(RHSA-2023:3394) Important: pki-core:10.6 security update

2023-05-3115:30:29

access.redhat.com

pki core red hat certificate system xxe cve-2022-2414 cve-2022-2393

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.036

Percentile

91.7%

JSON

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.

Security Fix(es):

pki-core: access to external entities when parsing XML can lead to XXE (CVE-2022-2414)
pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field (CVE-2022-2393)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyppc64lepki-tools< 10.12.7-1.module+el8.6.0+18623+dea80f17pki-tools-10.12.7-1.module+el8.6.0+18623+dea80f17.ppc64le.rpm
RedHatanyaarch64pki-tools< 10.12.7-1.module+el8.6.0+18623+dea80f17pki-tools-10.12.7-1.module+el8.6.0+18623+dea80f17.aarch64.rpm
RedHatanynoarchpki-ca< 10.12.7-1.module+el8.6.0+18623+dea80f17pki-ca-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm
RedHatanyx86_64pki-tools-debuginfo< 10.12.7-1.module+el8.6.0+18623+dea80f17pki-tools-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm
RedHatanynoarchpki-server< 10.12.7-1.module+el8.6.0+18623+dea80f17pki-server-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm
RedHatanyaarch64pki-core-debugsource< 10.12.7-1.module+el8.6.0+18623+dea80f17pki-core-debugsource-10.12.7-1.module+el8.6.0+18623+dea80f17.aarch64.rpm
RedHatanys390xpki-tools< 10.12.7-1.module+el8.6.0+18623+dea80f17pki-tools-10.12.7-1.module+el8.6.0+18623+dea80f17.s390x.rpm
RedHatanyx86_64pki-symkey< 10.12.7-1.module+el8.6.0+18623+dea80f17pki-symkey-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm
RedHatanynoarchpki-acme< 10.12.7-1.module+el8.6.0+18623+dea80f17pki-acme-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm
RedHatanys390xpki-core-debugsource< 10.12.7-1.module+el8.6.0+18623+dea80f17pki-core-debugsource-10.12.7-1.module+el8.6.0+18623+dea80f17.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ppc64le	pki-tools	< 10.12.7-1.module+el8.6.0+18623+dea80f17	pki-tools-10.12.7-1.module+el8.6.0+18623+dea80f17.ppc64le.rpm
RedHat	any	aarch64	pki-tools	< 10.12.7-1.module+el8.6.0+18623+dea80f17	pki-tools-10.12.7-1.module+el8.6.0+18623+dea80f17.aarch64.rpm
RedHat	any	noarch	pki-ca	< 10.12.7-1.module+el8.6.0+18623+dea80f17	pki-ca-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm
RedHat	any	x86_64	pki-tools-debuginfo	< 10.12.7-1.module+el8.6.0+18623+dea80f17	pki-tools-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm
RedHat	any	noarch	pki-server	< 10.12.7-1.module+el8.6.0+18623+dea80f17	pki-server-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm
RedHat	any	aarch64	pki-core-debugsource	< 10.12.7-1.module+el8.6.0+18623+dea80f17	pki-core-debugsource-10.12.7-1.module+el8.6.0+18623+dea80f17.aarch64.rpm
RedHat	any	s390x	pki-tools	< 10.12.7-1.module+el8.6.0+18623+dea80f17	pki-tools-10.12.7-1.module+el8.6.0+18623+dea80f17.s390x.rpm
RedHat	any	x86_64	pki-symkey	< 10.12.7-1.module+el8.6.0+18623+dea80f17	pki-symkey-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm
RedHat	any	noarch	pki-acme	< 10.12.7-1.module+el8.6.0+18623+dea80f17	pki-acme-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm
RedHat	any	s390x	pki-core-debugsource	< 10.12.7-1.module+el8.6.0+18623+dea80f17	pki-core-debugsource-10.12.7-1.module+el8.6.0+18623+dea80f17.s390x.rpm