.0-1]
- Rebase to PKI 11.3.0
- Bug #2091993 - IdM Install fails on RHEL 8.5 Beta when DISA STIG is applied
- Bug #2122409 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled

[11.3.0-0.2.beta1]
- Rebase to PKI 11.3.0-beta1
- Bug #1849834 - [RFE] Provide EST Responder (RFC 7030)
- Bug #1883477 - [RFE] Automatic expired certificate purging
- Bug #2091999 - Error displayed should be user friendly in case RSNv3 certificate serial number collision
- Bug #2106452 - softhsm2: Unable to create cert: Private key not found
- Bug #2106459 - CVE-2022-2393 pki-core: Improper authentication/authorization with caServerKeygen_DirUserCert profile

[11.2.1-1]
- Rebase to PKI 11.2.1
- Bug #2107336 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.1.0]

[11.2.0-1]
- Rebase to PKI 11.2.0
- Bug #2084639 ipa cert-request ssl error
- Bug #2099312 SKI field is not reflected back in generated CSR
- Bug #2095197 PKI cert-fix operation failing

[11.2.0-0.4.beta3]
- Rebase to PKI 11.2.0-beta3
- Bug #2062808 Drop SHA-1 use from authentication challenges [rhel-9.1.0]

[11.2.0-0.3.beta2]
- Rebase to PKI 11.2.0-beta2
- Rename packages to idm-pki

[11.2.0-0.2.beta1]
- Rebase to PKI 11.2.0-beta1

[11.0.3-1]
- Bug #2033109 Invalid certificates with creation of subCA (pkispawn single step)[rhel-9.0.0]
- Bug #2013141 kra-key-retrieve failed to accept xml input format to generate .p12 key through cli
- Bug #2029838 SHA1withRSA being listed in signing certificates while approving certificate via Agent page in browser

[11.0.1-3]
- Change gcc compiler flags to fix annobin gating failures

[11.0.1-2]
- Rebase to PKI 11.0.1

[11.0.0-1]
- Rebase to PKI 11.0.0

[11.0.0-0.6.beta1]
- Rebase to PKI 11.0.0-beta1
- Bug #1999052 - pki instance creation fails for IPA server

[11.0.0-0.5.alpha1]
- Drop BuildRequires and Requires on glassfish-jaxb-api and jaxb-impl
Resolves #2002594

[11.0.0-0.4.alpha1]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

[11.0.0-0.3]
- Drop sudo dependency

[11.0.0-0.2]
- Resolves: rhbz#1975406 - IPA installation fails during pki-tomcatd setup.

