ALSA-2019:1529

Source

https://errata.almalinux.org/8/ALSA-2019-1529.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:1529.json

Related

Published

2019-06-18T16:36:21Z

Modified

2019-06-18T16:36:09Z

Summary

Important: pki-deps:10.6 security update

Details

The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System.

Security Fix(es):

tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037)
tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014)
tomcat: Open redirect in default servlet (CVE-2018-11784)
tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / apache-commons-collections

Package

Name: apache-commons-collections

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.2.2-10.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / apache-commons-collections

Package

Name: apache-commons-collections

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.2.2-10.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / apache-commons-lang

Package

Name: apache-commons-lang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.6-21.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / apache-commons-lang

Package

Name: apache-commons-lang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.6-21.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / bea-stax-api

Package

Name: bea-stax-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.2.0-16.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / bea-stax-api

Package

Name: bea-stax-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.2.0-16.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-fastinfoset

Package

Name: glassfish-fastinfoset

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.2.13-9.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / glassfish-fastinfoset

Package

Name: glassfish-fastinfoset

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.2.13-9.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-api

Package

Name: glassfish-jaxb-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.2.12-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-api

Package

Name: glassfish-jaxb-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.2.12-8.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / glassfish-jaxb-core

Package

Name: glassfish-jaxb-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.2.11-11.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / glassfish-jaxb-core

Package

Name: glassfish-jaxb-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.2.11-11.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-runtime

Package

Name: glassfish-jaxb-runtime

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.2.11-11.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-runtime

Package

Name: glassfish-jaxb-runtime

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.2.11-11.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / glassfish-jaxb-txw2

Package

Name: glassfish-jaxb-txw2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.2.11-11.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / glassfish-jaxb-txw2

Package

Name: glassfish-jaxb-txw2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.2.11-11.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / jackson-module-jaxb-annotations

Package

Name: jackson-module-jaxb-annotations

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.6-4.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / jackson-module-jaxb-annotations

Package

Name: jackson-module-jaxb-annotations

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.6-4.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / jakarta-commons-httpclient

Package

Name: jakarta-commons-httpclient

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:3.1-28.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / jakarta-commons-httpclient

Package

Name: jakarta-commons-httpclient

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:3.1-28.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / javassist

Package

Name: javassist

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.18.1-8.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / javassist

Package

Name: javassist

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.18.1-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / javassist-javadoc

Package

Name: javassist-javadoc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.18.1-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / javassist-javadoc

Package

Name: javassist-javadoc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.18.1-8.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / python-nss-doc

Package

Name: python-nss-doc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.0.1-10.module_el8.5.0+150+5f0dbea0.alma

AlmaLinux:8 / python-nss-doc

Package

Name: python-nss-doc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.0.1-10.module_el8.5.0+2577+9e95fe00.alma

AlmaLinux:8 / python3-nss

Package

Name: python3-nss

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.0.1-10.module_el8.5.0+150+5f0dbea0.alma

AlmaLinux:8 / python3-nss

Package

Name: python3-nss

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.0.1-10.module_el8.5.0+2577+9e95fe00.alma

AlmaLinux:8 / relaxngDatatype

Package

Name: relaxngDatatype

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2011.1-7.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / relaxngDatatype

Package

Name: relaxngDatatype

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2011.1-7.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / slf4j

Package

Name: slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.7.25-4.module_el8.6.0+2752+f1f3449e

AlmaLinux:8 / slf4j

Package

Name: slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.7.25-4.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / slf4j-jdk14

Package

Name: slf4j-jdk14

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.7.25-4.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / slf4j-jdk14

Package

Name: slf4j-jdk14

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.7.25-4.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / stax-ex

Package

Name: stax-ex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.7.7-8.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / stax-ex

Package

Name: stax-ex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.7.7-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / velocity

Package

Name: velocity

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.7-24.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / velocity

Package

Name: velocity

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.7-24.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xalan-j2

Package

Name: xalan-j2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.1-38.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xalan-j2

Package

Name: xalan-j2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.1-38.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xerces-j2

Package

Name: xerces-j2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.11.0-34.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xerces-j2

Package

Name: xerces-j2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.11.0-34.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xml-commons-apis

Package

Name: xml-commons-apis

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.4.01-25.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xml-commons-apis

Package

Name: xml-commons-apis

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.4.01-25.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xml-commons-resolver

Package

Name: xml-commons-resolver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.2-26.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xml-commons-resolver

Package

Name: xml-commons-resolver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.2-26.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xmlstreambuffer

Package

Name: xmlstreambuffer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.5.4-8.module_el8.5.0+2577+9e95fe00

AlmaLinux:8 / xmlstreambuffer

Package

Name: xmlstreambuffer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.5.4-8.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xsom

Package

Name: xsom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0-19.20110809svn.module_el8.5.0+150+5f0dbea0

AlmaLinux:8 / xsom

Package

Name: xsom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0-19.20110809svn.module_el8.5.0+2577+9e95fe00