Red Hat Product Errata RHSA-2019:3225 - Security Advisory

Issued:: 2019-10-29
Updated:: 2019-10-29

RHSA-2019:3225 - Security Advisory

Overview
Updated Packages

Synopsis

Important: jss security update

Type/Severity

Security Advisory: Important

Topic

An update for jss is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Java Security Services (JSS) provides an interface between Java Virtual Machine and Network Security Services (NSS). It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System.

Security Fix(es):

JSS: OCSP policy "Leaf and Chain" implicitly trusts the root certificate (CVE-2019-14823)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

BZ - 1747435 - CVE-2019-14823 JSS: OCSP policy "Leaf and Chain" implicitly trusts the root certificate

CVEs

CVE-2019-14823

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
x86_64
jss-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 6dcf67b0c3ba7918b27cad2349153e9f896bc78f033bb6a423f2a58fefc815a8
jss-debuginfo-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 41ddab25956670270e3ee02b43426ea81a3a4a5205e32468077c390a070b31b6
jss-debuginfo-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 41ddab25956670270e3ee02b43426ea81a3a4a5205e32468077c390a070b31b6
jss-javadoc-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 804fbc340313da6e9aa0e759176ede80e578b168b92b490aa5648f9748218cab

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
s390x
jss-4.4.4-6.el7_6.s390x.rpm	SHA-256: dcd9a9f9e4f93a8011c3556b626875493363b2fae877e74f6081763426b9bb66
jss-debuginfo-4.4.4-6.el7_6.s390x.rpm	SHA-256: 0e9f6f5e91649581afcebe1edf600283a3f7c13326dd40188c4cb34233098885
jss-debuginfo-4.4.4-6.el7_6.s390x.rpm	SHA-256: 0e9f6f5e91649581afcebe1edf600283a3f7c13326dd40188c4cb34233098885
jss-javadoc-4.4.4-6.el7_6.s390x.rpm	SHA-256: 4757b041c2c4dfc5d7548efa64b5cc7ce4f4f26967bc26e54d2a7bd32019b7af

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
ppc64
jss-4.4.4-6.el7_6.ppc64.rpm	SHA-256: 98bc365b7925774e628d8445d28dd92c8dd3c663b5862632149d9101f89f70b0
jss-debuginfo-4.4.4-6.el7_6.ppc64.rpm	SHA-256: df94ea1ed4752941a669a02267414d434d09ebebb93b69b1e733d5186194b00a
jss-debuginfo-4.4.4-6.el7_6.ppc64.rpm	SHA-256: df94ea1ed4752941a669a02267414d434d09ebebb93b69b1e733d5186194b00a
jss-javadoc-4.4.4-6.el7_6.ppc64.rpm	SHA-256: ee7fa362829f51ceaddb2d4ccd4bcfcf5f09dff07b3b049fa96b491484f19ee1

Red Hat Enterprise Linux EUS Compute Node 7.6

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
x86_64
jss-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 6dcf67b0c3ba7918b27cad2349153e9f896bc78f033bb6a423f2a58fefc815a8
jss-debuginfo-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 41ddab25956670270e3ee02b43426ea81a3a4a5205e32468077c390a070b31b6
jss-debuginfo-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 41ddab25956670270e3ee02b43426ea81a3a4a5205e32468077c390a070b31b6
jss-javadoc-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 804fbc340313da6e9aa0e759176ede80e578b168b92b490aa5648f9748218cab

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
x86_64
jss-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 6dcf67b0c3ba7918b27cad2349153e9f896bc78f033bb6a423f2a58fefc815a8
jss-debuginfo-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 41ddab25956670270e3ee02b43426ea81a3a4a5205e32468077c390a070b31b6
jss-debuginfo-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 41ddab25956670270e3ee02b43426ea81a3a4a5205e32468077c390a070b31b6
jss-javadoc-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 804fbc340313da6e9aa0e759176ede80e578b168b92b490aa5648f9748218cab

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
ppc64le
jss-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 5e5394d74744f3ce0c0cafcacb68985f66b4d2d5b13691039b69e13b474b4ac2
jss-debuginfo-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 14939ca8eab6f06a3a1489bd3455159be44f7ae2de01c02fc478319dd162d8bf
jss-debuginfo-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 14939ca8eab6f06a3a1489bd3455159be44f7ae2de01c02fc478319dd162d8bf
jss-javadoc-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 2d02bfc729bc0a26d7a0f369765666c4e263d936615c7b8740dbaf7bdb00e6c7

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
x86_64
jss-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 6dcf67b0c3ba7918b27cad2349153e9f896bc78f033bb6a423f2a58fefc815a8
jss-debuginfo-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 41ddab25956670270e3ee02b43426ea81a3a4a5205e32468077c390a070b31b6
jss-debuginfo-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 41ddab25956670270e3ee02b43426ea81a3a4a5205e32468077c390a070b31b6
jss-javadoc-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 804fbc340313da6e9aa0e759176ede80e578b168b92b490aa5648f9748218cab

Red Hat Enterprise Linux for ARM 64 7

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
aarch64
jss-4.4.4-6.el7_6.aarch64.rpm	SHA-256: 97370d117a997ea50f1564107b1ae177c7209bda76754427523f5641dd180395
jss-4.4.4-6.el7_6.aarch64.rpm	SHA-256: 97370d117a997ea50f1564107b1ae177c7209bda76754427523f5641dd180395
jss-4.4.4-6.el7_6.aarch64.rpm	SHA-256: 97370d117a997ea50f1564107b1ae177c7209bda76754427523f5641dd180395
jss-debuginfo-4.4.4-6.el7_6.aarch64.rpm	SHA-256: 366af25fb6cfc050d104630359a2a3d0e6e789158f68f00538e320c775e8ebb4
jss-debuginfo-4.4.4-6.el7_6.aarch64.rpm	SHA-256: 366af25fb6cfc050d104630359a2a3d0e6e789158f68f00538e320c775e8ebb4
jss-debuginfo-4.4.4-6.el7_6.aarch64.rpm	SHA-256: 366af25fb6cfc050d104630359a2a3d0e6e789158f68f00538e320c775e8ebb4
jss-debuginfo-4.4.4-6.el7_6.aarch64.rpm	SHA-256: 366af25fb6cfc050d104630359a2a3d0e6e789158f68f00538e320c775e8ebb4
jss-debuginfo-4.4.4-6.el7_6.aarch64.rpm	SHA-256: 366af25fb6cfc050d104630359a2a3d0e6e789158f68f00538e320c775e8ebb4
jss-debuginfo-4.4.4-6.el7_6.aarch64.rpm	SHA-256: 366af25fb6cfc050d104630359a2a3d0e6e789158f68f00538e320c775e8ebb4
jss-javadoc-4.4.4-6.el7_6.aarch64.rpm	SHA-256: c5883e1b385bc6d1ab93874baef4a08838d54ab0470f300146be43273afb3861
jss-javadoc-4.4.4-6.el7_6.aarch64.rpm	SHA-256: c5883e1b385bc6d1ab93874baef4a08838d54ab0470f300146be43273afb3861
jss-javadoc-4.4.4-6.el7_6.aarch64.rpm	SHA-256: c5883e1b385bc6d1ab93874baef4a08838d54ab0470f300146be43273afb3861

Red Hat Enterprise Linux for Power 9 7

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
ppc64le
jss-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 5e5394d74744f3ce0c0cafcacb68985f66b4d2d5b13691039b69e13b474b4ac2
jss-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 5e5394d74744f3ce0c0cafcacb68985f66b4d2d5b13691039b69e13b474b4ac2
jss-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 5e5394d74744f3ce0c0cafcacb68985f66b4d2d5b13691039b69e13b474b4ac2
jss-debuginfo-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 14939ca8eab6f06a3a1489bd3455159be44f7ae2de01c02fc478319dd162d8bf
jss-debuginfo-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 14939ca8eab6f06a3a1489bd3455159be44f7ae2de01c02fc478319dd162d8bf
jss-debuginfo-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 14939ca8eab6f06a3a1489bd3455159be44f7ae2de01c02fc478319dd162d8bf
jss-debuginfo-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 14939ca8eab6f06a3a1489bd3455159be44f7ae2de01c02fc478319dd162d8bf
jss-debuginfo-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 14939ca8eab6f06a3a1489bd3455159be44f7ae2de01c02fc478319dd162d8bf
jss-debuginfo-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 14939ca8eab6f06a3a1489bd3455159be44f7ae2de01c02fc478319dd162d8bf
jss-javadoc-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 2d02bfc729bc0a26d7a0f369765666c4e263d936615c7b8740dbaf7bdb00e6c7
jss-javadoc-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 2d02bfc729bc0a26d7a0f369765666c4e263d936615c7b8740dbaf7bdb00e6c7
jss-javadoc-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 2d02bfc729bc0a26d7a0f369765666c4e263d936615c7b8740dbaf7bdb00e6c7

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
ppc64le
jss-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 5e5394d74744f3ce0c0cafcacb68985f66b4d2d5b13691039b69e13b474b4ac2
jss-debuginfo-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 14939ca8eab6f06a3a1489bd3455159be44f7ae2de01c02fc478319dd162d8bf
jss-debuginfo-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 14939ca8eab6f06a3a1489bd3455159be44f7ae2de01c02fc478319dd162d8bf
jss-javadoc-4.4.4-6.el7_6.ppc64le.rpm	SHA-256: 2d02bfc729bc0a26d7a0f369765666c4e263d936615c7b8740dbaf7bdb00e6c7

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
x86_64
jss-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 6dcf67b0c3ba7918b27cad2349153e9f896bc78f033bb6a423f2a58fefc815a8
jss-debuginfo-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 41ddab25956670270e3ee02b43426ea81a3a4a5205e32468077c390a070b31b6
jss-debuginfo-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 41ddab25956670270e3ee02b43426ea81a3a4a5205e32468077c390a070b31b6
jss-javadoc-4.4.4-6.el7_6.x86_64.rpm	SHA-256: 804fbc340313da6e9aa0e759176ede80e578b168b92b490aa5648f9748218cab

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
jss-4.4.4-6.el7_6.src.rpm	SHA-256: d156e1ff692fef07ea8629ec8f339a0d48c51593be696d9850b9b72ad50bf11d
s390x
jss-4.4.4-6.el7_6.s390x.rpm	SHA-256: dcd9a9f9e4f93a8011c3556b626875493363b2fae877e74f6081763426b9bb66
jss-4.4.4-6.el7_6.s390x.rpm	SHA-256: dcd9a9f9e4f93a8011c3556b626875493363b2fae877e74f6081763426b9bb66
jss-4.4.4-6.el7_6.s390x.rpm	SHA-256: dcd9a9f9e4f93a8011c3556b626875493363b2fae877e74f6081763426b9bb66
jss-debuginfo-4.4.4-6.el7_6.s390x.rpm	SHA-256: 0e9f6f5e91649581afcebe1edf600283a3f7c13326dd40188c4cb34233098885
jss-debuginfo-4.4.4-6.el7_6.s390x.rpm	SHA-256: 0e9f6f5e91649581afcebe1edf600283a3f7c13326dd40188c4cb34233098885
jss-debuginfo-4.4.4-6.el7_6.s390x.rpm	SHA-256: 0e9f6f5e91649581afcebe1edf600283a3f7c13326dd40188c4cb34233098885
jss-debuginfo-4.4.4-6.el7_6.s390x.rpm	SHA-256: 0e9f6f5e91649581afcebe1edf600283a3f7c13326dd40188c4cb34233098885
jss-debuginfo-4.4.4-6.el7_6.s390x.rpm	SHA-256: 0e9f6f5e91649581afcebe1edf600283a3f7c13326dd40188c4cb34233098885
jss-debuginfo-4.4.4-6.el7_6.s390x.rpm	SHA-256: 0e9f6f5e91649581afcebe1edf600283a3f7c13326dd40188c4cb34233098885
jss-javadoc-4.4.4-6.el7_6.s390x.rpm	SHA-256: 4757b041c2c4dfc5d7548efa64b5cc7ce4f4f26967bc26e54d2a7bd32019b7af
jss-javadoc-4.4.4-6.el7_6.s390x.rpm	SHA-256: 4757b041c2c4dfc5d7548efa64b5cc7ce4f4f26967bc26e54d2a7bd32019b7af
jss-javadoc-4.4.4-6.el7_6.s390x.rpm	SHA-256: 4757b041c2c4dfc5d7548efa64b5cc7ce4f4f26967bc26e54d2a7bd32019b7af

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories