Red Hat Product Errata RHSA-2024:4070 - Security Advisory
Issued:
2024-06-24
Updated:
2024-06-24

RHSA-2024:4070 - Security Advisory

Synopsis

Important: Red Hat Certificate System 10.4 for RHEL 8 security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for pki-core is now available for Red Hat Certificate System 10.4 for RHEL 8.6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

Description

Red Hat Certificate System (RHCS) is a complete implementation of an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments.

Security fixes:

  • Token authentication bypass vulnerability (BZ2232221 - CVE-2023-4727)
  • Renaming the option ops-flag and ops-flag-mask (BZ2275455)
  • Rebase to TomcatJSS 7.7.4
  • Rename enableOCSP to enableRevocationCheck (BZ2275095)
  • Rebase to JSS 4.9.9
  • Enable revocation verification using CRL-DP (BZ2274531)

Users of RHCS 10 are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Certificate System - Extended Update Support 10 for RHEL 8.6 x86_64
  • Red Hat Certificate System - 4 years of updates 10 x86_64

Fixes

(none)

Red Hat Certificate System - Extended Update Support 10 for RHEL 8.6

SRPM
idm-console-framework-1.3.0-1.module+el8pki+14677+1ef79a68.src.rpm SHA-256: f1e07ec9162bb2ec41f9b101b36de2624bf7bc3030c1feed232045bb0ac328f0
jss-4.9.10-1.module+el8pki+21949+4b2d0700.src.rpm SHA-256: 1f12ddb627e7fdae024438d96a0d93b15ae5baa20a3d7c592109180206c771b7
ldapjdk-4.23.0-1.module+el8pki+14677+1ef79a68.src.rpm SHA-256: 6bd38fed1a2db9ba63376ba3ccb711a957b139f65a50af391a7982aba0a84d89
redhat-pki-10.13.11-1.module+el8pki+21949+4b2d0700.src.rpm SHA-256: 6869c267e43ef424ced1dce9baa683125847112871f34b8c36c0f2384eeec65f
tomcatjss-7.7.4-1.module+el8pki+21738+33a5e23b.src.rpm SHA-256: 2a5c1003aa868c47a0ed4aa19900e850117cadc37eb2901fc9ca12da470ea291
x86_64
idm-console-framework-1.3.0-1.module+el8pki+14677+1ef79a68.noarch.rpm SHA-256: ac037df948cc1630fc8a3ffa04d0cfa84f45dfc80ba409279ae9b68a91c1399b
jss-4.9.10-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 840321ebf8c97017de8999835f4333182fc2f6bf95582d97c82ff84358d8370e
jss-debuginfo-4.9.10-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: ea3741f1b80975a2ba11f0c082d9a15ffbfe4385cccdbdd33e77cd8693eda088
jss-debugsource-4.9.10-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 5aa52598ed2563ed3a224fe9c71879068c11d10c05ee2febe4d3980351adc419
jss-javadoc-4.9.10-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 10263c4ce48af92e6fc9477d420863e5d43fae55be9f1e6fa802178cd9e17fbf
ldapjdk-4.23.0-1.module+el8pki+14677+1ef79a68.noarch.rpm SHA-256: d086f8c6e48d0ca7bd894c748bcba6ba1b32c919c4d5f0d796f7394a3c78600f
ldapjdk-javadoc-4.23.0-1.module+el8pki+14677+1ef79a68.noarch.rpm SHA-256: b68dec3dce1e0b98b2211b12be2a46eff13dd957667374fe0b8d1bd6781159cc
python3-redhat-pki-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 0b258714ac3cffd4863b6c51b8c3b1f8e18e70359e145d734d609340c747b53f
redhat-pki-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: c9b2db359b01fafe8cc62b520ff778f4a47c795ed4ae6d377f83037182bb15b5
redhat-pki-acme-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: f24bbbabadfb27dcc60535871b38d1c471775fb72a0e0b37d7cc236286a40397
redhat-pki-base-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: e51b4716070265a3c17a758f931e3b5ab03b4ee2c7f2df7579716968b5a47bd3
redhat-pki-base-java-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: e85573ff708ea14e7b126787d3cc19704ca2edde9a7dcfa26d8c55f11d6c1d2f
redhat-pki-ca-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: b7349d171274f4f774a5f7d130c395d7dd402403174183d5d54f59030954ed4a
redhat-pki-console-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 236bb397dcf98209a2a1a7f70d669c7abd09b0bb9bc4e88bf82decb3556d6d3d
redhat-pki-console-theme-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 747fce9e10fc6037f360bf180ce67f35633776b9d3dd52944b9a3e9b17ecb56e
redhat-pki-debuginfo-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 0db09c6cb5152816be40bcc23b2f85aba0869f2094ddbc5c5e240d436c2ba949
redhat-pki-debugsource-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: b03dd693dab981d47a19b7eac486b89e86a37d471be1edb0327772195a1d1ed0
redhat-pki-est-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: a1fbbb3f2470fbc35a09fb3d6e0325384dc64a3f1cb9e121d0b86d8e017f5564
redhat-pki-javadoc-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 78f754a5684a098aba21e5792d935cd1ae47a679ac436d69da93e987a855b55f
redhat-pki-kra-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 7d14a0491f0c4ed9ffd154a4a1a5737bb6b03abc021e9c3d45a318d85e710a0c
redhat-pki-ocsp-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 833eb113cbdc906c2feabcc096a2c09bef7f6213cc653c963116679982065f1f
redhat-pki-server-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 54561ac034d4905db763d915a754e619bce1e66705a38e414df454578a29d0b1
redhat-pki-server-theme-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 5db6a8d3b675c77ea6b0df0e7df08873a23952062ec0ff668920ada981bd8854
redhat-pki-symkey-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 6405660588fb6768a5a6adbdd545d225afa9156fbaf709fb73a7ab2a7577c833
redhat-pki-symkey-debuginfo-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 44ec2a5d57e7f5200c6f938ea8002156e7787d0b1fd3101773227e47ce891d47
redhat-pki-tks-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 9d9ec1b94fc9651d3a570db93c069473d8b86aeb6173fee9eb134252831e2470
redhat-pki-tools-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 08b55d8f5bc73fb7c798d6d05c6b64fd6075ff73f3427c761732674a6fe4075b
redhat-pki-tools-debuginfo-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 27b516b532cc0d8a630910464f16ce7214c1b8e5171e27e2b62a2f5e463d2125
redhat-pki-tps-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: af8edc7048629487a41cc405099522f6b768bf6064e039e26a3f1df1024da56d
redhat-pki-tps-debuginfo-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: ef59f1219d9b673e8ae581e48228a0b36024335e0a944d68eadf1a540dac1d3e
tomcatjss-7.7.4-1.module+el8pki+21738+33a5e23b.noarch.rpm SHA-256: 996bf69e12582c53c3e03d35a79c139613a6b7e8db9c59bcf63205368340ee6a

