Login


 
Newsletter
Werbung
Sicherheit: Cross-Site Scripting in pki-core
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in pki-core
ID: FEDORA-2012-20243
Distribution: Fedora
Plattformen: Fedora 16
Datum: Fr, 21. Dezember 2012, 14:58
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4543

Originalnachricht

Name        : pki-core
Product : Fedora 16
Version : 9.0.25
Release : 1.fc16
URL : http://pki.fedoraproject.org/
Summary : Certificate System - PKI Core Components
Description :
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================

Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

PKI Core contains fundamental packages required by Certificate System,
and consists of the following components:

* pki-setup
* pki-symkey
* pki-native-tools
* pki-util
* pki-util-javadoc
* pki-java-tools
* pki-java-tools-javadoc
* pki-common
* pki-common-javadoc
* pki-selinux
* pki-ca
* pki-silent

which comprise the following PKI subsystems:

* Certificate Authority (CA)

For deployment purposes, Certificate System requires ONE AND ONLY ONE
of the following "Mutually-Exclusive" PKI Theme packages:

* ipa-pki-theme (IPA deployments)
* dogtag-pki-theme (Dogtag Certificate System deployments)
* redhat-pki-theme (Red Hat Certificate System deployments)

-------------------------------------------------------------------------------
-
Update Information:

Bugzilla Bug #884829 - Multiple cross-site scripting flaws
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Dec 11 2012 Andrew Wnuk<awnuk@redhat.com> 9.0.25-1
- Bugzilla Bug #861467 - Directory authenticated user certificate enrollments
fail when anonymous access disabled.
- Bugzilla Bug #884829 - Multiple cross-site scripting flaws
* Tue Oct 30 2012 Andrew Wnuk <awnuk@redhat.com> 9.0.24-1
- New official build
- Used GetStatus servlet to provide startup status - (alee)
- Audit Cert Renewal - Bugzilla Bug #843979 (mharmsen)
- time based searches - Bugzilla Bug #854420 (awnuk)
- TMS ECC infrastructure - ticket #304 (cfu)
* Fri Sep 7 2012 Matthew Harmsen <mharmsen@redhat.com> 9.0.23-1
- TRAC Ticket #301 - Need to modify init scripts to verify needed symlinks
in an instance (support for non-default instance names) (mharmsen)
- Bugzilla Bug #852855 - rhcs81 - remove unexpected anonymous binds to
internal db in cert status thread. (jmagne)
* Wed Aug 22 2012 Ade Lee <alee@redhat.com> 9.0.22-1
- Reverted selinux changes that broke f16 selinux policy.
- Reapplied those changes as a modified patch to f17 build.
* Fri Jul 20 2012 Ade Lee <alee@redhat.com> 9.0.21-1
- Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag
* Mon May 7 2012 Andrew Wnuk <awnuk@redhat.com> 9.0.20-1
- New official build
* Mon May 7 2012 Ade Lee <alee@redhat.com> 9.0.19-4
- Bugzilla Bug #819111 - non-existent container breaks replication
* Mon Apr 16 2012 Ade Lee <alee@redhat.com> 9.0.19-3
- Bugzilla Bug #813075 - selinux denial for file size access
* Tue Apr 10 2012 Christina Fu <cfu@redhat.com> 9.0.19-2
- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
* Fri Mar 16 2012 Ade Lee <alee@redhat.com> 9.0.19-1
- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
- Corrected patch selected for selinux f17 rules
* Fri Mar 9 2012 Matthew Harmsen <mharmsen@redhat.com> 9.0.18-1
- Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync
with DOGTAG_9_BRANCH SVN repository . . .
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #784387 - Configuration wizard does not provide option
to issue ECC credentials for admin during ECC CA configuration.
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #768138 - Make sure that paging works correctly in CA
and DRM
- Bugzilla Bug #771768 - "Agent-Authenticated File Signing" alters
file digest for "logo_header.gif"
- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
problem for handling non-dual ECC
- Bugzilla Bug #223358 - new profile for ECC key generation
- Bugzilla Bug #787806 - RSA should be default selection for transport
key till "ECC phase 4" is implemented
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
problem for handling non-dual ECC
- Bugzilla Bug #223358 - new profile for ECC key generation
- Bugzilla Bug #787806 - RSA should be default selection for transport
key till "ECC phase 4" is implemented
- 'pki-silent'
- Bugzilla Bug #801840 - pki_silent.template missing opening brace for
ca_external variable
* Fri Mar 2 2012 Matthew Harmsen <mharmsen@redhat.com> 9.0.17-4
- For 'mock' purposes, removed platform-specific logic from around
the 'patch' files so that ALL 'patch' files will be included
in
the SRPM.
* Tue Feb 28 2012 Ade Lee <alee@redhat.com> 9.0.17-3
- 'pki-selinux'
- Added platform-dependent patches for SELinux component
- Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
* Wed Feb 22 2012 Matthew Harmsen <mharmsen@redhat.com> 9.0.17-2
- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to
address changes
in fundamental path structure in Fedora 17
- 'pki-setup'
- Hard-code Perl dependencies to protect against bugs such as
Bugzilla Bug #772699 - Adapt perl and python fileattrs to
changed file 5.10 magics
- 'pki-selinux'
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess
* Thu Jan 5 2012 Matthew Harmsen <mharmsen@redhat.com> 9.0.17-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- Bugzilla Bug #771357 - sslget does not work after FEDORA-2011-17400
update, breaking FreeIPA install
- 'pki-util'
- 'pki-java-tools'
- Bugzilla Bug #757848 - DRM re-key tool: introduces a blank line in the
middle of an ldif entry.
- 'pki-common'
- Bugzilla Bug #747019 - Migrated policy requests from 7.1->8.1
displays
issuedcerts and cert_Info params as base 64 blobs.
- Bugzilla Bug #756133 - Some DRM components are not referring properly
to DRM's request and key records.
- Bugzilla Bug #758505 - DRM's request list breaks after migration of
request records with big IDs.
- Bugzilla Bug #768138 - Make sure that paging works correctly in CA and
DRM
- 'pki-selinux'
- 'pki-ca'
- 'pki-silent'
* Fri Oct 28 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.16-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
the in-place upgrade( CS 8.0->8.1) (cfu)
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #746367 - Typo in the profile name. (jmagne)
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17
(rawhide) . . . (mharmsen)
- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
OCSP, and TKS package installation . . . (mharmsen)
- 'pki-silent'
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #884829 - CVE-2012-4543 Certificate System: Multiple cross-site
scripting flaws by displaying CRL or processing profile [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=884829
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update pki-core' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Frohe Ostern
Neue Nachrichten
Werbung