[SECURITY] Fedora 16 Update: pki-core-9.0.25-1.fc16
updates at fedoraproject.org
updates at fedoraproject.org
Fri Dec 21 12:05:36 UTC 2012
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-20243
2012-12-12 07:46:14
--------------------------------------------------------------------------------
Name : pki-core
Product : Fedora 16
Version : 9.0.25
Release : 1.fc16
URL : http://pki.fedoraproject.org/
Summary : Certificate System - PKI Core Components
Description :
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains fundamental packages required by Certificate System,
and consists of the following components:
* pki-setup
* pki-symkey
* pki-native-tools
* pki-util
* pki-util-javadoc
* pki-java-tools
* pki-java-tools-javadoc
* pki-common
* pki-common-javadoc
* pki-selinux
* pki-ca
* pki-silent
which comprise the following PKI subsystems:
* Certificate Authority (CA)
For deployment purposes, Certificate System requires ONE AND ONLY ONE
of the following "Mutually-Exclusive" PKI Theme packages:
* ipa-pki-theme (IPA deployments)
* dogtag-pki-theme (Dogtag Certificate System deployments)
* redhat-pki-theme (Red Hat Certificate System deployments)
--------------------------------------------------------------------------------
Update Information:
Bugzilla Bug #884829 - Multiple cross-site scripting flaws
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 11 2012 Andrew Wnuk<awnuk at redhat.com> 9.0.25-1
- Bugzilla Bug #861467 - Directory authenticated user certificate enrollments
fail when anonymous access disabled.
- Bugzilla Bug #884829 - Multiple cross-site scripting flaws
* Tue Oct 30 2012 Andrew Wnuk <awnuk at redhat.com> 9.0.24-1
- New official build
- Used GetStatus servlet to provide startup status - (alee)
- Audit Cert Renewal - Bugzilla Bug #843979 (mharmsen)
- time based searches - Bugzilla Bug #854420 (awnuk)
- TMS ECC infrastructure - ticket #304 (cfu)
* Fri Sep 7 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.23-1
- TRAC Ticket #301 - Need to modify init scripts to verify needed symlinks
in an instance (support for non-default instance names) (mharmsen)
- Bugzilla Bug #852855 - rhcs81 - remove unexpected anonymous binds to
internal db in cert status thread. (jmagne)
* Wed Aug 22 2012 Ade Lee <alee at redhat.com> 9.0.22-1
- Reverted selinux changes that broke f16 selinux policy.
- Reapplied those changes as a modified patch to f17 build.
* Fri Jul 20 2012 Ade Lee <alee at redhat.com> 9.0.21-1
- Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag
* Mon May 7 2012 Andrew Wnuk <awnuk at redhat.com> 9.0.20-1
- New official build
* Mon May 7 2012 Ade Lee <alee at redhat.com> 9.0.19-4
- Bugzilla Bug #819111 - non-existent container breaks replication
* Mon Apr 16 2012 Ade Lee <alee at redhat.com> 9.0.19-3
- Bugzilla Bug #813075 - selinux denial for file size access
* Tue Apr 10 2012 Christina Fu <cfu at redhat.com> 9.0.19-2
- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
* Fri Mar 16 2012 Ade Lee <alee at redhat.com> 9.0.19-1
- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
- Corrected patch selected for selinux f17 rules
* Fri Mar 9 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.18-1
- Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync
with DOGTAG_9_BRANCH SVN repository . . .
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #784387 - Configuration wizard does not provide option
to issue ECC credentials for admin during ECC CA configuration.
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #768138 - Make sure that paging works correctly in CA
and DRM
- Bugzilla Bug #771768 - "Agent-Authenticated File Signing" alters
file digest for "logo_header.gif"
- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
problem for handling non-dual ECC
- Bugzilla Bug #223358 - new profile for ECC key generation
- Bugzilla Bug #787806 - RSA should be default selection for transport
key till "ECC phase 4" is implemented
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
problem for handling non-dual ECC
- Bugzilla Bug #223358 - new profile for ECC key generation
- Bugzilla Bug #787806 - RSA should be default selection for transport
key till "ECC phase 4" is implemented
- 'pki-silent'
- Bugzilla Bug #801840 - pki_silent.template missing opening brace for
ca_external variable
* Fri Mar 2 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-4
- For 'mock' purposes, removed platform-specific logic from around
the 'patch' files so that ALL 'patch' files will be included in
the SRPM.
* Tue Feb 28 2012 Ade Lee <alee at redhat.com> 9.0.17-3
- 'pki-selinux'
- Added platform-dependent patches for SELinux component
- Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
* Wed Feb 22 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-2
- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes
in fundamental path structure in Fedora 17
- 'pki-setup'
- Hard-code Perl dependencies to protect against bugs such as
Bugzilla Bug #772699 - Adapt perl and python fileattrs to
changed file 5.10 magics
- 'pki-selinux'
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess
* Thu Jan 5 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- Bugzilla Bug #771357 - sslget does not work after FEDORA-2011-17400
update, breaking FreeIPA install
- 'pki-util'
- 'pki-java-tools'
- Bugzilla Bug #757848 - DRM re-key tool: introduces a blank line in the
middle of an ldif entry.
- 'pki-common'
- Bugzilla Bug #747019 - Migrated policy requests from 7.1->8.1 displays
issuedcerts and cert_Info params as base 64 blobs.
- Bugzilla Bug #756133 - Some DRM components are not referring properly
to DRM's request and key records.
- Bugzilla Bug #758505 - DRM's request list breaks after migration of
request records with big IDs.
- Bugzilla Bug #768138 - Make sure that paging works correctly in CA and
DRM
- 'pki-selinux'
- 'pki-ca'
- 'pki-silent'
* Fri Oct 28 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.16-1
- 'pki-setup'
- 'pki-symkey'
- 'pki-native-tools'
- 'pki-util'
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- 'pki-java-tools'
- 'pki-common'
- Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
the in-place upgrade( CS 8.0->8.1) (cfu)
- 'pki-selinux'
- 'pki-ca'
- Bugzilla Bug #746367 - Typo in the profile name. (jmagne)
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
wrapping unwrapping keys should be done in the token (cfu)
- Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17
(rawhide) . . . (mharmsen)
- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
OCSP, and TKS package installation . . . (mharmsen)
- 'pki-silent'
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #884829 - CVE-2012-4543 Certificate System: Multiple cross-site scripting flaws by displaying CRL or processing profile [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=884829
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pki-core' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list