ELSA-2024-4222
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-4222
ELSA-2024-4222 - pki-core security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2024-07-02 |
Description
[10.5.18-32]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.4):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.4):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-31]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.3):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.3):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-30]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-29]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.1):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.1):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-28]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
Related CVEs
| CVE-2023-4727 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (aarch64) | pki-core-10.5.18-32.el7_9.src.rpm | 0a6df5e999fcb9d2054e41056a300d66 | - | ol7_aarch64_latest |
| pki-core-10.5.18-32.el7_9.src.rpm | 0a6df5e999fcb9d2054e41056a300d66 | - | ol7_aarch64_optional_latest | |
| pki-core-10.5.18-32.el7_9.src.rpm | 0a6df5e999fcb9d2054e41056a300d66 | - | ol7_aarch64_u9_patch | |
| pki-base-10.5.18-32.el7_9.noarch.rpm | ca5bad4f3abce0786667f013df427e0b | - | ol7_aarch64_latest | |
| pki-base-10.5.18-32.el7_9.noarch.rpm | ca5bad4f3abce0786667f013df427e0b | - | ol7_aarch64_u9_patch | |
| pki-base-java-10.5.18-32.el7_9.noarch.rpm | 1e991fd266d97037d362a1c185f5c14d | - | ol7_aarch64_latest | |
| pki-base-java-10.5.18-32.el7_9.noarch.rpm | 1e991fd266d97037d362a1c185f5c14d | - | ol7_aarch64_u9_patch | |
| pki-ca-10.5.18-32.el7_9.noarch.rpm | 16087dff305acf0a7cd372f460923d64 | - | ol7_aarch64_latest | |
| pki-ca-10.5.18-32.el7_9.noarch.rpm | 16087dff305acf0a7cd372f460923d64 | - | ol7_aarch64_u9_patch | |
| pki-javadoc-10.5.18-32.el7_9.noarch.rpm | 4a3249830e752cb7f06d5c45f6e336d6 | - | ol7_aarch64_optional_latest | |
| pki-kra-10.5.18-32.el7_9.noarch.rpm | 73497f35b1354dcab26e0d80a6013a56 | - | ol7_aarch64_latest | |
| pki-kra-10.5.18-32.el7_9.noarch.rpm | 73497f35b1354dcab26e0d80a6013a56 | - | ol7_aarch64_u9_patch | |
| pki-server-10.5.18-32.el7_9.noarch.rpm | 153eadb61fc954dc1d5d9a910da98586 | - | ol7_aarch64_latest | |
| pki-server-10.5.18-32.el7_9.noarch.rpm | 153eadb61fc954dc1d5d9a910da98586 | - | ol7_aarch64_u9_patch | |
| pki-symkey-10.5.18-32.el7_9.aarch64.rpm | eabf115bc7e430deb6cbba6e4e720abb | - | ol7_aarch64_latest | |
| pki-symkey-10.5.18-32.el7_9.aarch64.rpm | eabf115bc7e430deb6cbba6e4e720abb | - | ol7_aarch64_u9_patch | |
| pki-tools-10.5.18-32.el7_9.aarch64.rpm | db9c2d00000d4013bd83bd28245e7808 | - | ol7_aarch64_latest | |
| pki-tools-10.5.18-32.el7_9.aarch64.rpm | db9c2d00000d4013bd83bd28245e7808 | - | ol7_aarch64_u9_patch | |
| Oracle Linux 7 (x86_64) | pki-core-10.5.18-32.el7_9.src.rpm | 0a6df5e999fcb9d2054e41056a300d66 | - | ol7_x86_64_latest |
| pki-core-10.5.18-32.el7_9.src.rpm | 0a6df5e999fcb9d2054e41056a300d66 | - | ol7_x86_64_optional_latest | |
| pki-core-10.5.18-32.el7_9.src.rpm | 0a6df5e999fcb9d2054e41056a300d66 | - | ol7_x86_64_u9_patch | |
| pki-base-10.5.18-32.el7_9.noarch.rpm | ca5bad4f3abce0786667f013df427e0b | - | ol7_x86_64_latest | |
| pki-base-10.5.18-32.el7_9.noarch.rpm | ca5bad4f3abce0786667f013df427e0b | - | ol7_x86_64_u9_patch | |
| pki-base-java-10.5.18-32.el7_9.noarch.rpm | 1e991fd266d97037d362a1c185f5c14d | - | ol7_x86_64_latest | |
| pki-base-java-10.5.18-32.el7_9.noarch.rpm | 1e991fd266d97037d362a1c185f5c14d | - | ol7_x86_64_u9_patch | |
| pki-ca-10.5.18-32.el7_9.noarch.rpm | 16087dff305acf0a7cd372f460923d64 | - | ol7_x86_64_latest | |
| pki-ca-10.5.18-32.el7_9.noarch.rpm | 16087dff305acf0a7cd372f460923d64 | - | ol7_x86_64_u9_patch | |
| pki-javadoc-10.5.18-32.el7_9.noarch.rpm | 4a3249830e752cb7f06d5c45f6e336d6 | - | ol7_x86_64_optional_latest | |
| pki-kra-10.5.18-32.el7_9.noarch.rpm | 73497f35b1354dcab26e0d80a6013a56 | - | ol7_x86_64_latest | |
| pki-kra-10.5.18-32.el7_9.noarch.rpm | 73497f35b1354dcab26e0d80a6013a56 | - | ol7_x86_64_u9_patch | |
| pki-server-10.5.18-32.el7_9.noarch.rpm | 153eadb61fc954dc1d5d9a910da98586 | - | ol7_x86_64_latest | |
| pki-server-10.5.18-32.el7_9.noarch.rpm | 153eadb61fc954dc1d5d9a910da98586 | - | ol7_x86_64_u9_patch | |
| pki-symkey-10.5.18-32.el7_9.x86_64.rpm | bf83234df8e1dc2cbf83673779f433f4 | - | ol7_x86_64_latest | |
| pki-symkey-10.5.18-32.el7_9.x86_64.rpm | bf83234df8e1dc2cbf83673779f433f4 | - | ol7_x86_64_u9_patch | |
| pki-tools-10.5.18-32.el7_9.x86_64.rpm | ff8bb46a4d690993ba3a6927732f32d5 | - | ol7_x86_64_latest | |
| pki-tools-10.5.18-32.el7_9.x86_64.rpm | ff8bb46a4d690993ba3a6927732f32d5 | - | ol7_x86_64_u9_patch | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
