-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pki-core security, bug fix, and enhancement update Advisory ID: RHSA-2023:2293-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2293 Issue date: 2023-05-09 CVE Names: CVE-2022-2393 ==================================================================== 1. Summary: An update for jss, ldapjdk, pki-core, and tomcatjss is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field (CVE-2022-2393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1849834 - [RFE] Provide EST Responder (RFC 7030) 1883477 - [RFE] Automatic expired certificate purging 2017098 - pki pkcs12-cert-add command failing with 'Unable to validate PKCS #12 file: Digests do not match' exception 2087105 - CA installation failing with HSM [RHEL 9.2] 2091993 - IdM Install fails on RHEL 8.5 Beta when DISA STIG is applied 2091999 - Error displayed should be user friendly in case RSNv3 certificate serial number collision 2101046 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field 2106452 - softhsm2: Unable to create cert: Private key not found 2122409 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled 2123379 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled [rhel-9.2.0] 2149478 - Rebase jss to upstream JSS 5.3 2149485 - Rebase tomcatjss to Tomcat JSS 8.3 2149488 - Rebase ldapjdk to LDAP SDK 5.3 2149489 - Rebase pki-core to PKI 11.3 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: jss-5.3.0-1.el9.src.rpm ldapjdk-5.3.0-1.el9.src.rpm pki-core-11.3.0-1.el9.src.rpm tomcatjss-8.3.0-1.el9.src.rpm aarch64: idm-jss-5.3.0-1.el9.aarch64.rpm idm-jss-debuginfo-5.3.0-1.el9.aarch64.rpm idm-pki-tools-11.3.0-1.el9.aarch64.rpm jss-debugsource-5.3.0-1.el9.aarch64.rpm noarch: idm-ldapjdk-5.3.0-1.el9.noarch.rpm idm-pki-acme-11.3.0-1.el9.noarch.rpm idm-pki-base-11.3.0-1.el9.noarch.rpm idm-pki-ca-11.3.0-1.el9.noarch.rpm idm-pki-est-11.3.0-1.el9.noarch.rpm idm-pki-java-11.3.0-1.el9.noarch.rpm idm-pki-kra-11.3.0-1.el9.noarch.rpm idm-pki-server-11.3.0-1.el9.noarch.rpm idm-tomcatjss-8.3.0-1.el9.noarch.rpm python3-idm-pki-11.3.0-1.el9.noarch.rpm ppc64le: idm-jss-5.3.0-1.el9.ppc64le.rpm idm-jss-debuginfo-5.3.0-1.el9.ppc64le.rpm idm-pki-tools-11.3.0-1.el9.ppc64le.rpm jss-debugsource-5.3.0-1.el9.ppc64le.rpm s390x: idm-jss-5.3.0-1.el9.s390x.rpm idm-jss-debuginfo-5.3.0-1.el9.s390x.rpm idm-pki-tools-11.3.0-1.el9.s390x.rpm jss-debugsource-5.3.0-1.el9.s390x.rpm x86_64: idm-jss-5.3.0-1.el9.x86_64.rpm idm-jss-debuginfo-5.3.0-1.el9.x86_64.rpm idm-pki-tools-11.3.0-1.el9.x86_64.rpm jss-debugsource-5.3.0-1.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-2393 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo0ztzjgjWX9erEAQgG1Q/9FQpzA4h61KFLAHStOzrrPPCx+BaHu/v6 xNV/HMmBcNPH5kRUfl55/2ms64Q6ORp10RGOwQRjVyQtLGEL+Q29xC+i7P5BaGHc nzrv2CFezwDvMrl9xsdWOqYrTp2mdKarHFBaFvAZJnaxcNyuVe4AmXFqU2Ig+ot+ nHMYr8p9wkjWqkg61ZNiay2oFexGijqQ64Epfy/YhstyjSxJbV6FXsK3ec+rB6WC EG86qlZLeSyEJB3P15nLSQCFyuTK1LwRqaHxvmfZzhZMI+K/XaqBqD+NFARhVM6u KNvsa4RfoBG/IZaN8yTwJxq9odzX7OdbgkrHU8bhqPm1KU46fWJuqafN129/xXIQ sGfAyCN+aizbIe83ma/4dHc6F2ZA/eon7pNRCszGeg8NMz483XJLbVDglvyFN1dx RQ2bRR391IrAqTCCspHmSwDPgvjKLXNnuY/qkz/BVWQ9Hbtoq4NQG54IlfBKmRwZ nJFYcFVSUsX6wVL9Pn3xalBgUWqsS3KA/TNoufTQmgtkGu3Qr0FDhEMmmN3gC4Zn c8Ag/oiGQnC/sG/JHcyG7x5+YMKzI1cJjBhSrqrmOLrin4yNIEXwb6U+UMPHY4Jz AXFy2ESe1XXw9XyBvWVmFozBgKAQQHOYVCxCpnj2lgavsjoRR+sYci8YolUGJjyK m1oD6k3SK5s=iq/+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce