pki-core:10.6 security, bug fix, and enhancement update

エラータID: AXSA:2021-2287:01

Release date: 
Wednesday, August 4, 2021 - 12:06
Subject: 
pki-core:10.6 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The Public Key Infrastructure (PKI) Core contains fundamental packages required by MIRACLE LINUX Certificate System.

Security Fix(es):

* resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2020-1695
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

Modularity name: pki-core
Stream name: 10.6

Solution: 

Update packages.

CVEs: 
CVE-2020-1695
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
Additional Info: 

N/A

Download: 

SRPMS
  1. jss-4.8.1-2.module+el8+1267+663a60c8.src.rpm
    MD5: f721c679146581bb542a060dacfa7263
    SHA-256: a1db3a289ce3606b4d325c19689726f6e5bba0fd213580c03237d87558e40e87
    Size: 0.97 MB
  2. ldapjdk-4.22.0-1.module+el8+1267+663a60c8.src.rpm
    MD5: 61280d298a809725d66836ed6112e00b
    SHA-256: 1c3c40b02eba290719b41ffab76526f478eb776bddcdc803e6663be554d3eb25
    Size: 2.83 MB
  3. pki-core-10.10.5-2.module+el8+1267+663a60c8.src.rpm
    MD5: f7b089ad6144cf2098ab5ade56ce0039
    SHA-256: ec9020c54a09fe598a7c9c16204a81dbf5c2ef03fe48401f92071ea32ad2e369
    Size: 10.74 MB
  4. tomcatjss-7.6.1-1.module+el8+1267+663a60c8.src.rpm
    MD5: a12c14d0d630ff38f4e6f2ab0309ca9d
    SHA-256: 51a077f5fefef13ade32c27edfe215a3b57111ca60dff7f2bc81bcfce7823641
    Size: 38.07 kB

Asianux Server 8 for x86_64
  1. jss-4.8.1-2.module+el8+1267+663a60c8.x86_64.rpm
    MD5: de0fdc6c4425b141991aad8e0e4ba9bc
    SHA-256: 1a052d28dae73ae14cd0b012a9c16816b5d032837fdf26fa47a751a789855c08
    Size: 1.18 MB
  2. jss-debugsource-4.8.1-2.module+el8+1267+663a60c8.x86_64.rpm
    MD5: 7469738cc4be02cc0fa2208e578411f1
    SHA-256: 4d24426332c9142c4f0e38e6b128db3184b9ba3a2b185c6b48bb85b62e209725
    Size: 141.41 kB
  3. jss-javadoc-4.8.1-2.module+el8+1267+663a60c8.x86_64.rpm
    MD5: b755aa1e7dba2f1c5b20d27c877c7b67
    SHA-256: a279422f2e48b7aba77203ba73bd1230d82b5a4ecf9bce51d3c7a965cdca3b33
    Size: 0.99 MB
  4. ldapjdk-4.22.0-1.module+el8+1267+663a60c8.noarch.rpm
    MD5: 059b7f6b31fb6fc3b7c11f6bfe6c84da
    SHA-256: 90fc2d714910a9069bbc9f5188170379cca191a89c8c3683266a78786f76f444
    Size: 321.64 kB
  5. ldapjdk-javadoc-4.22.0-1.module+el8+1267+663a60c8.noarch.rpm
    MD5: 717de6d1a5b3c5685ed1fc93d3b8c4e6
    SHA-256: 15d8e58afbd87c3b21f1ba358a4466cee8bf1851431dcef4db840ddc83ec0f77
    Size: 48.79 kB
  6. pki-acme-10.10.5-2.module+el8+1267+663a60c8.noarch.rpm
    MD5: a800d02fcd1be7e0523fa3a7582f3ac2
    SHA-256: 8f6c6894077cd436d8745ce6fda63aab07499cf3341fab153b54cea3b4094b97
    Size: 0.98 MB
  7. pki-base-10.10.5-2.module+el8+1267+663a60c8.noarch.rpm
    MD5: dcded20bcd18c4828d1c1f071ba8db68
    SHA-256: 10db7296ceb1a4f60c3368be6084486814ed23efd084add41746b42c73f04559
    Size: 293.89 kB
  8. pki-base-java-10.10.5-2.module+el8+1267+663a60c8.noarch.rpm
    MD5: 7fbebd3b853cc204330dbb6051300ee2
    SHA-256: d5451cdda0fab036d738afebb8055951c2f11732a56473de1423d3959d0a8cab
    Size: 668.70 kB
  9. pki-ca-10.10.5-2.module+el8+1267+663a60c8.noarch.rpm
    MD5: 96a5a3e7fc91340b6722b22fce1f6773
    SHA-256: 6a480ca40ff8a2a4787245b7326875d19eb124ff29053e209febe768da673f2b
    Size: 1.03 MB
  10. pki-core-debugsource-10.10.5-2.module+el8+1267+663a60c8.x86_64.rpm
    MD5: 35794dfd928db54ee608b024927f18b9
    SHA-256: 8b1e51cb82352106498e046a7cf86805c056e3dc58d0f563a5afee7b3e66d3e7
    Size: 138.81 kB
  11. pki-kra-10.10.5-2.module+el8+1267+663a60c8.noarch.rpm
    MD5: 625c0a4d5bf3711bd08499e33fb0c6e3
    SHA-256: 596f492227412676c68591f85de453a5e449642dfef10b93750f4e7a73cd4abf
    Size: 202.05 kB
  12. pki-server-10.10.5-2.module+el8+1267+663a60c8.noarch.rpm
    MD5: 1f78b9a8cbf5dd909efa46c07f974c52
    SHA-256: 28e531bdee6406d96c309ceb8bac6a7fd9e9fb9ef9d270c045b9568d3e69c9cd
    Size: 2.96 MB
  13. pki-symkey-10.10.5-2.module+el8+1267+663a60c8.x86_64.rpm
    MD5: d014ea7e4bfd28d6a7cd9c398a15b291
    SHA-256: 856268a2b143506955342cbd92e6e8236fbffbb9b395ca5809db8b4401665681
    Size: 55.28 kB
  14. pki-tools-10.10.5-2.module+el8+1267+663a60c8.x86_64.rpm
    MD5: 9a9847b8a49b45d9c65d414ed412b5ad
    SHA-256: 9cb2dfb6701513db6b52c0f6b787c8cf8ac49a7a98c7377cb6dccd180daa3b6f
    Size: 744.39 kB
  15. python3-pki-10.10.5-2.module+el8+1267+663a60c8.noarch.rpm
    MD5: a1e6c40a3c10cee747284c8ac185af9f
    SHA-256: 5e267b644fb28e5152ca890d4c56f0bb0e38c7197804482cbf9d1e294a0006aa
    Size: 163.74 kB
  16. tomcatjss-7.6.1-1.module+el8+1267+663a60c8.noarch.rpm
    MD5: 0eaf38f911816f2fc5517f3c2eb9b434
    SHA-256: ae68724dec95370164e9c9c022fe461863e0f1109da4cc8f77bbbdee2a0395b8
    Size: 37.84 kB