Red Hat Security Advisory 2021-0966-01

Red Hat Security Advisory 2021-0966-01: Posted Mar 23, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-0966-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.; tags | advisory; systems | linux, redhat; advisories | CVE-2021-20179; SHA-256 | 04695542ff2db2454580674ed2e327d1db584021c386f9603096d770e07002c6; Download | Favorite | View

Red Hat Security Advisory 2021-0966-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: pki-core:10.6 security update
Advisory ID:       RHSA-2021:0966-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0966
Issue date:        2021-03-23
CVE Names:         CVE-2021-20179 
=====================================================================

1. Summary:

An update for the pki-core:10.6 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: Unprivileged users can renew any certificate (CVE-2021-20179)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1914379 - CVE-2021-20179 pki-core: Unprivileged users can renew any certificate
1933146 - PKI instance creation failed with new 389-ds-base build [rhel-8.3.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.src.rpm
ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.src.rpm
pki-core-10.9.4-3.module+el8.3.0+10353+73f6df5b.src.rpm
tomcatjss-7.5.0-1.module+el8.3.0+7355+c59bcbd9.src.rpm

aarch64:
jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm
jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm
jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm
jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm
pki-core-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.aarch64.rpm
pki-core-debugsource-10.9.4-3.module+el8.3.0+10353+73f6df5b.aarch64.rpm
pki-symkey-10.9.4-3.module+el8.3.0+10353+73f6df5b.aarch64.rpm
pki-symkey-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.aarch64.rpm
pki-tools-10.9.4-3.module+el8.3.0+10353+73f6df5b.aarch64.rpm
pki-tools-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.aarch64.rpm

noarch:
ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm
ldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm
pki-base-10.9.4-3.module+el8.3.0+10353+73f6df5b.noarch.rpm
pki-base-java-10.9.4-3.module+el8.3.0+10353+73f6df5b.noarch.rpm
pki-ca-10.9.4-3.module+el8.3.0+10353+73f6df5b.noarch.rpm
pki-kra-10.9.4-3.module+el8.3.0+10353+73f6df5b.noarch.rpm
pki-server-10.9.4-3.module+el8.3.0+10353+73f6df5b.noarch.rpm
python3-pki-10.9.4-3.module+el8.3.0+10353+73f6df5b.noarch.rpm
tomcatjss-7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch.rpm

ppc64le:
jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm
jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm
jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm
jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm
pki-core-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.ppc64le.rpm
pki-core-debugsource-10.9.4-3.module+el8.3.0+10353+73f6df5b.ppc64le.rpm
pki-symkey-10.9.4-3.module+el8.3.0+10353+73f6df5b.ppc64le.rpm
pki-symkey-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.ppc64le.rpm
pki-tools-10.9.4-3.module+el8.3.0+10353+73f6df5b.ppc64le.rpm
pki-tools-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.ppc64le.rpm

s390x:
jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm
jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm
jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm
jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm
pki-core-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.s390x.rpm
pki-core-debugsource-10.9.4-3.module+el8.3.0+10353+73f6df5b.s390x.rpm
pki-symkey-10.9.4-3.module+el8.3.0+10353+73f6df5b.s390x.rpm
pki-symkey-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.s390x.rpm
pki-tools-10.9.4-3.module+el8.3.0+10353+73f6df5b.s390x.rpm
pki-tools-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.s390x.rpm

x86_64:
jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm
jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm
jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm
jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm
pki-core-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.x86_64.rpm
pki-core-debugsource-10.9.4-3.module+el8.3.0+10353+73f6df5b.x86_64.rpm
pki-symkey-10.9.4-3.module+el8.3.0+10353+73f6df5b.x86_64.rpm
pki-symkey-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.x86_64.rpm
pki-tools-10.9.4-3.module+el8.3.0+10353+73f6df5b.x86_64.rpm
pki-tools-debuginfo-10.9.4-3.module+el8.3.0+10353+73f6df5b.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-20179
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYFnJU9zjgjWX9erEAQgEMA/+PkQqxWr0PEjbkv3Kh3NmziEOa0+YKXz+
NWfF9dZA+TV5TBai5XZXfKajrX3OcVKXmUsMJOFqhFH07LwUOgXvdPv7klOdeN2f
bTJ0DxHF40eLTz9K7iCnplyvh0vDToZxykWXZuPvE+AaJNHduEJpla8h5/CeoTPF
eUs/FYx4LPvwnIVQe180P2XC98f06w9n/ftSrEKVeGKcEqu6GTtopVh3rzEvu0sA
YXAbzWhfd92Xl3u/va7mPbjAycT1RBJUrGZeDdyG0plbtnaojuxG9wHVvPrEkFW2
gEyiIWFK/U0xfuyFqbMLFJwcaLLgJZmlJv0Gplo3oVeMUqmAHyTOOw5Q3iOzHTja
KNhpXOHVHvsXX0rYcU+RG2S9og/D8UFSqX8GRW8BIgOcgrBVQDQ1hEGbeHeiRgBG
PD1UYdJ9zycviCazqTlM/16mj1gIaQHn0mG0QC032VI0xxZX0J5Umdb+s1pbRZTT
qmDkbtECS2k09l7yZkG+4wcg9TH3A9tG3/Rjy60hVwfa+kvewwtGoVgNehEJOW4P
ZC/IQWiaJkGzV2tOqib86t6zEYH++jd1RmeG1QdUQefzf4nrPiE+5zYEzAZ6QGPN
h3F0/PtkXYvfWz1PBUiJ3HNhR8AUr5L8TdvR2OBeDR2pz1vjuIuHDy3rksUJ94xA
9IeIf+LTnmk=
=QA6G
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 184 files
Ubuntu 64 files
Debian 22 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Google Security Research 6 files
Apple 6 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,009)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,174)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,460)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,433)
UNIX (9,390)
UnixWare (187)
Windows (6,648)
Other

Red Hat Security Advisory 2021-0966-01

Red Hat Security Advisory 2021-0966-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2021-0966-01

Share This

Red Hat Security Advisory 2021-0966-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems