[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-0511 -- Oracle pki

ID: oval:org.secpod.oval:def:1500063Date: (C)2013-03-20   (M)2022-10-10
Class: PATCHFamily: unix




Updated pki-core packages that fix multiple security issues, two bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from the CVE link inthe References section. Red Hat Certificate System is an enterprise software system designed tomanage enterprise public key infrastructure deployments. PKI Corecontains fundamental packages required by Red Hat Certificate System, whichcomprise the Certificate Authority subsystem.Note: The Certificate Authority component provided by this advisory cannotbe used as a standalone server. It is installed and operates as a part ofIdentity Management in Red Hat Enterprise Linux.Multiple cross-site scripting flaws were discovered in Certificate System.An attacker could use these flaws to perform a cross-site scripting attack against victims using Certificate System's web interface.This update also fixes the following bugs:* Previously, due to incorrect conversion of large integers whilegenerating a new serial number, some of the most significant bits in theserial number were truncated. Consequently, the serial number generated forcertificates was sometimes smaller than expected and this incorrectconversion in turn led to a collision if a certificate with the smallernumber already existed in the database. This update removes the incorrectinteger conversion so that no serial numbers are truncated. As a result,the installation wizard proceeds as expected. * The certificate authority used a different profile for issuing the auditcertificate than it used for renewing it. The issuing profile was for twoyears, and the renewal was for six months. They should both be for twoyears. This update sets the default and constraint parameters in thecaSignedLogCert.cfg audit certificate renewal profile to two years.This update also adds the following enhancements:* IPA now provides an improved way todetermine that PKI is up and ready to service requests. Checking theservice status was not sufficient. This update creates a mechanism forclients to determine that the PKI subsystem is up using the getStatusfunction to query the cs.startup_state in CS.cfg. * This update increases the default root CA validity period from eightyears to twenty years. All users of pki-core are advised to upgrade to these updated packages,which fix these issues and add these enhancements.

Platform:
Oracle Linux 6
Product:
pki
Reference:
ELSA-2013-0511
CVE-2012-4543
CVE    1
CVE-2012-4543
CPE    2
cpe:/a:pki-core:pki-core
cpe:/o:oracle:linux:6

© SecPod Technologies