ALSA-2019:1529

Source
https://errata.almalinux.org/8/ALSA-2019-1529.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:1529.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2019:1529
Related
Published
2019-06-18T16:36:21Z
Modified
2019-06-18T16:36:09Z
Summary
Important: pki-deps:10.6 security update
Details

The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System.

Security Fix(es):

  • tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037)

  • tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014)

  • tomcat: Open redirect in default servlet (CVE-2018-11784)

  • tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / apache-commons-collections

Package

Name
apache-commons-collections

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.2-10.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / apache-commons-collections

Package

Name
apache-commons-collections

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.2-10.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / apache-commons-lang

Package

Name
apache-commons-lang

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6-21.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / apache-commons-lang

Package

Name
apache-commons-lang

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6-21.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / bea-stax-api

Package

Name
bea-stax-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0-16.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / bea-stax-api

Package

Name
bea-stax-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0-16.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-fastinfoset

Package

Name
glassfish-fastinfoset

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.13-9.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / glassfish-fastinfoset

Package

Name
glassfish-fastinfoset

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.13-9.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-api

Package

Name
glassfish-jaxb-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.12-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-api

Package

Name
glassfish-jaxb-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.12-8.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / glassfish-jaxb-core

Package

Name
glassfish-jaxb-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.11-11.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / glassfish-jaxb-core

Package

Name
glassfish-jaxb-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.11-11.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-runtime

Package

Name
glassfish-jaxb-runtime

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.11-11.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-runtime

Package

Name
glassfish-jaxb-runtime

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.11-11.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / glassfish-jaxb-txw2

Package

Name
glassfish-jaxb-txw2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.11-11.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-txw2

Package

Name
glassfish-jaxb-txw2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.11-11.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / jackson-module-jaxb-annotations

Package

Name
jackson-module-jaxb-annotations

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.6-4.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / jackson-module-jaxb-annotations

Package

Name
jackson-module-jaxb-annotations

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.6-4.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / jakarta-commons-httpclient

Package

Name
jakarta-commons-httpclient

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.1-28.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / jakarta-commons-httpclient

Package

Name
jakarta-commons-httpclient

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.1-28.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / javassist

Package

Name
javassist

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.1-8.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / javassist

Package

Name
javassist

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.1-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / javassist-javadoc

Package

Name
javassist-javadoc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.1-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / javassist-javadoc

Package

Name
javassist-javadoc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.1-8.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / python-nss-doc

Package

Name
python-nss-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1-10.module_el8.5.0+150+5f0dbea0.alma

AlmaLinux:8 / python-nss-doc

Package

Name
python-nss-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1-10.module_el8.5.0+2577+9e95fe00.alma

AlmaLinux:8 / python3-nss

Package

Name
python3-nss

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1-10.module_el8.5.0+150+5f0dbea0.alma

AlmaLinux:8 / python3-nss

Package

Name
python3-nss

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1-10.module_el8.5.0+2577+9e95fe00.alma

AlmaLinux:8 / relaxngDatatype

Package

Name
relaxngDatatype

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2011.1-7.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / relaxngDatatype

Package

Name
relaxngDatatype

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2011.1-7.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / slf4j

Package

Name
slf4j

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.25-4.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / slf4j

Package

Name
slf4j

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.25-4.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / slf4j-jdk14

Package

Name
slf4j-jdk14

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.25-4.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / slf4j-jdk14

Package

Name
slf4j-jdk14

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.25-4.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / stax-ex

Package

Name
stax-ex

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.7-8.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / stax-ex

Package

Name
stax-ex

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.7-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / velocity

Package

Name
velocity

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7-24.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / velocity

Package

Name
velocity

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7-24.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xalan-j2

Package

Name
xalan-j2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1-38.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xalan-j2

Package

Name
xalan-j2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1-38.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xerces-j2

Package

Name
xerces-j2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.11.0-34.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xerces-j2

Package

Name
xerces-j2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.11.0-34.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xml-commons-apis

Package

Name
xml-commons-apis

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.01-25.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xml-commons-apis

Package

Name
xml-commons-apis

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.01-25.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xml-commons-resolver

Package

Name
xml-commons-resolver

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2-26.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xml-commons-resolver

Package

Name
xml-commons-resolver

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2-26.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xmlstreambuffer

Package

Name
xmlstreambuffer

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xmlstreambuffer

Package

Name
xmlstreambuffer

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4-8.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xsom

Package

Name
xsom

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0-19.20110809svn.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xsom

Package

Name
xsom

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0-19.20110809svn.module_el8.5.0+2577+9e95fe00