The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity tab (CVE-2019-10178)
pki-core: unsanitized token parameters in TPS resulting in stored XSS (CVE-2019-10180)
pki-core: Stored XSS in TPS profile creation (CVE-2020-1696)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
TPS - Add logging to tdbAddCertificatesForCUID if adding or searching for cert record fails (BZ#1710978)
TPS - Update Error Codes returned to client (CIW/ESC) to Match CS8 (BZ#1858860)
TPS - Server side key generation is not working for Identity only tokens - Missing some commits (BZ#1858861)
TPS does not check token cuid on the user registration record during PIN reset (BZ#1858867)
Update RHCS version of CA, KRA, OCSP, and TKS so that it can be identified using a browser [RHCS 9.7.z BU 2] (BZ#1895104)
Update RHCS version of CA, KRA, OCSP, and TKS so that it can be identified using a browser [RHCS 9.7.z BU 4] (BZ#1914474)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | pki-ocsp | <Â 10.5.18-12.el7pki | pki-ocsp-10.5.18-12.el7pki.noarch.rpm |
RedHat | 7 | noarch | redhat-pki-server-theme | <Â 10.5.18-5.el7pki | redhat-pki-server-theme-10.5.18-5.el7pki.noarch.rpm |
RedHat | 7 | noarch | redhat-pki-console-theme | <Â 10.5.18-5.el7pki | redhat-pki-console-theme-10.5.18-5.el7pki.noarch.rpm |
RedHat | 7 | noarch | pki-tks | <Â 10.5.18-12.el7pki | pki-tks-10.5.18-12.el7pki.noarch.rpm |
RedHat | 7 | x86_64 | pki-core-debuginfo | <Â 10.5.18-12.el7pki | pki-core-debuginfo-10.5.18-12.el7pki.x86_64.rpm |
RedHat | 7 | x86_64 | pki-tps | <Â 10.5.18-12.el7pki | pki-tps-10.5.18-12.el7pki.x86_64.rpm |