Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2024:0027
Issued: 2024-08-07
Updated: 2024-08-07
Summary
pki-core security update
Severity
Important
Description
Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:
CVE-2023-4727:
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
References
Updated Packages
- noarch
- pki-base-10.5.18-32.1.al7.noarch.rpm → (download)
- pki-base-java-10.5.18-32.1.al7.noarch.rpm → (download)
- pki-ca-10.5.18-32.1.al7.noarch.rpm → (download)
- pki-javadoc-10.5.18-32.1.al7.noarch.rpm → (download)
- pki-kra-10.5.18-32.1.al7.noarch.rpm → (download)
- pki-server-10.5.18-32.1.al7.noarch.rpm → (download)
- src
- pki-core-10.5.18-32.1.al7.src.rpm → (download)
- aarch64
- pki-core-debuginfo-10.5.18-32.1.al7.aarch64.rpm → (download)
- pki-symkey-10.5.18-32.1.al7.aarch64.rpm → (download)
- pki-tools-10.5.18-32.1.al7.aarch64.rpm → (download)
- i686
- pki-core-debuginfo-10.5.18-32.1.al7.i686.rpm → (download)
- pki-symkey-10.5.18-32.1.al7.i686.rpm → (download)
- pki-tools-10.5.18-32.1.al7.i686.rpm → (download)
- x86_64
- pki-core-debuginfo-10.5.18-32.1.al7.x86_64.rpm → (download)
- pki-symkey-10.5.18-32.1.al7.x86_64.rpm → (download)
- pki-tools-10.5.18-32.1.al7.x86_64.rpm → (download)