Synopsis: Moderate: pki-core security update
Advisory ID: SLSA-2017:2335-1
Issue Date: 2017-08-01
CVE Numbers: CVE-2017-7537
—
Security Fix(es):
* It was found that a mock CMC authentication plugin with a hardcoded
secret was accidentally enabled by default in the pki-core package. An
attacker could potentially use this flaw to bypass the regular
authentication process and trick the CA server into issuing certificates.
(CVE-2017-7537)
—
SL7
x86_64
pki-core-debuginfo-10.4.1-11.el7.x86_64.rpm
pki-symkey-10.4.1-11.el7.x86_64.rpm
pki-tools-10.4.1-11.el7.x86_64.rpm
noarch
pki-base-10.4.1-11.el7.noarch.rpm
pki-base-java-10.4.1-11.el7.noarch.rpm
pki-ca-10.4.1-11.el7.noarch.rpm
pki-javadoc-10.4.1-11.el7.noarch.rpm
pki-kra-10.4.1-11.el7.noarch.rpm
pki-server-10.4.1-11.el7.noarch.rpm
– Scientific Linux Development Team
