pki-core:10.6 security, bug fix, and enhancement update

エラータID: AXSA:2021-1597:01

Release date: 
Friday, March 19, 2021 - 10:09
Subject: 
pki-core:10.6 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The Public Key Infrastructure (PKI) Core contains fundamental packages required
by Asianux Certificate System.

Security Fix(es):

* jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)

* bootstrap: XSS in the data-target attribute (CVE-2016-10735)

* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
(CVE-2018-14040)

* bootstrap: Cross-site Scripting (XSS) in the data-container property of
tooltip (CVE-2018-14042)

* bootstrap: XSS in the tooltip or popover data-template attribute
(CVE-2019-8331)

* jquery: Prototype pollution in object's prototype leading to denial of
service, remote code execution, or property injection (CVE-2019-11358)

* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
(CVE-2020-11022)

* jquery: Passing HTML containing elements to manipulation methods could
result in untrusted code execution (CVE-2020-11023)

* pki: Dogtag's python client does not validate certificates (CVE-2020-15720)

* pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page
(CVE-2019-10146)

* pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM
agent page in authorize recovery tab (CVE-2019-10179)

* pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)

* pki-core: KRA vulnerable to reflected XSS via the getPk12 page
(CVE-2020-1721)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2015-9251
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a
cross-domain Ajax request is performed without the dataType option, causing
text/javascript responses to be executed.
CVE-2016-10735
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible
in the data-target attribute, a different vulnerability than CVE-2018-14041.
CVE-2018-14040
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent
attribute.
CVE-2018-14042
In Bootstrap before 4.1.2, XSS is possible in the data-container property of
tooltip.
CVE-2019-10146
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions
module from the pki-core server due to the CA Agent Service not properly
sanitizing the certificate request page. An attacker could inject a specially
crafted value that will be executed on the victim's browser.
CVE-2019-10179
A vulnerability was found in all pki-core 10.x.x versions, where the Key
Recovery Authority (KRA) Agent Service did not properly sanitize recovery
request search page, enabling a Reflected Cross Site Scripting (XSS)
vulnerability. An attacker could trick an authenticated victim into executing
specially crafted Javascript code.
CVE-2019-10221
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x
versions, where the pki-ca module from the pki-core server. This flaw is caused
by missing sanitization of the GET URL parameters. An attacker could abuse this
flaw to trick an authenticated user into clicking a specially crafted link which
can execute arbitrary code when viewed in a browser.
CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products,
mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution.
If an unsanitized source object contained an enumerable __proto__ property, it
could extend the native Object.prototype.
CVE-2019-8331
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip
or popover data-template attribute.
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML
from untrusted sources - even after sanitizing it - to one of jQuery's DOM
manipulation methods (i.e. .html(), .append(), and others) may execute untrusted
code. This problem is patched in jQuery 3.5.0.
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML
containing elements from untrusted sources - even after sanitizing it -
to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and
others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-15720
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable
python-requests certificate validation. Since the verify parameter was
hard-coded in all request functions, it was not possible to override the
setting. As a result, tools making use of this class, such as the pki-server
command, may have been vulnerable to Person-in-the-Middle attacks in certain
non-localhost use cases. This is fixed in 10.9.0-b1.
CVE-2020-1721
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.

Modularity name: pki-core
Stream name: 10.6

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. jss-4.7.3-1.0.1.module+el8+1224+abd63044.src.rpm
    MD5: 1217fac186b0d202979a7614ccd6b3dd
    SHA-256: a3401f73bb8a9e1b5bb1454832d964283d470aa974cfbb2ad4444724f4a0a77c
    Size: 0.96 MB
  2. ldapjdk-4.22.0-1.module+el8+1224+abd63044.src.rpm
    MD5: 8299e67496b3080dae416fe450eceec8
    SHA-256: 5f4d66e32b7131d763f15c38a1eb35653a3d16bf0d80c3fb041a073ae48b65ca
    Size: 2.83 MB
  3. pki-core-10.9.4-1.module+el8+1224+abd63044.src.rpm
    MD5: 5e1b955402b05a14031caa40de0c6780
    SHA-256: 2d9d1946fb852d00a7ee4c822780074893a312e8bd46f53dd678fd90d1ccbe7d
    Size: 9.75 MB
  4. tomcatjss-7.5.0-1.module+el8+1224+abd63044.src.rpm
    MD5: 0924b971ffdfc53b6f43108e11470e09
    SHA-256: 973254a4e4b4d0f59dff8bac206a9a72ccc109270975a003d895e17fbc96a40d
    Size: 48.67 kB