[11.0.0-0.1]
- Rebase to PKI 11.0.0-alpha1

[10.11.0-0.1]
- Rebase to PKI 10.11.0-alpha1

tomcatjss
[8.3.0-1]
- Rebase to Tomcat JSS 8.3.0

[8.3.0-0.2.beta1]
- Rebase to Tomcat JSS 8.3.0-beta1

Related CVEs

CVE-2022-2393

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	jss-5.3.0-1.el9.src.rpm	85275aed2268c45bc74f7a53d41b3283c3a8e001f25878bd7a0f492c1e9f2c0a	-	ol9_aarch64_appstream
	jss-5.3.0-1.el9.src.rpm	85275aed2268c45bc74f7a53d41b3283c3a8e001f25878bd7a0f492c1e9f2c0a	-	ol9_aarch64_appstream_developer
	ldapjdk-5.3.0-1.el9.src.rpm	4a58b6803dca7c8d1a37784f902e800c8dbfb18f2b5fb6841f79c83a99d111be	-	ol9_aarch64_appstream
	ldapjdk-5.3.0-1.el9.src.rpm	4a58b6803dca7c8d1a37784f902e800c8dbfb18f2b5fb6841f79c83a99d111be	-	ol9_aarch64_appstream_developer
	pki-core-11.3.0-1.0.1.el9.src.rpm	f9ff1161913f160fe94f1edda5d8cf8d367398485558365943198c72f14a1c45	-	ol9_aarch64_appstream
	pki-core-11.3.0-1.0.1.el9.src.rpm	f9ff1161913f160fe94f1edda5d8cf8d367398485558365943198c72f14a1c45	-	ol9_aarch64_appstream_developer
	tomcatjss-8.3.0-1.el9.src.rpm	5efefebbc7797f02a5c26fa18961598ea9a87ac49ee3580080ca87d072a8bd99	-	ol9_aarch64_appstream
	tomcatjss-8.3.0-1.el9.src.rpm	5efefebbc7797f02a5c26fa18961598ea9a87ac49ee3580080ca87d072a8bd99	-	ol9_aarch64_appstream_developer
	idm-jss-5.3.0-1.el9.aarch64.rpm	1c04421423a57d0df23ad2cbda0ecb589c42387fc8b8810b6c3d447f8751622f	-	ol9_aarch64_appstream
	idm-jss-5.3.0-1.el9.aarch64.rpm	1c04421423a57d0df23ad2cbda0ecb589c42387fc8b8810b6c3d447f8751622f	-	ol9_aarch64_appstream_developer
	idm-ldapjdk-5.3.0-1.el9.noarch.rpm	c1df9b2e7e8dfc3a04b731e217e585c78c50f7c7135211cbacff4da3296abb46	-	ol9_aarch64_appstream
	idm-ldapjdk-5.3.0-1.el9.noarch.rpm	c1df9b2e7e8dfc3a04b731e217e585c78c50f7c7135211cbacff4da3296abb46	-	ol9_aarch64_appstream_developer
	idm-pki-acme-11.3.0-1.0.1.el9.noarch.rpm	c303530c1048ab0d7826e7047f67e490cef761ce2ed76c5c3fdc31f2c9b1e121	-	ol9_aarch64_appstream
	idm-pki-acme-11.3.0-1.0.1.el9.noarch.rpm	c303530c1048ab0d7826e7047f67e490cef761ce2ed76c5c3fdc31f2c9b1e121	-	ol9_aarch64_appstream_developer
	idm-pki-base-11.3.0-1.0.1.el9.noarch.rpm	c3a607c73a0f8c0a67c6856a7ebd13a04b81969023e159bc36aba15772e0fb9d	-	ol9_aarch64_appstream
	idm-pki-base-11.3.0-1.0.1.el9.noarch.rpm	c3a607c73a0f8c0a67c6856a7ebd13a04b81969023e159bc36aba15772e0fb9d	-	ol9_aarch64_appstream_developer
	idm-pki-ca-11.3.0-1.0.1.el9.noarch.rpm	af53f67a5094d276a009c6f252f2ffce69def3e4bcfe95befe42dfad250e20db	-	ol9_aarch64_appstream
	idm-pki-ca-11.3.0-1.0.1.el9.noarch.rpm	af53f67a5094d276a009c6f252f2ffce69def3e4bcfe95befe42dfad250e20db	-	ol9_aarch64_appstream_developer
	idm-pki-est-11.3.0-1.0.1.el9.noarch.rpm	efae2537afca89d9f4896a908810b14d41f5b7197eb0c733d758a38a6de81a0b	-	ol9_aarch64_appstream
	idm-pki-est-11.3.0-1.0.1.el9.noarch.rpm	efae2537afca89d9f4896a908810b14d41f5b7197eb0c733d758a38a6de81a0b	-	ol9_aarch64_appstream_developer
	idm-pki-java-11.3.0-1.0.1.el9.noarch.rpm	bd3eb9fa067a3927687aa74d2de78f391458a63037a1fac56e9136ab56f7cfca	-	ol9_aarch64_appstream
	idm-pki-java-11.3.0-1.0.1.el9.noarch.rpm	bd3eb9fa067a3927687aa74d2de78f391458a63037a1fac56e9136ab56f7cfca	-	ol9_aarch64_appstream_developer
	idm-pki-kra-11.3.0-1.0.1.el9.noarch.rpm	adf36f8d933cc668a49f38a1a50599b3cb6e10ee7c070823b791195908e12d54	-	ol9_aarch64_appstream
	idm-pki-kra-11.3.0-1.0.1.el9.noarch.rpm	adf36f8d933cc668a49f38a1a50599b3cb6e10ee7c070823b791195908e12d54	-	ol9_aarch64_appstream_developer
	idm-pki-server-11.3.0-1.0.1.el9.noarch.rpm	0113f93ae8d854104bd548c7d79d6543489309eda224592de90f05b4b2139e48	-	ol9_aarch64_appstream
	idm-pki-server-11.3.0-1.0.1.el9.noarch.rpm	0113f93ae8d854104bd548c7d79d6543489309eda224592de90f05b4b2139e48	-	ol9_aarch64_appstream_developer
	idm-pki-tools-11.3.0-1.0.1.el9.aarch64.rpm	b76e0ad4b1957c4e62ead626050f7629c2ea7c4034821e59c18eba6f8fce6209	-	ol9_aarch64_appstream
	idm-pki-tools-11.3.0-1.0.1.el9.aarch64.rpm	b76e0ad4b1957c4e62ead626050f7629c2ea7c4034821e59c18eba6f8fce6209	-	ol9_aarch64_appstream_developer
	idm-tomcatjss-8.3.0-1.el9.noarch.rpm	262b47c5d8b65efea0419c3782cce6a6d9cf163665c32498c983175627d76e32	-	ol9_aarch64_appstream
	idm-tomcatjss-8.3.0-1.el9.noarch.rpm	262b47c5d8b65efea0419c3782cce6a6d9cf163665c32498c983175627d76e32	-	ol9_aarch64_appstream_developer
	python3-idm-pki-11.3.0-1.0.1.el9.noarch.rpm	a8d91b9a62786a0640dd51ea56212718db24f07873549cda6b21f277003f6f73	-	ol9_aarch64_appstream
	python3-idm-pki-11.3.0-1.0.1.el9.noarch.rpm	a8d91b9a62786a0640dd51ea56212718db24f07873549cda6b21f277003f6f73	-	ol9_aarch64_appstream_developer

Oracle Linux 9 (x86_64)	jss-5.3.0-1.el9.src.rpm	85275aed2268c45bc74f7a53d41b3283c3a8e001f25878bd7a0f492c1e9f2c0a	-	ol9_x86_64_appstream
	jss-5.3.0-1.el9.src.rpm	85275aed2268c45bc74f7a53d41b3283c3a8e001f25878bd7a0f492c1e9f2c0a	-	ol9_x86_64_appstream_developer
	ldapjdk-5.3.0-1.el9.src.rpm	4a58b6803dca7c8d1a37784f902e800c8dbfb18f2b5fb6841f79c83a99d111be	-	ol9_x86_64_appstream
	ldapjdk-5.3.0-1.el9.src.rpm	4a58b6803dca7c8d1a37784f902e800c8dbfb18f2b5fb6841f79c83a99d111be	-	ol9_x86_64_appstream_developer
	pki-core-11.3.0-1.0.1.el9.src.rpm	f9ff1161913f160fe94f1edda5d8cf8d367398485558365943198c72f14a1c45	-	ol9_x86_64_appstream
	pki-core-11.3.0-1.0.1.el9.src.rpm	f9ff1161913f160fe94f1edda5d8cf8d367398485558365943198c72f14a1c45	-	ol9_x86_64_appstream_developer
	tomcatjss-8.3.0-1.el9.src.rpm	5efefebbc7797f02a5c26fa18961598ea9a87ac49ee3580080ca87d072a8bd99	-	ol9_x86_64_appstream
	tomcatjss-8.3.0-1.el9.src.rpm	5efefebbc7797f02a5c26fa18961598ea9a87ac49ee3580080ca87d072a8bd99	-	ol9_x86_64_appstream_developer
	idm-jss-5.3.0-1.el9.x86_64.rpm	41a90eec6bd04dd619069ba643e1515f20011974ecb99e0af6f81322488a98ef	-	ol9_x86_64_appstream
	idm-jss-5.3.0-1.el9.x86_64.rpm	41a90eec6bd04dd619069ba643e1515f20011974ecb99e0af6f81322488a98ef	-	ol9_x86_64_appstream_developer
	idm-ldapjdk-5.3.0-1.el9.noarch.rpm	c1df9b2e7e8dfc3a04b731e217e585c78c50f7c7135211cbacff4da3296abb46	-	ol9_x86_64_appstream
	idm-ldapjdk-5.3.0-1.el9.noarch.rpm	c1df9b2e7e8dfc3a04b731e217e585c78c50f7c7135211cbacff4da3296abb46	-	ol9_x86_64_appstream_developer
	idm-pki-acme-11.3.0-1.0.1.el9.noarch.rpm	c303530c1048ab0d7826e7047f67e490cef761ce2ed76c5c3fdc31f2c9b1e121	-	ol9_x86_64_appstream
	idm-pki-acme-11.3.0-1.0.1.el9.noarch.rpm	c303530c1048ab0d7826e7047f67e490cef761ce2ed76c5c3fdc31f2c9b1e121	-	ol9_x86_64_appstream_developer
	idm-pki-base-11.3.0-1.0.1.el9.noarch.rpm	c3a607c73a0f8c0a67c6856a7ebd13a04b81969023e159bc36aba15772e0fb9d	-	ol9_x86_64_appstream
	idm-pki-base-11.3.0-1.0.1.el9.noarch.rpm	c3a607c73a0f8c0a67c6856a7ebd13a04b81969023e159bc36aba15772e0fb9d	-	ol9_x86_64_appstream_developer
	idm-pki-ca-11.3.0-1.0.1.el9.noarch.rpm	af53f67a5094d276a009c6f252f2ffce69def3e4bcfe95befe42dfad250e20db	-	ol9_x86_64_appstream
	idm-pki-ca-11.3.0-1.0.1.el9.noarch.rpm	af53f67a5094d276a009c6f252f2ffce69def3e4bcfe95befe42dfad250e20db	-	ol9_x86_64_appstream_developer
	idm-pki-est-11.3.0-1.0.1.el9.noarch.rpm	efae2537afca89d9f4896a908810b14d41f5b7197eb0c733d758a38a6de81a0b	-	ol9_x86_64_appstream
	idm-pki-est-11.3.0-1.0.1.el9.noarch.rpm	efae2537afca89d9f4896a908810b14d41f5b7197eb0c733d758a38a6de81a0b	-	ol9_x86_64_appstream_developer
	idm-pki-java-11.3.0-1.0.1.el9.noarch.rpm	bd3eb9fa067a3927687aa74d2de78f391458a63037a1fac56e9136ab56f7cfca	-	ol9_x86_64_appstream
	idm-pki-java-11.3.0-1.0.1.el9.noarch.rpm	bd3eb9fa067a3927687aa74d2de78f391458a63037a1fac56e9136ab56f7cfca	-	ol9_x86_64_appstream_developer
	idm-pki-kra-11.3.0-1.0.1.el9.noarch.rpm	adf36f8d933cc668a49f38a1a50599b3cb6e10ee7c070823b791195908e12d54	-	ol9_x86_64_appstream
	idm-pki-kra-11.3.0-1.0.1.el9.noarch.rpm	adf36f8d933cc668a49f38a1a50599b3cb6e10ee7c070823b791195908e12d54	-	ol9_x86_64_appstream_developer
	idm-pki-server-11.3.0-1.0.1.el9.noarch.rpm	0113f93ae8d854104bd548c7d79d6543489309eda224592de90f05b4b2139e48	-	ol9_x86_64_appstream
	idm-pki-server-11.3.0-1.0.1.el9.noarch.rpm	0113f93ae8d854104bd548c7d79d6543489309eda224592de90f05b4b2139e48	-	ol9_x86_64_appstream_developer
	idm-pki-tools-11.3.0-1.0.1.el9.x86_64.rpm	2f49d1c8047961dcbfd7efd25d6d6885650d8bfb899e065e4d9bb8bfd1e30a3f	-	ol9_x86_64_appstream
	idm-pki-tools-11.3.0-1.0.1.el9.x86_64.rpm	2f49d1c8047961dcbfd7efd25d6d6885650d8bfb899e065e4d9bb8bfd1e30a3f	-	ol9_x86_64_appstream_developer
	idm-tomcatjss-8.3.0-1.el9.noarch.rpm	262b47c5d8b65efea0419c3782cce6a6d9cf163665c32498c983175627d76e32	-	ol9_x86_64_appstream
	idm-tomcatjss-8.3.0-1.el9.noarch.rpm	262b47c5d8b65efea0419c3782cce6a6d9cf163665c32498c983175627d76e32	-	ol9_x86_64_appstream_developer
	python3-idm-pki-11.3.0-1.0.1.el9.noarch.rpm	a8d91b9a62786a0640dd51ea56212718db24f07873549cda6b21f277003f6f73	-	ol9_x86_64_appstream
	python3-idm-pki-11.3.0-1.0.1.el9.noarch.rpm	a8d91b9a62786a0640dd51ea56212718db24f07873549cda6b21f277003f6f73	-	ol9_x86_64_appstream_developer

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691