pki-core:10.6 security update

エラータID: AXSA:2021-2369:01

Release date: 
Tuesday, August 17, 2021 - 09:06
Subject: 
pki-core:10.6 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Asianux Certificate System.

Security Fix(es):

* pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file (CVE-2021-3551)

The PKI installer "pkispawn" logs admin credentials into a
world-readable log file. It also looks like the installer is passing the
password as an insecure command line argument. The credentials are the
389-DS LDAP server's Directory Manager credentials. The Directory
Manager is 389-DS' equivalent of unrestricted root account. The user
bypasses permission checks and grants full access to data. In an IdM /
FreeIPA installation the DM user is able to read and manipulate Kerberos
KDC master password, Kerberos keytabs, hashed user passwords, and more.
Any and all IdM and FreeIPA installations with PKI 10.10 should be
considered compromised.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-3551
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Modularity name: pki-core
Stream name: 10.6

Solution: 

Update packages.

CVEs: 
CVE-2021-3551
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. jss-4.8.1-2.module+el8+1299+6111f324.src.rpm
    MD5: d0ba73bc42ec4e13cccc18f00d6edfb9
    SHA-256: 588e84530525faf289aa926b45e85956ae1215da7caa43e769af84371716301b
    Size: 0.97 MB
  2. ldapjdk-4.22.0-1.module+el8+1299+6111f324.src.rpm
    MD5: a9b49a7fd7c55937a1be20b1942bcc17
    SHA-256: 2f96ba6a3aaaeeb4e263bdcee008d925cad72176305b7093e2e545b6269f4194
    Size: 2.83 MB
  3. pki-core-10.10.5-3.module+el8+1299+6111f324.src.rpm
    MD5: 0b76dfc9ca9f2f66f21e153786f7fe4d
    SHA-256: 9b5551518f1169cadc70290035c12c001e515ed4c5b99d406fd6f9b004be60ea
    Size: 10.74 MB
  4. tomcatjss-7.6.1-1.module+el8+1299+6111f324.src.rpm
    MD5: fa1e9bfc46cb80d9c648d37edc8643fa
    SHA-256: 54e505620edb0d89f6d4c990700686a8c4a979d81e79a5d6daae08e30032d061
    Size: 38.07 kB

Asianux Server 8 for x86_64
  1. jss-4.8.1-2.module+el8+1299+6111f324.x86_64.rpm
    MD5: 6f8f2fcdc34d4b97ed6f92dffe062634
    SHA-256: 0bfbeb386e6cd701d08963cd243f1339262031dcdf2cf2c03e570ae807c215de
    Size: 1.18 MB
  2. jss-debugsource-4.8.1-2.module+el8+1299+6111f324.x86_64.rpm
    MD5: 9f9449323b716847719ed3729fc0b09a
    SHA-256: 2f2cbadc9f91a40ec0be46eefcbdd4a684780704ad4e1659b830616932307257
    Size: 141.41 kB
  3. jss-javadoc-4.8.1-2.module+el8+1299+6111f324.x86_64.rpm
    MD5: 740ba4eebd2a08f479a7c65beb7b5683
    SHA-256: 49ae041c3a09849aa9f08263373fea1a92d3e9e1d32a962b5b4b1245c0ae6e96
    Size: 0.99 MB
  4. ldapjdk-4.22.0-1.module+el8+1299+6111f324.noarch.rpm
    MD5: 79969ffc46bbd78b85609adfec077841
    SHA-256: 7a1c43a365588ad6a54210ac141805e387c85a377400261711b253e56d42d727
    Size: 321.65 kB
  5. ldapjdk-javadoc-4.22.0-1.module+el8+1299+6111f324.noarch.rpm
    MD5: 3228b9e29261ebe8544fd0447890462f
    SHA-256: 9a253ced0c28113459bba0f1cd0db86788bac983b32a64ed52ed86f1bd63dd3f
    Size: 48.79 kB
  6. pki-acme-10.10.5-3.module+el8+1299+6111f324.noarch.rpm
    MD5: e16dbb2bb1b058e6f2622c54c13164e1
    SHA-256: 0275c338f11034180a76cc97aec58e4b846ab759cd57dd6aaabc7be8a3c9dca5
    Size: 0.98 MB
  7. pki-base-10.10.5-3.module+el8+1299+6111f324.noarch.rpm
    MD5: 200822e3e7bf6f5718c2b6bbe58fe479
    SHA-256: 9d725bc31a7eda228a2f8ea065c25eb38a38db135371060af69cee614d464ca5
    Size: 294.03 kB
  8. pki-base-java-10.10.5-3.module+el8+1299+6111f324.noarch.rpm
    MD5: d82b91f6f8c3b30fd361664063ea6abf
    SHA-256: 8314ab697cb7c8a2b3f66e4bb82cf74fd21001b78e6bd20eb6db205034d6205e
    Size: 668.89 kB
  9. pki-ca-10.10.5-3.module+el8+1299+6111f324.noarch.rpm
    MD5: 6e2a0a2b1a2811bd617391aa03f3c19d
    SHA-256: 4a6bfb108ce32fedf383757c1468eb488aec35cf9f9c6f77e6199b257ff83292
    Size: 1.03 MB
  10. pki-core-debugsource-10.10.5-3.module+el8+1299+6111f324.x86_64.rpm
    MD5: 9bd12ca66693e767f0d8928c85351a53
    SHA-256: 63be78a134133ed9dff1ce8a728d58fcf52f4af94515cb5b90a76022aa59e1ca
    Size: 138.94 kB
  11. pki-kra-10.10.5-3.module+el8+1299+6111f324.noarch.rpm
    MD5: 6291eee047fc444c69141bd4aadb5919
    SHA-256: ae2315d987141b3ae5dd410a82507856517eacb4c1a4cb18a4aaa4c7e31306b1
    Size: 202.19 kB
  12. pki-server-10.10.5-3.module+el8+1299+6111f324.noarch.rpm
    MD5: 7e11b6fa6d984cdc4492c36b17880d1b
    SHA-256: f626dddc789e73aa9dd0ff8843ed6c5f74fe9fe6117d945badc98ddbf800a393
    Size: 2.96 MB
  13. pki-symkey-10.10.5-3.module+el8+1299+6111f324.x86_64.rpm
    MD5: 28cf7b332159b014e55f090f3bf72ca4
    SHA-256: 74705af78521c660d85dc3361fdd4065001a9d2c193ad5cf98d922fd19b6e44e
    Size: 55.39 kB
  14. pki-tools-10.10.5-3.module+el8+1299+6111f324.x86_64.rpm
    MD5: 2a3c91670414ee484bc80f2a5dcbb697
    SHA-256: e9de2d6089d2017a73cfc13bdb2b19ca149a239d73d547746edf7d3e25be98f2
    Size: 744.47 kB
  15. python3-pki-10.10.5-3.module+el8+1299+6111f324.noarch.rpm
    MD5: bf9480fd7f4326b6d8822903aff4f6c2
    SHA-256: a1897240a78aaeb9df95bc01042db41b74b1f218e241502d0429e8f3005a0554
    Size: 163.89 kB
  16. tomcatjss-7.6.1-1.module+el8+1299+6111f324.noarch.rpm
    MD5: d32cb80642812aae5e426ace47530c0d
    SHA-256: 264b445dc4b41606c10f0707a2f8715d271354c2ecee73e99567876aa35c5dfe
    Size: 37.84 kB