Asianux Server 8 for x86_64
  1. jss-4.7.3-1.0.1.module+el8+1224+abd63044.x86_64.rpm
    MD5: 6b6d297a7148117903e6490b6bc0453d
    SHA-256: f5f030b1b6c4f73187a23fee2c9f882575936678d5ccfc1c1754b2226f9c4565
    Size: 1.17 MB
  2. jss-debugsource-4.7.3-1.0.1.module+el8+1224+abd63044.x86_64.rpm
    MD5: 30aae239adf09bd554023942f12bbe3a
    SHA-256: 2af79ba3ff76a3beef491e04aa14bac4b1dc08dcf1ebee66c2532ce7c3f98a63
    Size: 139.51 kB
  3. jss-javadoc-4.7.3-1.0.1.module+el8+1224+abd63044.x86_64.rpm
    MD5: 213e7bbd40dc069b10ca4039562ff7e3
    SHA-256: c2026a070a84623578da96a33a7722dc2374b5f93668581c12628c647e0de9ce
    Size: 0.99 MB
  4. ldapjdk-4.22.0-1.module+el8+1224+abd63044.noarch.rpm
    MD5: 293b5de4cd7e6e097ebbb42a51347756
    SHA-256: 36c4652f325cf9fc42e7cf6d1a910fd917d4e41ec39c88d5688b63c8c7582c00
    Size: 321.62 kB
  5. ldapjdk-javadoc-4.22.0-1.module+el8+1224+abd63044.noarch.rpm
    MD5: 067e0cdabfd4143d1fed9d3b229299e3
    SHA-256: 2341f44be8d41e990d03ac898a0cfd427c3fbfce25d4e4eb1d0ad6d049ddd209
    Size: 48.78 kB
  6. pki-base-10.9.4-1.module+el8+1224+abd63044.noarch.rpm
    MD5: c09acef253098aa9032e01514d300f7c
    SHA-256: c991f6195af79eb00d89d5ab7fd4d50494eeb35d4579061dd5d5c5367d56380c
    Size: 292.23 kB
  7. pki-base-java-10.9.4-1.module+el8+1224+abd63044.noarch.rpm
    MD5: adf38f8b2f1bdf400fffc809b993d060
    SHA-256: 5d68ce01621e899f9f97600a3590def536440c8ed09f3991e0407244bbe9afa2
    Size: 696.74 kB
  8. pki-ca-10.9.4-1.module+el8+1224+abd63044.noarch.rpm
    MD5: 28deafef9724b09d323d28fe69794bf3
    SHA-256: 3572ad92c21bd9b26eea1cfd89dab0651a616fa87823c21ee78a049f32eefcb1
    Size: 574.01 kB
  9. pki-core-debugsource-10.9.4-1.module+el8+1224+abd63044.x86_64.rpm
    MD5: 3e2a568eb457468d2a258a286c571838
    SHA-256: 383c93c6b9deef142eb5f59bc20030e9596a234badb13e3d2c63560078f56f17
    Size: 361.43 kB
  10. pki-kra-10.9.4-1.module+el8+1224+abd63044.noarch.rpm
    MD5: de9f59b52df30f922b977145011f0cbb
    SHA-256: 8c4fb7ef9a2c09061a518830b59044628c8d816bdb0433a0928f45fc0c1f0dd7
    Size: 199.07 kB
  11. pki-server-10.9.4-1.module+el8+1224+abd63044.noarch.rpm
    MD5: 678f5ab23a40890cc0633f5d60bd2f10
    SHA-256: 37f6646761041ec62fe3d474a747685df3566f4d7ac9428eb93339ff16001785
    Size: 3.46 MB
  12. pki-symkey-10.9.4-1.module+el8+1224+abd63044.x86_64.rpm
    MD5: 6d17be4faceb3bd97f2c4546cde4b5dc
    SHA-256: a8466dc3f3a00cc7036d037c582e9a0e32c4815ba19a7e1b392a042eaef49076
    Size: 53.12 kB
  13. pki-tools-10.9.4-1.module+el8+1224+abd63044.x86_64.rpm
    MD5: 605f2505ea159d77ed47d43d9cc56a6e
    SHA-256: da37d21a5236f8fdfee2413391d266456aade02105af81af5dad43587d8384bf
    Size: 731.51 kB
  14. python3-pki-10.9.4-1.module+el8+1224+abd63044.noarch.rpm
    MD5: f10e899e3af9339bc0e47f795d000f1c
    SHA-256: bb48b781ab69a784c27396b13fca00cee7953c45d884a8d210b8066411b47536
    Size: 161.78 kB
  15. tomcatjss-7.5.0-1.module+el8+1224+abd63044.noarch.rpm
    MD5: c54f50a5a17e5ffdcf3d57b93d80f172
    SHA-256: 7359d5c707ba90ae5e0681072d88598870a41bf68df5c944ce43e690f482cd07
    Size: 41.86 kB