RedHatRHSA-2012:1550(RHSA-2012:1550) Moderate: pki security update
0.005 Low
EPSS
Percentile
75.5%
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple cross-site scripting flaws were discovered in the Red Hat
Certificate System. An attacker could use these flaws to perform a
cross-site scripting (XSS) attack against victims using Certificate
System’s web interface. (CVE-2012-4543)
Multiple denial of service flaws were found in the Red Hat Certificate
System token processing. A Certificate System user could use these flaws
to crash the Apache httpd web server child process, possibly interrupting
the processing of other users’ requests. (CVE-2012-4555, CVE-2012-4556)
Red Hat would like to thank Patrick Raspante and Ryan Millay of GDC4S for
reporting the CVE-2012-4555 and CVE-2012-4556 issues.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. After installing this update,
all Red Hat Certificate System subsystems must be restarted (“/etc/init.d
/[instance-name] restart”) for the update to take effect.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 5 | x86_64 | pki-tps | < 8.1.3-2.el5pki | pki-tps-8.1.3-2.el5pki.x86_64.rpm |
| RedHat | 5 | i386 | pki-tps | < 8.1.3-2.el5pki | pki-tps-8.1.3-2.el5pki.i386.rpm |
| RedHat | 5 | src | pki-common | < 8.1.3-2.el5pki | pki-common-8.1.3-2.el5pki.src.rpm |
| RedHat | 5 | noarch | pki-common-javadoc | < 8.1.3-2.el5pki | pki-common-javadoc-8.1.3-2.el5pki.noarch.rpm |
| RedHat | 5 | src | pki-tps | < 8.1.3-2.el5pki | pki-tps-8.1.3-2.el5pki.src.rpm |
| RedHat | 5 | noarch | pki-common | < 8.1.3-2.el5pki | pki-common-8.1.3-2.el5pki.noarch.rpm |
Related