Red Hat Certificate System - 4 years of updates 10

SRPM
idm-console-framework-1.3.0-1.module+el8pki+14677+1ef79a68.src.rpm SHA-256: f1e07ec9162bb2ec41f9b101b36de2624bf7bc3030c1feed232045bb0ac328f0
jss-4.9.10-1.module+el8pki+21949+4b2d0700.src.rpm SHA-256: 1f12ddb627e7fdae024438d96a0d93b15ae5baa20a3d7c592109180206c771b7
ldapjdk-4.23.0-1.module+el8pki+14677+1ef79a68.src.rpm SHA-256: 6bd38fed1a2db9ba63376ba3ccb711a957b139f65a50af391a7982aba0a84d89
redhat-pki-10.13.11-1.module+el8pki+21949+4b2d0700.src.rpm SHA-256: 6869c267e43ef424ced1dce9baa683125847112871f34b8c36c0f2384eeec65f
tomcatjss-7.7.4-1.module+el8pki+21738+33a5e23b.src.rpm SHA-256: 2a5c1003aa868c47a0ed4aa19900e850117cadc37eb2901fc9ca12da470ea291
x86_64
idm-console-framework-1.3.0-1.module+el8pki+14677+1ef79a68.noarch.rpm SHA-256: ac037df948cc1630fc8a3ffa04d0cfa84f45dfc80ba409279ae9b68a91c1399b
jss-4.9.10-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 840321ebf8c97017de8999835f4333182fc2f6bf95582d97c82ff84358d8370e
jss-debuginfo-4.9.10-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: ea3741f1b80975a2ba11f0c082d9a15ffbfe4385cccdbdd33e77cd8693eda088
jss-debugsource-4.9.10-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 5aa52598ed2563ed3a224fe9c71879068c11d10c05ee2febe4d3980351adc419
jss-javadoc-4.9.10-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 10263c4ce48af92e6fc9477d420863e5d43fae55be9f1e6fa802178cd9e17fbf
ldapjdk-4.23.0-1.module+el8pki+14677+1ef79a68.noarch.rpm SHA-256: d086f8c6e48d0ca7bd894c748bcba6ba1b32c919c4d5f0d796f7394a3c78600f
ldapjdk-javadoc-4.23.0-1.module+el8pki+14677+1ef79a68.noarch.rpm SHA-256: b68dec3dce1e0b98b2211b12be2a46eff13dd957667374fe0b8d1bd6781159cc
python3-redhat-pki-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 0b258714ac3cffd4863b6c51b8c3b1f8e18e70359e145d734d609340c747b53f
redhat-pki-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: c9b2db359b01fafe8cc62b520ff778f4a47c795ed4ae6d377f83037182bb15b5
redhat-pki-acme-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: f24bbbabadfb27dcc60535871b38d1c471775fb72a0e0b37d7cc236286a40397
redhat-pki-base-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: e51b4716070265a3c17a758f931e3b5ab03b4ee2c7f2df7579716968b5a47bd3
redhat-pki-base-java-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: e85573ff708ea14e7b126787d3cc19704ca2edde9a7dcfa26d8c55f11d6c1d2f
redhat-pki-ca-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: b7349d171274f4f774a5f7d130c395d7dd402403174183d5d54f59030954ed4a
redhat-pki-console-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 236bb397dcf98209a2a1a7f70d669c7abd09b0bb9bc4e88bf82decb3556d6d3d
redhat-pki-console-theme-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 747fce9e10fc6037f360bf180ce67f35633776b9d3dd52944b9a3e9b17ecb56e
redhat-pki-debuginfo-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 0db09c6cb5152816be40bcc23b2f85aba0869f2094ddbc5c5e240d436c2ba949
redhat-pki-debugsource-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: b03dd693dab981d47a19b7eac486b89e86a37d471be1edb0327772195a1d1ed0
redhat-pki-est-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: a1fbbb3f2470fbc35a09fb3d6e0325384dc64a3f1cb9e121d0b86d8e017f5564
redhat-pki-javadoc-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 78f754a5684a098aba21e5792d935cd1ae47a679ac436d69da93e987a855b55f
redhat-pki-kra-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 7d14a0491f0c4ed9ffd154a4a1a5737bb6b03abc021e9c3d45a318d85e710a0c
redhat-pki-ocsp-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 833eb113cbdc906c2feabcc096a2c09bef7f6213cc653c963116679982065f1f
redhat-pki-server-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 54561ac034d4905db763d915a754e619bce1e66705a38e414df454578a29d0b1
redhat-pki-server-theme-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 5db6a8d3b675c77ea6b0df0e7df08873a23952062ec0ff668920ada981bd8854
redhat-pki-symkey-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 6405660588fb6768a5a6adbdd545d225afa9156fbaf709fb73a7ab2a7577c833
redhat-pki-symkey-debuginfo-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 44ec2a5d57e7f5200c6f938ea8002156e7787d0b1fd3101773227e47ce891d47
redhat-pki-tks-10.13.11-1.module+el8pki+21949+4b2d0700.noarch.rpm SHA-256: 9d9ec1b94fc9651d3a570db93c069473d8b86aeb6173fee9eb134252831e2470
redhat-pki-tools-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 08b55d8f5bc73fb7c798d6d05c6b64fd6075ff73f3427c761732674a6fe4075b
redhat-pki-tools-debuginfo-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: 27b516b532cc0d8a630910464f16ce7214c1b8e5171e27e2b62a2f5e463d2125
redhat-pki-tps-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: af8edc7048629487a41cc405099522f6b768bf6064e039e26a3f1df1024da56d
redhat-pki-tps-debuginfo-10.13.11-1.module+el8pki+21949+4b2d0700.x86_64.rpm SHA-256: ef59f1219d9b673e8ae581e48228a0b36024335e0a944d68eadf1a540dac1d3e
tomcatjss-7.7.4-1.module+el8pki+21738+33a5e23b.noarch.rpm SHA-256: 996bf69e12582c53c3e03d35a79c139613a6b7e8db9c59bcf63205368340ee6a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.