ELSA-2024-4222
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-4222
ELSA-2024-4222 - pki-core security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2024-07-02 |
Description
[10.5.18-32]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.4):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.4):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-31]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.3):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.3):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-30]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-29]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.1):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.1):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-28]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
Related CVEs
| CVE-2023-4727 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (aarch64) | pki-core-10.5.18-32.el7_9.src.rpm | 23e49a5ac9139d15d21bab209b2d01d05eadd840a633e4dbc074992f9077e7f7 | - | ol7_aarch64_latest |
| pki-core-10.5.18-32.el7_9.src.rpm | 23e49a5ac9139d15d21bab209b2d01d05eadd840a633e4dbc074992f9077e7f7 | - | ol7_aarch64_optional_latest | |
| pki-core-10.5.18-32.el7_9.src.rpm | 23e49a5ac9139d15d21bab209b2d01d05eadd840a633e4dbc074992f9077e7f7 | - | ol7_aarch64_u9_patch | |
| pki-base-10.5.18-32.el7_9.noarch.rpm | ddae634d251dbc2342e0695442d4f43f0924d3ec806fde5ab854b82a81ac696a | - | ol7_aarch64_latest | |
| pki-base-10.5.18-32.el7_9.noarch.rpm | ddae634d251dbc2342e0695442d4f43f0924d3ec806fde5ab854b82a81ac696a | - | ol7_aarch64_u9_patch | |
| pki-base-java-10.5.18-32.el7_9.noarch.rpm | 90beb4624a1f352b14e2e15342c9ebebf6b15c32ecd743f087e6c0c9d170b70c | - | ol7_aarch64_latest | |
| pki-base-java-10.5.18-32.el7_9.noarch.rpm | 90beb4624a1f352b14e2e15342c9ebebf6b15c32ecd743f087e6c0c9d170b70c | - | ol7_aarch64_u9_patch | |
| pki-ca-10.5.18-32.el7_9.noarch.rpm | 97e6d7a846973ba50201c6ffce1267fb33ed25d8a5d86a8b10707a8bad244fd9 | - | ol7_aarch64_latest | |
| pki-ca-10.5.18-32.el7_9.noarch.rpm | 97e6d7a846973ba50201c6ffce1267fb33ed25d8a5d86a8b10707a8bad244fd9 | - | ol7_aarch64_u9_patch | |
| pki-javadoc-10.5.18-32.el7_9.noarch.rpm | 3c13ee0c6a9b469bac1ba6798e1ef93b3e1944d08df86d60c3d54610b6cd09a1 | - | ol7_aarch64_optional_latest | |
| pki-kra-10.5.18-32.el7_9.noarch.rpm | 2e3f80510b2f94ac7e4d517f2d78e1e698bfd117bc6cd77bf0b0dd18aae4c608 | - | ol7_aarch64_latest | |
| pki-kra-10.5.18-32.el7_9.noarch.rpm | 2e3f80510b2f94ac7e4d517f2d78e1e698bfd117bc6cd77bf0b0dd18aae4c608 | - | ol7_aarch64_u9_patch | |
| pki-server-10.5.18-32.el7_9.noarch.rpm | 15a8518f518c4dcbb14a3230bb8932deca1e8e483cda6c41045528638b0be814 | - | ol7_aarch64_latest | |
| pki-server-10.5.18-32.el7_9.noarch.rpm | 15a8518f518c4dcbb14a3230bb8932deca1e8e483cda6c41045528638b0be814 | - | ol7_aarch64_u9_patch | |
| pki-symkey-10.5.18-32.el7_9.aarch64.rpm | 0203969c3313a56cdd86c047dfa8bcc23285515b9898de0e11507894048e55a4 | - | ol7_aarch64_latest | |
| pki-symkey-10.5.18-32.el7_9.aarch64.rpm | 0203969c3313a56cdd86c047dfa8bcc23285515b9898de0e11507894048e55a4 | - | ol7_aarch64_u9_patch | |
| pki-tools-10.5.18-32.el7_9.aarch64.rpm | aced1c6f3d268651e97ab27801a921331bb17ea28077c9ee4702071f08c5c5c4 | - | ol7_aarch64_latest | |
| pki-tools-10.5.18-32.el7_9.aarch64.rpm | aced1c6f3d268651e97ab27801a921331bb17ea28077c9ee4702071f08c5c5c4 | - | ol7_aarch64_u9_patch | |
| Oracle Linux 7 (x86_64) | pki-core-10.5.18-32.el7_9.src.rpm | 23e49a5ac9139d15d21bab209b2d01d05eadd840a633e4dbc074992f9077e7f7 | - | ol7_x86_64_latest |
| pki-core-10.5.18-32.el7_9.src.rpm | 23e49a5ac9139d15d21bab209b2d01d05eadd840a633e4dbc074992f9077e7f7 | - | ol7_x86_64_optional_latest | |
| pki-core-10.5.18-32.el7_9.src.rpm | 23e49a5ac9139d15d21bab209b2d01d05eadd840a633e4dbc074992f9077e7f7 | - | ol7_x86_64_u9_patch | |
| pki-base-10.5.18-32.el7_9.noarch.rpm | ddae634d251dbc2342e0695442d4f43f0924d3ec806fde5ab854b82a81ac696a | - | ol7_x86_64_latest | |
| pki-base-10.5.18-32.el7_9.noarch.rpm | ddae634d251dbc2342e0695442d4f43f0924d3ec806fde5ab854b82a81ac696a | - | ol7_x86_64_u9_patch | |
| pki-base-java-10.5.18-32.el7_9.noarch.rpm | 90beb4624a1f352b14e2e15342c9ebebf6b15c32ecd743f087e6c0c9d170b70c | - | ol7_x86_64_latest | |
| pki-base-java-10.5.18-32.el7_9.noarch.rpm | 90beb4624a1f352b14e2e15342c9ebebf6b15c32ecd743f087e6c0c9d170b70c | - | ol7_x86_64_u9_patch | |
| pki-ca-10.5.18-32.el7_9.noarch.rpm | 97e6d7a846973ba50201c6ffce1267fb33ed25d8a5d86a8b10707a8bad244fd9 | - | ol7_x86_64_latest | |
| pki-ca-10.5.18-32.el7_9.noarch.rpm | 97e6d7a846973ba50201c6ffce1267fb33ed25d8a5d86a8b10707a8bad244fd9 | - | ol7_x86_64_u9_patch | |
| pki-javadoc-10.5.18-32.el7_9.noarch.rpm | 3c13ee0c6a9b469bac1ba6798e1ef93b3e1944d08df86d60c3d54610b6cd09a1 | - | ol7_x86_64_optional_latest | |
| pki-kra-10.5.18-32.el7_9.noarch.rpm | 2e3f80510b2f94ac7e4d517f2d78e1e698bfd117bc6cd77bf0b0dd18aae4c608 | - | ol7_x86_64_latest | |
| pki-kra-10.5.18-32.el7_9.noarch.rpm | 2e3f80510b2f94ac7e4d517f2d78e1e698bfd117bc6cd77bf0b0dd18aae4c608 | - | ol7_x86_64_u9_patch | |
| pki-server-10.5.18-32.el7_9.noarch.rpm | 15a8518f518c4dcbb14a3230bb8932deca1e8e483cda6c41045528638b0be814 | - | ol7_x86_64_latest | |
| pki-server-10.5.18-32.el7_9.noarch.rpm | 15a8518f518c4dcbb14a3230bb8932deca1e8e483cda6c41045528638b0be814 | - | ol7_x86_64_u9_patch | |
| pki-symkey-10.5.18-32.el7_9.x86_64.rpm | 84d06ba4024e49eccf8ea69acbb9629bd5119a290a71eadeeba06883f0b8f59c | - | ol7_x86_64_latest | |
| pki-symkey-10.5.18-32.el7_9.x86_64.rpm | 84d06ba4024e49eccf8ea69acbb9629bd5119a290a71eadeeba06883f0b8f59c | - | ol7_x86_64_u9_patch | |
| pki-tools-10.5.18-32.el7_9.x86_64.rpm | cd271c7722c987beec1882774e8f6db92a204a053ee520b8c0be59a5bc1cfc58 | - | ol7_x86_64_latest | |
| pki-tools-10.5.18-32.el7_9.x86_64.rpm | cd271c7722c987beec1882774e8f6db92a204a053ee520b8c0be59a5bc1cfc58 | - | ol7_x86_64_u9_patch | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
