CLSA-2026-1774460133 Fix CVE(s): CVE-2025-66614

SECURITY UPDATE: client certificate authentication bypass through mismatched SNI and HTTP Host header - debian/patches/CVE-2025-66614.patch: Add strictSNI connector attribute and implement SNI/protocol host name matching for NIO, NIO2, and APR connectors; prevent requests being served by mismatch...

Apache Tomcat Client Certificate Validation Flaw Vulnerability

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat client certificate has a validation flaw vulnerability, the vulnerability is due to allow revoked certificate/test...

CVE-2020-11629

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...

CLSA-2024-1709729100 Update of nss

Update to CKBI 2.64 from NSS 3.95 - Removed: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification Authority - G6" - Certificate "Symantec Class 2 Public Primary Certification Authority - G6" -...

BIT-GOLANG-2023-29409 Large RSA keys can cause high CPU usage in crypto/tls

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

CLSA-2024-1708029694 Update of nss

Update to CKBI 2.64 from NSS 3.95 - Removed: - Certificate "E-Tugra Certification Authority" - Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification Authority - G6" - Certificate "Symantec...

CLSA-2024-1708028290 Update of nss

Update to CKBI 2.64 from NSS 3.95 - Removed: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification Authority - G6" - Certificate "Symantec Class 2 Public Primary Certification Authority - G6" -...

CLSA-2024-1708027734 Update of nss

Update to CKBI 2.64 from NSS 3.95 - Removed: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification Authority - G6" - Certificate "Symantec Class 2 Public Primary Certification Authority - G6" -...

curl: Fix of CVE-2023-38546

CVE-2023-38546: cookie: remove unnecessary struct fields - Rebuild expired test certificates...

CLSA-2023-1697464688 curl: Fix of CVE-2023-38546

CVE-2023-38546: cookie: remove unnecessary struct fields - Rebuild expired test certificates...

CLSA-2023-1697464394 curl: Fix of CVE-2023-38546

CVE-2023-38546: cookie: remove unnecessary struct fields - Rebuild expired test certificates...

CLSA-2023-1697463947 curl: Fix of CVE-2023-38546

CVE-2023-38546: cookie: remove unnecessary struct fields - Rebuild expired test certificates...

OESA-2023-1591 golang security update

The Go Programming Language. Security Fixes: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trust...

CLSA-2023-1691083477 Fix CVE(s): CVE-2021-25329, CVE-2022-23181, CVE-2020-9484

SECURITY UPDATE: Remote Code Execution via session persistence - debian/patches/CVE-2020-9484.patch: Improve validation of storage location when using FileStore. - CVE-2020-9484 SECURITY UPDATE: Fix for CVE-2020-9484 was incomplete - debian/patches/CVE-2021-25329-pre1.patch: Fix some edge cases...

Code injection

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

UBUNTU-CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

SUSE CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

pesign security update

115-6.0.1 - Update Oracle Linux test certificates Orabug: 31928433 115-6 - Fix chmod invocation - Resolves: CVE-2022-3560 115-5 - Deprecate pesign-authorize and drop ACL use - Resolves: CVE-2022-3560...

CLSA-2022-1669241475 Fix CVE(s): CVE-2022-45061

SECURITY UPDATE: Uncontrolled resource consumption - debian/patches/CVE-2022-45061.patch: Fix quadratic time idna decoding - CVE-2022-45061 Fix the tests: Certificates were expired - debian/patches/update-test-certs-and-keys.patch: Update test certs and keys...

CLSA-2022-1655757814 Fix CVE(s): CVE-2020-1938, CVE-2020-9484, CVE-2021-25329

Fix build process: - debian/keystores/.pem|.jks: update expiring certs and keystores - debian/patches/0028-update-expiring-test-certs.patch: update expiring test certs - debian/patches/0029-fix-path-to-valid-keystore.patch: fix path to valid keystore - debian/patches/0030-use-tls12-in-tests.patch...