[ALSA-2019:1529] Important: pki-deps:10.6 security update
Type:
security
Severity:
important
Release date:
2019-06-18
Description:
The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. Security Fix(es): * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * tomcat: Open redirect in default servlet (CVE-2018-11784) * tomcat: Host name verification missing in WebSocket client (CVE-2018-8034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 python-nss-doc-1.0.1-10.module_el8.5.0+2577+9e95fe00.alma.aarch64.rpm 61a26ea1c27f1ca3c6032b2f56d4060152e3e73a6ccb07181913a7ad380bad27
aarch64 python3-nss-1.0.1-10.module_el8.5.0+2577+9e95fe00.alma.aarch64.rpm ae60fc0416f6002b600d429d0ec5f54876e7a259bd5ba480de5886d03b28e23d
noarch xmlstreambuffer-1.5.4-8.module_el8.5.0+2577+9e95fe00.noarch.rpm 05648f42fce41f399dfe350b66a8b0e8f403b21ba77f3288ec612c6f7575b5ca
noarch glassfish-fastinfoset-1.2.13-9.module_el8.5.0+150+5f0dbea0.noarch.rpm 0e0b6d0f9e207aa9058915bd93e8b323eac9d6e201a0c5e27f08ea346484b236
noarch jakarta-commons-httpclient-3.1-28.module_el8.5.0+2577+9e95fe00.noarch.rpm 10bd8b35a7627089633a2b991411dbde04fc44bce205e99a070803b525ac27a8
noarch javassist-3.18.1-8.module_el8.5.0+150+5f0dbea0.noarch.rpm 11b781188a17f0b07d390b6ce48e64925091577135ed6a2c3d0469823013291f
noarch xalan-j2-2.7.1-38.module_el8.5.0+150+5f0dbea0.noarch.rpm 15085c202a11c2802e08b4453b95f2992aa6719c11c734307ecd54bd0cd82eab
noarch glassfish-jaxb-txw2-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm 2848d3bd316ed4f5b46594f90449eabc1abed5974ccfd003173c4d22dbb62589
noarch slf4j-1.7.25-4.module_el8.6.0+2752+f1f3449e.noarch.rpm 292e8ea233b72dd09de80498503fb693f33e3c296ba8a00d7b43a587e6561dbd
noarch velocity-1.7-24.module_el8.5.0+150+5f0dbea0.noarch.rpm 306a57bd339701bc4d3ed57b17b7f9f1d20df9109d22b5d6f91f46caa5668e5d
noarch relaxngDatatype-2011.1-7.module_el8.5.0+2577+9e95fe00.noarch.rpm 33ef1dca728f64a392ffadafb9a0ca9d0b5d6ac4e6482b99206cda2c92c97d12
noarch apache-commons-collections-3.2.2-10.module_el8.5.0+2577+9e95fe00.noarch.rpm 3cfda9d7dd99102c7b29705a732b41950cf92f90078f7555fc253989bc0782a0
noarch javassist-3.18.1-8.module_el8.5.0+2577+9e95fe00.noarch.rpm 432ef2e90a105aa946ad452af5ad9f13004ac3a8ab7647254cad7a4dbd433554
noarch xml-commons-resolver-1.2-26.module_el8.5.0+2577+9e95fe00.noarch.rpm 4649adc067659e2a6078eb08f1686d9cbc2a8810277009d801b256853d83186b
noarch xerces-j2-2.11.0-34.module_el8.5.0+150+5f0dbea0.noarch.rpm 534a20e408d0dfc6c783782c10a39f8d55a5e6c98cfe056765725d57fd4e0855
