Oval Definition:oval:com.redhat.rhsa:def:20172335
Revision Date:2017-08-01Version:636
Title:RHSA-2017:2335: pki-core security update (Moderate)
Description:Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure (PKI) deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority (CA) subsystem.

Security Fix(es):

  • It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. (CVE-2017-7537)

    This issue was discovered by Christina Fu (Red Hat).
    • Family:unixClass:patch
    Status:Reference(s):CVE-2017-7537
    RHSA-2017:2335
    RHSA-2017:2335-01
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • pki-base is earlier than 0:10.4.1-11.el7
  • AND pki-base is signed with Red Hat redhatrelease2 key
  • pki-base-java is earlier than 0:10.4.1-11.el7
  • AND pki-base-java is signed with Red Hat redhatrelease2 key
  • pki-ca is earlier than 0:10.4.1-11.el7
  • AND pki-ca is signed with Red Hat redhatrelease2 key
  • pki-javadoc is earlier than 0:10.4.1-11.el7
  • AND pki-javadoc is signed with Red Hat redhatrelease2 key
  • pki-kra is earlier than 0:10.4.1-11.el7
  • AND pki-kra is signed with Red Hat redhatrelease2 key
  • pki-server is earlier than 0:10.4.1-11.el7
  • AND pki-server is signed with Red Hat redhatrelease2 key
  • pki-symkey is earlier than 0:10.4.1-11.el7
  • AND pki-symkey is signed with Red Hat redhatrelease2 key
  • pki-tools is earlier than 0:10.4.1-11.el7
  • AND pki-tools is signed with Red Hat redhatrelease2 key
    • BACK