Oval Definition:oval:com.redhat.rhsa:def:20210851
Revision Date:2021-03-16Version:637
Title:RHSA-2021:0851: pki-core security and bug fix update (Important)
Description:The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.

Security Fix(es):

  • pki-core: Unprivileged users can renew any certificate (CVE-2021-20179)

  • pki-core: XSS in the certificate search results (CVE-2020-25715)

  • pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)

  • pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179)

  • pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)

  • pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

  • Add KRA Transport and Storage Certificates profiles, audit for IPA (BZ#1883639)
  • Family:unixClass:patch
    Status:Reference(s):CVE-2019-10146
    CVE-2019-10179
    CVE-2019-10221
    CVE-2020-1721
    CVE-2020-25715
    CVE-2021-20179
    RHSA-2021:0851
    Platform(s):Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • pki-base is earlier than 0:10.5.18-12.el7_9
  • AND pki-base is signed with Red Hat redhatrelease2 key
  • pki-base-java is earlier than 0:10.5.18-12.el7_9
  • AND pki-base-java is signed with Red Hat redhatrelease2 key
  • pki-ca is earlier than 0:10.5.18-12.el7_9
  • AND pki-ca is signed with Red Hat redhatrelease2 key
  • pki-javadoc is earlier than 0:10.5.18-12.el7_9
  • AND pki-javadoc is signed with Red Hat redhatrelease2 key
  • pki-kra is earlier than 0:10.5.18-12.el7_9
  • AND pki-kra is signed with Red Hat redhatrelease2 key
  • pki-server is earlier than 0:10.5.18-12.el7_9
  • AND pki-server is signed with Red Hat redhatrelease2 key
  • pki-symkey is earlier than 0:10.5.18-12.el7_9
  • AND pki-symkey is signed with Red Hat redhatrelease2 key
  • pki-tools is earlier than 0:10.5.18-12.el7_9
  • AND pki-tools is signed with Red Hat redhatrelease2 key
  • BACK