noarch xerces-j2-2.11.0-34.module_el8.5.0+2577+9e95fe00.noarch.rpm 553918f29e8ed7083f15f8f6b1630abb1d99dd32197a81f8aa15f6bedb2b30f4
noarch velocity-1.7-24.module_el8.5.0+2577+9e95fe00.noarch.rpm 5a6eee4a0135a0538b924361376c7a22936d4c43dec3defb83eed5b3bb1e2897
noarch xalan-j2-2.7.1-38.module_el8.5.0+2577+9e95fe00.noarch.rpm 5e01e9a7a21bd38e4949ec1366498734538cdb68e247e8d88bdaf0ef50802941
noarch bea-stax-api-1.2.0-16.module_el8.5.0+150+5f0dbea0.noarch.rpm 5ee5b9250a21e4ddf394baec222e5303d6cfdf36a64d15b507653c99db34873d
noarch slf4j-jdk14-1.7.25-4.module_el8.5.0+2577+9e95fe00.noarch.rpm 5f436c322a1b3aad14621f8b6e6bec715184284b492c3ff60591f0d8bec3ffde
noarch xml-commons-apis-1.4.01-25.module_el8.5.0+150+5f0dbea0.noarch.rpm 6776726a047a53927b34c7b4e89ca4c61ff08afc198c8e333061b3489c3df7b7
noarch bea-stax-api-1.2.0-16.module_el8.5.0+2577+9e95fe00.noarch.rpm 6d944b415c59e5519365c59135ffef18839255c479277d2701d01e0500192256
noarch apache-commons-lang-2.6-21.module_el8.5.0+150+5f0dbea0.noarch.rpm 730da97196a993a845fff47ea2be1ad2fa6a6079731fd51f05595d3e1c287c64
noarch apache-commons-collections-3.2.2-10.module_el8.5.0+150+5f0dbea0.noarch.rpm 7797cf060a401e1aba2edafbba15236996476f4aabf6df1197e65fe79ac6e59d
noarch relaxngDatatype-2011.1-7.module_el8.5.0+150+5f0dbea0.noarch.rpm 7df05c4874a55653215324a52215f0365c7ad8674fa01e42a70dbf05c78a7195
noarch glassfish-jaxb-core-2.2.11-11.module_el8.5.0+150+5f0dbea0.noarch.rpm 85278d928846791316b99f1f9f39695887f07ac248890f036e5af3cbb549c90d
noarch slf4j-jdk14-1.7.25-4.module_el8.5.0+150+5f0dbea0.noarch.rpm 864a517edf37e7c68a6113b9f4ec9306011a57e43f7a955f37170a4e694db4e6
noarch jackson-module-jaxb-annotations-2.7.6-4.module_el8.5.0+150+5f0dbea0.noarch.rpm 86bf35f20f9dd78202249471076ae0ef4b8178fc6a053f20079a332ad6f7c20d
noarch xml-commons-apis-1.4.01-25.module_el8.5.0+2577+9e95fe00.noarch.rpm 8b391528f92eddaaf0a0dc3f634718c438659c3f97dd0d7d7131ce9d8090be64
noarch stax-ex-1.7.7-8.module_el8.5.0+150+5f0dbea0.noarch.rpm 90cf5539e0d4055abf9b0d022c8c10f05ba1068215b360c1085bde6f066f77ac
noarch glassfish-jaxb-runtime-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm 9686df16e5d697e4060189f8f12487883b69cacdf0f54670b6725b396f4c8262
noarch xmlstreambuffer-1.5.4-8.module_el8.5.0+150+5f0dbea0.noarch.rpm a4a2c3ac1e4bb527ca0ada056fc623ddd1c7d5528ccfbc8eea66fd80e7d93cb3
noarch xsom-0-19.20110809svn.module_el8.5.0+150+5f0dbea0.noarch.rpm a6ecf9159851d8c112066952ee806efcf6945141d7ffac8556c49ff4f838a4d0
noarch glassfish-fastinfoset-1.2.13-9.module_el8.5.0+2577+9e95fe00.noarch.rpm b5cab09d52a8dc6754f3b7bc81d80d8dc4478417ca882c36785c2cc6a9253ce3
noarch glassfish-jaxb-runtime-2.2.11-11.module_el8.5.0+150+5f0dbea0.noarch.rpm b6c54a0ba8f80050a0d0f6f15c6e50441218459e65eceaf11965703f78f4d42c
noarch glassfish-jaxb-api-2.2.12-8.module_el8.5.0+2577+9e95fe00.noarch.rpm beb7a887367ef8539a8eb20d5a62e1351577f84cc665b8f955d2cf96b5780024
noarch slf4j-1.7.25-4.module_el8.5.0+2577+9e95fe00.noarch.rpm c109b72a68915ed0cf53730c115d81ce088f19ac2582206dff3642c5076b3f17
noarch apache-commons-lang-2.6-21.module_el8.5.0+2577+9e95fe00.noarch.rpm c1cbb22cc5abd53350cd3fd27187e0c988d3872f91ec160039b3ad02565d2b50
noarch xml-commons-resolver-1.2-26.module_el8.5.0+150+5f0dbea0.noarch.rpm ca4eca1d74c226ffc0a680bc5b32b0f00b1d7daae7f19582aeed0e76d0e20225
noarch javassist-javadoc-3.18.1-8.module_el8.5.0+2577+9e95fe00.noarch.rpm d07761752107a818daea7ef556c2681fd35efa739687f7942f851ffc835dedb1
noarch xsom-0-19.20110809svn.module_el8.5.0+2577+9e95fe00.noarch.rpm d373cee4cbd659168ea847d6d2d6429859b6d8c9c41877d6d25a93b30cc2362a
noarch jakarta-commons-httpclient-3.1-28.module_el8.5.0+150+5f0dbea0.noarch.rpm d3f4e54527cdd71bea9b76f2c81c731c4d8a427d45e206e04cfaf967ae9a9fa9
noarch glassfish-jaxb-api-2.2.12-8.module_el8.5.0+150+5f0dbea0.noarch.rpm dc1c3935eb23eabee759ca26ee60b02f498ca9083d0e24fc3fd0f767dcbf3e8b
noarch stax-ex-1.7.7-8.module_el8.5.0+2577+9e95fe00.noarch.rpm df93c43fcc001714d329e6035685b00548226c69384543a54f57a08a53a4fdd2
noarch glassfish-jaxb-txw2-2.2.11-11.module_el8.5.0+150+5f0dbea0.noarch.rpm ed5a8960c76c164c119a7e2e62c005a6b672d249b5affa85c25f62bd3db8b63d
noarch javassist-javadoc-3.18.1-8.module_el8.5.0+150+5f0dbea0.noarch.rpm ef482473fca00f95cfe02e1057056e98e87908cb07aed0e28d505b5cd99b91c7
noarch glassfish-jaxb-core-2.2.11-11.module_el8.5.0+2577+9e95fe00.noarch.rpm f3a8585e28b69dd773b7d7ab4f83781e36e963bb23aeb03ffcbdb34b1e1cd9bb
noarch jackson-module-jaxb-annotations-2.7.6-4.module_el8.5.0+2577+9e95fe00.noarch.rpm fb515d40cac152aad1609b30a1c9d0055f7c1bb842273f558573965a13fed76d
ppc64le python-nss-doc-1.0.1-10.module_el8.5.0+150+5f0dbea0.alma.ppc64le.rpm 03edf785b6a7fde48ad82738b7b919a2682d2ab600a3cf32da8c2d32ee514d88
ppc64le python3-nss-1.0.1-10.module_el8.5.0+150+5f0dbea0.alma.ppc64le.rpm 2d52840b92786dc299c9aab9593858a469f292ddce0f558c0b1f752cf1f1bf3f
x86_64 python3-nss-1.0.1-10.module_el8.5.0+2577+9e95fe00.alma.x86_64.rpm c715d300c489d952c2abd192c47eb696c0ed6b286bb55883fecbf1d07f96a412
x86_64 python-nss-doc-1.0.1-10.module_el8.5.0+2577+9e95fe00.alma.x86_64.rpm f77a753add8d4d4cc9e8393982a0c220fd0ea5b7b2247e5f2c1399f723202eb0
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.