drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in pki-core
Name: |
Cross-Site Scripting in pki-core |
|
ID: |
FEDORA-2012-20243 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 16 |
|
Datum: |
Fr, 21. Dezember 2012, 14:58 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4543 |
|
Applikationen: |
pki-core |
|
Originalnachricht |
Name : pki-core Product : Fedora 16 Version : 9.0.25 Release : 1.fc16 URL : http://pki.fedoraproject.org/ Summary : Certificate System - PKI Core Components Description : ================================== || ABOUT "CERTIFICATE SYSTEM" || ==================================
Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains fundamental packages required by Certificate System, and consists of the following components:
* pki-setup * pki-symkey * pki-native-tools * pki-util * pki-util-javadoc * pki-java-tools * pki-java-tools-javadoc * pki-common * pki-common-javadoc * pki-selinux * pki-ca * pki-silent
which comprise the following PKI subsystems:
* Certificate Authority (CA)
For deployment purposes, Certificate System requires ONE AND ONLY ONE of the following "Mutually-Exclusive" PKI Theme packages:
* ipa-pki-theme (IPA deployments) * dogtag-pki-theme (Dogtag Certificate System deployments) * redhat-pki-theme (Red Hat Certificate System deployments)
------------------------------------------------------------------------------- - Update Information:
Bugzilla Bug #884829 - Multiple cross-site scripting flaws ------------------------------------------------------------------------------- - ChangeLog:
* Tue Dec 11 2012 Andrew Wnuk<awnuk@redhat.com> 9.0.25-1 - Bugzilla Bug #861467 - Directory authenticated user certificate enrollments fail when anonymous access disabled. - Bugzilla Bug #884829 - Multiple cross-site scripting flaws * Tue Oct 30 2012 Andrew Wnuk <awnuk@redhat.com> 9.0.24-1 - New official build - Used GetStatus servlet to provide startup status - (alee) - Audit Cert Renewal - Bugzilla Bug #843979 (mharmsen) - time based searches - Bugzilla Bug #854420 (awnuk) - TMS ECC infrastructure - ticket #304 (cfu) * Fri Sep 7 2012 Matthew Harmsen <mharmsen@redhat.com> 9.0.23-1 - TRAC Ticket #301 - Need to modify init scripts to verify needed symlinks in an instance (support for non-default instance names) (mharmsen) - Bugzilla Bug #852855 - rhcs81 - remove unexpected anonymous binds to internal db in cert status thread. (jmagne) * Wed Aug 22 2012 Ade Lee <alee@redhat.com> 9.0.22-1 - Reverted selinux changes that broke f16 selinux policy. - Reapplied those changes as a modified patch to f17 build. * Fri Jul 20 2012 Ade Lee <alee@redhat.com> 9.0.21-1 - Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag * Mon May 7 2012 Andrew Wnuk <awnuk@redhat.com> 9.0.20-1 - New official build * Mon May 7 2012 Ade Lee <alee@redhat.com> 9.0.19-4 - Bugzilla Bug #819111 - non-existent container breaks replication * Mon Apr 16 2012 Ade Lee <alee@redhat.com> 9.0.19-3 - Bugzilla Bug #813075 - selinux denial for file size access * Tue Apr 10 2012 Christina Fu <cfu@redhat.com> 9.0.19-2 - Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived * Fri Mar 16 2012 Ade Lee <alee@redhat.com> 9.0.19-1 - BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules * Fri Mar 9 2012 Matthew Harmsen <mharmsen@redhat.com> 9.0.18-1 - Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync with DOGTAG_9_BRANCH SVN repository . . . - 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #784387 - Configuration wizard does not provide option to issue ECC credentials for admin during ECC CA configuration. - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #768138 - Make sure that paging works correctly in CA and DRM - Bugzilla Bug #771768 - "Agent-Authenticated File Signing" alters file digest for "logo_header.gif" - Bugzilla Bug #703608 - Enrollment Profile template Javascript code problem for handling non-dual ECC - Bugzilla Bug #223358 - new profile for ECC key generation - Bugzilla Bug #787806 - RSA should be default selection for transport key till "ECC phase 4" is implemented - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #703608 - Enrollment Profile template Javascript code problem for handling non-dual ECC - Bugzilla Bug #223358 - new profile for ECC key generation - Bugzilla Bug #787806 - RSA should be default selection for transport key till "ECC phase 4" is implemented - 'pki-silent' - Bugzilla Bug #801840 - pki_silent.template missing opening brace for ca_external variable * Fri Mar 2 2012 Matthew Harmsen <mharmsen@redhat.com> 9.0.17-4 - For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM. * Tue Feb 28 2012 Ade Lee <alee@redhat.com> 9.0.17-3 - 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17) * Wed Feb 22 2012 Matthew Harmsen <mharmsen@redhat.com> 9.0.17-2 - Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess * Thu Jan 5 2012 Matthew Harmsen <mharmsen@redhat.com> 9.0.17-1 - 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #771357 - sslget does not work after FEDORA-2011-17400 update, breaking FreeIPA install - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #757848 - DRM re-key tool: introduces a blank line in the middle of an ldif entry. - 'pki-common' - Bugzilla Bug #747019 - Migrated policy requests from 7.1->8.1 displays issuedcerts and cert_Info params as base 64 blobs. - Bugzilla Bug #756133 - Some DRM components are not referring properly to DRM's request and key records. - Bugzilla Bug #758505 - DRM's request list breaks after migration of request records with big IDs. - Bugzilla Bug #768138 - Make sure that paging works correctly in CA and DRM - 'pki-selinux' - 'pki-ca' - 'pki-silent' * Fri Oct 28 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.16-1 - 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent' ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #884829 - CVE-2012-4543 Certificate System: Multiple cross-site scripting flaws by displaying CRL or processing profile [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=884829 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update pki-core' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|