pki-core-10.5.1-13.1.el7
エラータID: AXSA:2018-3231:02
リリース日:
2018/06/29 Friday - 16:06
題名:
pki-core-10.5.1-13.1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Dogtag PKI には,ある設定において AAclAuthz.java に問題が
あり,ACL のアプリケーションが allow,deny ルールを逆にしてし
まい,このことにより,権限昇格や,意図しない結果を引き起こす可能性
のある脆弱性があります。(CVE-2018-1080)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-1080
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.
追加情報:
N/A
ダウンロード:
SRPMS
- pki-core-10.5.1-13.1.el7.src.rpm
MD5: df803cf57dbceb77380bddc9951b1cf3
SHA-256: 3ab23a382ce8bb4e3ea66eb73d8385db98db9263c8b8ed293408b8a4790eb8a7
Size: 4.59 MB
Asianux Server 7 for x86_64
- pki-base-10.5.1-13.1.el7.noarch.rpm
MD5: a420d9e0fbe9158a55977602aae47d60
SHA-256: 156e8f36fc92a15a6abe705f64d8ec32ebb207d7814fc2ef732f62871f02bf15
Size: 399.55 kB - pki-base-java-10.5.1-13.1.el7.noarch.rpm
MD5: f23a68213a59dee48fa41e686742aa79
SHA-256: 90180ee21fdc89ec3bafa560e0ad92ff6b806b7ff5d11f1d139fbc2363fdcf82
Size: 1.17 MB - pki-ca-10.5.1-13.1.el7.noarch.rpm
MD5: f69a770bfb6039fdc0c3a3dabfb1155c
SHA-256: d3ad33c30b6ba7ece8259a0e5a851a9633987cdad609836aa40098cee1c749c1
Size: 464.25 kB - pki-kra-10.5.1-13.1.el7.noarch.rpm
MD5: 858002361ec6b40c167720cdd92ffc07
SHA-256: a6839f69bcf6cf39b1267e251c8d50d49cfd3b8de867c5c2524a0228e338155c
Size: 285.21 kB - pki-server-10.5.1-13.1.el7.noarch.rpm
MD5: c60d196203e4a1e6e1b1e19c90d0e825
SHA-256: 30cdd26b17b97a985d3ffae7ec68bd81d6aae03dd06b12b101c09b2a99308dda
Size: 2.84 MB - pki-symkey-10.5.1-13.1.el7.x86_64.rpm
MD5: 13c693a6c9ed3df0174de0600f02dde2
SHA-256: be2c0aed3f4723c0066ecf59fa587de4bb1984e3672d5444cc902c928273a4bf
Size: 144.71 kB - pki-tools-10.5.1-13.1.el7.x86_64.rpm
MD5: 85827f7da5c79892b0ed017b831410f1
SHA-256: a2654c88bbac46267f62a7f70440e53d8a000dd9ee2da0d8301c8bf4edaae3c9
Size: 716.18 kB