pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2021-05-2500:00:00

linux.oracle.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

apache-commons-collections
jss
[4.8.1-2]

Bug 1932803 - HSM + FIPS: CMCRequest with a shared secret resulting in error
[4.8.1-1]
Rebase to upstream JSS v4.8.1
Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class
Red Hat Bugilla #1489256 - [RFE] jss should support RSA with OAEP padding
[4.8.0-2]
Only check PKCS11Constants on beta builds
Bump tomcatjss, pki-core conflicts due to lang3
[4.8.0-1]
Rebase to upstream JSS v4.8.0
[4.8.0-0.1]
Rebase to upstream JSS v4.8.0-b1
pki-core
[10.10.5-2.0.1]
Remove upstream reference.
[10.10.5-2]
Bug 1914396 - CVE-2021-20179 pki-core:10.6/pki-core: Unprivileged users can renew any certificate
[10.10.5-1]
Rebase to PKI 10.10.5
Bug 1929067 - PKI instance creation failed with new 389-ds-base build
pki-servlet-engine
[1:9.0.30-1]
Resolves: rhbz#1721684 Rebase pki-servlet-engine to 9.0.30
Update to JWS 5.3.0 distribution
Remove new dependencies that PKI doesnt need (and are not provided by RHEL 8)
resteasy
[3.0.26-6]
CVE-2020-1695: Improper validation of response header in MediaTypeHeaderDelegate.java class
Resolves: rh-bz#1845548
tomcatjss
[7.6.1-1]
Rebase to TomcatJSS 7.6.1
[7.6.0-2]
Bump dependency to JSS 4.8.0
Remove unsupported platforms
[7.6.0-1]
Rebase to TomcatJSS 7.6.0

OSVersionArchitecturePackageVersionFilename
oracle linux8srcapache-commons-collections< 3.2.2-10.moduleapache-commons-collections-3.2.2-10.module+el8.3.0+7697+44932688.src.rpm
oracle linux8srcapache-commons-lang< 2.6-21.moduleapache-commons-lang-2.6-21.module+el8.3.0+7697+44932688.src.rpm
oracle linux8srcapache-commons-net< 3.6-3.moduleapache-commons-net-3.6-3.module+el8.3.0+7697+44932688.src.rpm
oracle linux8srcbea-stax< 1.2.0-16.modulebea-stax-1.2.0-16.module+el8.3.0+7697+44932688.src.rpm
oracle linux8srcglassfish-fastinfoset< 1.2.13-9.moduleglassfish-fastinfoset-1.2.13-9.module+el8.3.0+7697+44932688.src.rpm
oracle linux8srcglassfish-jaxb< 2.2.11-11.moduleglassfish-jaxb-2.2.11-11.module+el8.3.0+7697+44932688.src.rpm
oracle linux8srcglassfish-jaxb-api< 2.2.12-8.moduleglassfish-jaxb-api-2.2.12-8.module+el8.3.0+7697+44932688.src.rpm
oracle linux8srcjackson-annotations< 2.10.0-1.modulejackson-annotations-2.10.0-1.module+el8.3.0+7697+44932688.src.rpm
oracle linux8srcjackson-core< 2.10.0-1.modulejackson-core-2.10.0-1.module+el8.3.0+7697+44932688.src.rpm
oracle linux8srcjackson-databind< 2.10.0-1.modulejackson-databind-2.10.0-1.module+el8.3.0+7697+44932688.src.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	8	src	apache-commons-collections	< 3.2.2-10.module	apache-commons-collections-3.2.2-10.module+el8.3.0+7697+44932688.src.rpm
oracle linux	8	src	apache-commons-lang	< 2.6-21.module	apache-commons-lang-2.6-21.module+el8.3.0+7697+44932688.src.rpm
oracle linux	8	src	apache-commons-net	< 3.6-3.module	apache-commons-net-3.6-3.module+el8.3.0+7697+44932688.src.rpm
oracle linux	8	src	bea-stax	< 1.2.0-16.module	bea-stax-1.2.0-16.module+el8.3.0+7697+44932688.src.rpm
oracle linux	8	src	glassfish-fastinfoset	< 1.2.13-9.module	glassfish-fastinfoset-1.2.13-9.module+el8.3.0+7697+44932688.src.rpm
oracle linux	8	src	glassfish-jaxb	< 2.2.11-11.module	glassfish-jaxb-2.2.11-11.module+el8.3.0+7697+44932688.src.rpm
oracle linux	8	src	glassfish-jaxb-api	< 2.2.12-8.module	glassfish-jaxb-api-2.2.12-8.module+el8.3.0+7697+44932688.src.rpm
oracle linux	8	src	jackson-annotations	< 2.10.0-1.module	jackson-annotations-2.10.0-1.module+el8.3.0+7697+44932688.src.rpm
oracle linux	8	src	jackson-core	< 2.10.0-1.module	jackson-core-2.10.0-1.module+el8.3.0+7697+44932688.src.rpm
oracle linux	8	src	jackson-databind	< 2.10.0-1.module	jackson-databind-2.10.0-1.module+el8.3.0+7697+44932688.src.rpm