-
Mon Jun 03 2024 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-32
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.4):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.4):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
-
Fri May 31 2024 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-31
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.3):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.3):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
-
Thu May 23 2024 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-30
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
-
Fri May 17 2024 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-29
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2.1):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- Additional trivial fix (jmagne)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2.1):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett, jmagne)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
- Bug 2280722 - Shared token is not generated for TPS and TKS
during install despite adding pki_import_shared_secret=True param
at install [RHCS 9.7.z] (jmagne)
-
Thu Apr 18 2024 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-28
- ##########################################################################
- # RHEL 7.9 (Async Security Update CY24Q2):
- ##########################################################################
- Updated nspr-devel and nss-devel build requirements as well as nss and
nss-tools runtime requirements (mharmsen)
- Updated jss dependencies (mharmsen)
- Added git build dependency (mharmsen)
- RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca:
token authentication bypass vulnerability [rhel-7.9.z] (jmagne)
- RHEL-24339 - pki-core - PrettyPrintCert does not properly
translate AIA information into a readable format [RHEL 7.9.z] (mfargett)
- RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett)
- ##########################################################################
- # RHCS 9.7 (Async Security Update CY24Q2):
- ##########################################################################
- Bug 2047831 - Coolkey Hardcoded RSA Max Key Size
[RHCS 9.7.z] (jmagne)
- Bug 2121463 - Add Secure Channel Support for AES-256 Keys
[RHCS 9.7.z] (jmagne)
- Bug 2177785 - TPS missing Host header field in HTTP/1.1 request
message [RHCS 9.7.z] (mfargett)
- Bug 2180920 - add AES support for TMS server-side keygen on latest
HSM / FIPS environment [RHCS 9.7.z] (jmagne)
- Bug 2233158 - Make key wrapping algorithm configurable
between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne)
- Bug 2253682 - pkidestroy log keeps HSM token password
[RHCS 9.7.z] (mfargett)
- Bug 2265180 - Add Support for Symmetric Key Rollover
[RHCS 9.7.z] (jmagne)
-
Mon May 01 2023 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-27
- ##########################################################################
- # RHEL 7.9 (Batch Update 23):
- ##########################################################################
- ##########################################################################
- # RHCS 9.7 (Batch Update 23):
- ##########################################################################
- Bugzilla Bug #2179305 - Unable to use the TPS UI "Token Filter" to filter
a list of tokens [RHCS 9.7] (ckelley)
- Bugzilla Bug #2092522 - TPS Not allowing Token Status Change based on
Revoke True/False and Hold till last True/False [RHCS 9.7.z] (cfu)
- Bugzilla Bug #2176233 - TPS Not allowing Token Status Change based on
Revoke True/False and Hold till last True/False (part 2) [RHCS 9.7.z] (cfu)
-
Fri Mar 24 2023 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-26
- ##########################################################################
- # RHEL 7.9 (Batch Update 22):
- ##########################################################################
- ##########################################################################
- # RHCS 9.7 (Batch Update 22):
- ##########################################################################
- Bugzilla Bug #2179305 - Unable to use the TPS UI "Token Filter" to filter
a list of tokens [RHCS 9.7] (ckelley)
- Bugzilla Bug #2092522 - TPS Not allowing Token Status Change based on
Revoke True/False and Hold till last True/False [RHCS 9.7.z] (cfu)
- Bugzilla Bug #2176233 - TPS Not allowing Token Status Change based on
Revoke True/False and Hold till last True/False (part 2) [RHCS 9.7.z] (cfu)
-
Fri Feb 10 2023 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-25
- ##########################################################################
- # RHEL 7.9 (Batch Update 21):
- ##########################################################################
- Bugzilla Bug #2160355 - RA Separation by KeyType - Set Token Status
[RHCS 9.7 bu 21] (cfu, ckelley)
- ##########################################################################
- # RHCS 9.7 (Batch Update 21):
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)
-
Wed Oct 26 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-24
- ##########################################################################
- # RHEL 7.9 (Batch Update 19):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- ##########################################################################
- # RHCS 9.7 (Batch Update 19):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [certificate_system_9.7.z]
(ckelley, mharmsen)
-
Mon Oct 10 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-23
- ##########################################################################
- # RHEL 7.9 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
- ##########################################################################
- # RHCS 9.7 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [certificate_system_9.7.z]
(ckelley, mharmsen)
- Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)