Exploit the possiblities

Red Hat Security Advisory 2017-2560-01

Red Hat Security Advisory 2017-2560-01
Posted Aug 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2560-01 - Red Hat Certificate System is a complete implementation of an enterprise software system designed to manage enterprise public key infrastructure deployments. Security Fix: An input validation error was found in Red Hat Certificate System's handling of client provided certificates. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-7509
MD5 | b816d0caa11fd2b02380353cae9bf22a

Red Hat Security Advisory 2017-2560-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Certificate System 8 security, bug fix, and enhancement update
Advisory ID: RHSA-2017:2560-01
Product: Red Hat Certificate System
Advisory URL: https://access.redhat.com/errata/RHSA-2017:2560
Issue date: 2017-08-30
CVE Names: CVE-2017-7509
=====================================================================

1. Summary:

An update is now available for Red Hat Certificate System 8 with Advanced
Access.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Certificate System 8 Advanced Access - i386, noarch, x86_64

3. Description:

Red Hat Certificate System is a complete implementation of an enterprise
software system designed to manage enterprise public key infrastructure
(PKI) deployments.

Security Fix(es):

* An input validation error was found in Red Hat Certificate System's
handling of client provided certificates. If the certreq field is not
present in a certificate an assertion error is triggered causing a denial
of service. (CVE-2017-7509)

Bug Fix(es):

* Previously, the Token Management System (TMS) required that certificates
that were on hold must first become valid before they can be revoked. This
update removes that limitation, and it is now possible to directly revoke
currently on hold certificates. (BZ#1262000)

* With this update, Red Hat Certificate System instances can be installed
using existing CA signing certificate/keys. This existing CA can be a
functional CA from a different vendor, or keys or CSR generated to be
signed by an external CA for the purpose of chaining it to a publicly
recognized CA.

Note that this feature is only supported when installing with the
"pkisilent" tool, not when using the graphical user interface.
Additionally, since the CSR is generated externally prior to configuration
of the CA instance and is not stored in the NSS security databases, it
should be understood that the CSR value attached to the
"ca.signing.certreq" variable stored inside the
"/var/lib/pki-ca/conf/CS.cfg" file is a reconstruction of the CSR created
during configuration, and not the original CSR utilized to obtain the
existing CA certificate. (BZ#1280391)

* Previously, a bug in CRLDistributionPointsExtension caused some
certificate profiles to encounter problems when being viewed in the
Certificate Manager graphical interface. This bug is now fixed, and
aforementioned profile can now be viewed normally. (BZ#1282589)

* Previously, if access to a component such as an HSM or an LDAP server was
lost during Certificate Revocation List (CRL) generation, the CA could
become stuck in a loop that generated large amounts of log entries until
the problem was resolved. To avoid these scenarios, two new configuration
parameters are being introduced in this patch to allow the CA to slow down.
(BZ#1290650)

* A patch has been applied to the Token Processing System (TPS) to ensure
that the "symmetricKeys.requiredVersion" option is being handled correctly
in all cases. (BZ#1302103)

* A patch has been applied to the Certificate System Token Processing
System (TPS) to fix a bug where existing objects were not always cleared
when enrolling over an active token. (BZ#1302116)

* This update fixes a bug where the Token Processing System (TPS) could not
correctly execute re-enrollment operations (taking a currently enrolled
token and enrolling it again with new certificates) on some G&D smart
cards. (BZ#1320283)

* The Token Processing System (TPS) could previously leave old data in a
token's Coolkey applet when re-enrolling the token with new certificates
and keys. This bug is now fixed, and only data associated with certificates
which are actually on the token is preserved after a successful
re-enrollment. (BZ#1327653)

* Previously, a problem when setting the final life cycle state of a token
at the end of a re-enrollment operation could cause it to fail to report
that it is properly enrolled. This bug is now fixed, and re-enrolled token
now report their "enrolled" status accurately. (BZ#1382376)

* Prior to this update, ECDSA certificates were issued with a NULL value in
the "parameter" field. These certificates were not compliant with the RFC
5758 specification which mandates this field to be omitted completely. This
bug has been fixed, and ECDSA certificates are now issued without the
"parameter" field. (BZ#1454414)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1456030 - CVE-2017-7509 certificate system 8: Enrolling certificate without certreq field causes CA to crash

6. Package List:

Red Hat Certificate System 8 Advanced Access:

Source:
pki-ca-8.1.9-2.el5pki.src.rpm
pki-common-8.1.20-1.el5pki.src.rpm
pki-kra-8.1.7-2.el5pki.src.rpm
pki-silent-8.1.2-3.el5pki.src.rpm
pki-tps-8.1.30-1.el5pki.src.rpm
pki-util-8.1.3-2.el5pki.src.rpm
redhat-pki-ca-ui-8.1.1-2.el5pki.src.rpm

i386:
pki-tps-8.1.30-1.el5pki.i386.rpm

noarch:
pki-ca-8.1.9-2.el5pki.noarch.rpm
pki-common-8.1.20-1.el5pki.noarch.rpm
pki-common-javadoc-8.1.20-1.el5pki.noarch.rpm
pki-kra-8.1.7-2.el5pki.noarch.rpm
pki-silent-8.1.2-3.el5pki.noarch.rpm
pki-util-8.1.3-2.el5pki.noarch.rpm
pki-util-javadoc-8.1.3-2.el5pki.noarch.rpm
redhat-pki-ca-ui-8.1.1-2.el5pki.noarch.rpm

x86_64:
pki-tps-8.1.30-1.el5pki.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-7509
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZpuLlXlSAg2UNWIIRAohyAJ9cawxlq/ugAAaLpjAuLm5wwlXoGwCfd6NE
gVwE0sK17zQnQpBRbDbi6JE=
=Qgri
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    11 Files
  • 21
    Feb 21st
    3 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close