[El-errata] ELSA-2024-4222 Important: Oracle Linux 7 pki-core security update (aarch64)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Jul 3 20:11:06 UTC 2024
Oracle Linux Security Advisory ELSA-2024-4222
http://linux.oracle.com/errata/ELSA-2024-4222.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
pki-base-10.5.18-32.el7_9.noarch.rpm
pki-base-java-10.5.18-32.el7_9.noarch.rpm
pki-ca-10.5.18-32.el7_9.noarch.rpm
pki-kra-10.5.18-32.el7_9.noarch.rpm
pki-server-10.5.18-32.el7_9.noarch.rpm
pki-symkey-10.5.18-32.el7_9.aarch64.rpm
pki-tools-10.5.18-32.el7_9.aarch64.rpm
pki-javadoc-10.5.18-32.el7_9.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//pki-core-10.5.18-32.el7_9.src.rpm
Related CVEs:
CVE-2023-4727
Description of changes:
[10.5.18-32]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.4):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.4):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-31]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.3):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.3):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-30]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-29]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.1):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.1):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
[10.5.18-28]
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
More information about the El-errata
mailing list