-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Certificate System 9.7 CVE bug fix update Advisory ID: RHSA-2022:7077-01 Product: Red Hat Certificate System Advisory URL: https://access.redhat.com/errata/RHSA-2022:7077 Issue date: 2022-10-24 CVE Names: CVE-2022-2393 ===================================================================== 1. Summary: Updated CVE security packages are now available for Red Hat Certificate System 9.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section 2. Relevant releases/architectures: Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7 - noarch, x86_64 3. Description: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhcs_9.7] [BZ #2111493] For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2101046 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field 6. Package List: Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7: Source: pki-core-10.5.18-23.el7pki.src.rpm redhat-pki-theme-10.5.18-15.el7pki.src.rpm noarch: pki-ocsp-10.5.18-23.el7pki.noarch.rpm pki-tks-10.5.18-23.el7pki.noarch.rpm redhat-pki-console-theme-10.5.18-15.el7pki.noarch.rpm redhat-pki-server-theme-10.5.18-15.el7pki.noarch.rpm x86_64: pki-core-debuginfo-10.5.18-23.el7pki.x86_64.rpm pki-tps-10.5.18-23.el7pki.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-2393 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY1ZTUdzjgjWX9erEAQg+lA//ZN5z3MCWmSEwuQ8KUH64XoB3QTNO61ZQ 29uF1hFQwAWPvJvkVanoBtGUHYb99e/lfq9OuEueFQ+6VEA+w8G/P4wVM/MhhQmJ wdBeBMzNY/pl+6LcCxj7f5vEprGER7n0knZ1SoiThbuXGT/t30V9FaznEqft8GPy UG5xQ8teMSW6g5uU07D7EEeqsdwlBIOOFjdIUFK2qol+zjmM7mSFn1VoqBXCjFSS bRJzZ7NuhA11nZELBPLz7gklFo0tIc09bKaoIPOY6lq8sp7Z5jARNqc0YvXaWOMT ai6s2oBn1rQkiWcRFKNO5tGLm+vx3N46yLkZBUVO/xAGaJ1JKF+gtKJPTZ+UDGMx HGVb0OWMbQZxZcRzoEiRCfD19WVHS+dDl0kWAFjD4xHagrG1Crzjx52vnWgdquSn gxoxVL1HzhNfBCmgq1x6IkbCNKNa5Hdd/38a43gKvvoVPH9r5aMA+uExdYmTu1ca 9ORDgc+1KaPOfrA6v8RyYo3rPpnKEiEWhYl8NPlKwMjEfoed+obzRAUwPO7H8/PC WHUcY/b51+EnFuqguFNzXpxe+/Ngp/CFrabLjJjSRp3hX0oI/6RcXzeIXLxG9DHS wXhqSnfhgpneyJXojBPIOJHrZa6A6LR5YNXBcoBx41hnlXL9ceAAICgOsORWgJ4T sQKzMkjHDb8= =6fiQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce