ALSA-2020:4847

[ALSA-2020:4847] Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2020-11-03

Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System.

Security Fix(es):

* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)

* bootstrap: XSS in the data-target attribute (CVE-2016-10735)

* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)

* bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)

* bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)

* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)

* jquery: Passing HTML containing  elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)

* pki: Dogtag's python client does not validate certificates (CVE-2020-15720)

* pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)

* pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179)

* pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)

* pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages:

apache-commons-collections-3.2.2-10.module_el8.3.0+2058+6bf11631.noarch.rpm
apache-commons-lang-2.6-21.module_el8.3.0+2058+6bf11631.noarch.rpm
apache-commons-net-3.6-3.module_el8.3.0+2058+6bf11631.noarch.rpm
bea-stax-api-1.2.0-16.module_el8.3.0+2058+6bf11631.noarch.rpm
glassfish-fastinfoset-1.2.13-9.module_el8.3.0+2058+6bf11631.noarch.rpm
glassfish-jaxb-api-2.2.12-8.module_el8.3.0+2058+6bf11631.noarch.rpm
glassfish-jaxb-core-2.2.11-11.module_el8.3.0+2058+6bf11631.noarch.rpm
glassfish-jaxb-runtime-2.2.11-11.module_el8.3.0+2058+6bf11631.noarch.rpm
glassfish-jaxb-txw2-2.2.11-11.module_el8.3.0+2058+6bf11631.noarch.rpm
jackson-annotations-2.10.0-1.module_el8.3.0+2058+6bf11631.noarch.rpm
jackson-core-2.10.0-1.module_el8.3.0+2058+6bf11631.noarch.rpm
jackson-databind-2.10.0-1.module_el8.3.0+2058+6bf11631.noarch.rpm
jackson-jaxrs-json-provider-2.9.9-1.module_el8.3.0+2058+6bf11631.noarch.rpm
jackson-jaxrs-providers-2.9.9-1.module_el8.3.0+2058+6bf11631.noarch.rpm
jackson-module-jaxb-annotations-2.7.6-4.module_el8.3.0+2058+6bf11631.noarch.rpm
jakarta-commons-httpclient-3.1-28.module_el8.3.0+2058+6bf11631.noarch.rpm
javassist-3.18.1-8.module_el8.3.0+2058+6bf11631.noarch.rpm
javassist-javadoc-3.18.1-8.module_el8.3.0+2058+6bf11631.noarch.rpm
pki-servlet-4.0-api-9.0.30-1.module_el8.3.0+2058+6bf11631.noarch.rpm
pki-servlet-engine-9.0.30-1.module_el8.3.0+2058+6bf11631.noarch.rpm
python-nss-doc-1.0.1-10.module_el8.3.0+2058+6bf11631.x86_64.rpm
python3-nss-1.0.1-10.module_el8.3.0+2058+6bf11631.x86_64.rpm
relaxngDatatype-2011.1-7.module_el8.3.0+2058+6bf11631.noarch.rpm
resteasy-3.0.26-3.module_el8.3.0+2058+6bf11631.noarch.rpm
slf4j-1.7.25-4.module_el8.3.0+2058+6bf11631.noarch.rpm
slf4j-jdk14-1.7.25-4.module_el8.3.0+2058+6bf11631.noarch.rpm
stax-ex-1.7.7-8.module_el8.3.0+2058+6bf11631.noarch.rpm
velocity-1.7-24.module_el8.3.0+2058+6bf11631.noarch.rpm
xalan-j2-2.7.1-38.module_el8.3.0+2058+6bf11631.noarch.rpm
xerces-j2-2.11.0-34.module_el8.3.0+2058+6bf11631.noarch.rpm
xml-commons-apis-1.4.01-25.module_el8.3.0+2058+6bf11631.noarch.rpm
xml-commons-resolver-1.2-26.module_el8.3.0+2058+6bf11631.noarch.rpm
xmlstreambuffer-1.5.4-8.module_el8.3.0+2058+6bf11631.noarch.rpm
xsom-0-19.20110809svn.module_el8.3.0+2058+6bf11631.noarch.rpm

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.