RLSA-2019:1529

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2019:1529.json

Related

Published

2019-06-18T16:36:21Z

Modified

2023-02-02T12:55:23.655206Z

Summary

Important: pki-deps:10.6 security update

Details

The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System.

Security Fix(es):

tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037)
tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014)
tomcat: Open redirect in default servlet (CVE-2018-11784)
tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

Rocky Linux:8 / apache-commons-collections

Package

Name: apache-commons-collections

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.2.2-10.module+el8.3.0+53+ea062990

Rocky Linux:8 / apache-commons-collections

Package

Name: apache-commons-collections

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.2.2-10.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / apache-commons-lang

Package

Name: apache-commons-lang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.6-21.module+el8.3.0+53+ea062990

Rocky Linux:8 / apache-commons-lang

Package

Name: apache-commons-lang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.6-21.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / bea-stax

Package

Name: bea-stax

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.2.0-16.module+el8.3.0+53+ea062990

Rocky Linux:8 / glassfish-fastinfoset

Package

Name: glassfish-fastinfoset

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.2.13-9.module+el8.3.0+53+ea062990

Rocky Linux:8 / glassfish-jaxb

Package

Name: glassfish-jaxb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.2.11-11.module+el8.3.0+53+ea062990

Rocky Linux:8 / glassfish-jaxb-api

Package

Name: glassfish-jaxb-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.2.12-8.module+el8.3.0+53+ea062990

Rocky Linux:8 / jackson-module-jaxb-annotations

Package

Name: jackson-module-jaxb-annotations

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.7.6-4.module+el8.3.0+53+ea062990

Rocky Linux:8 / jakarta-commons-httpclient

Package

Name: jakarta-commons-httpclient

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:3.1-28.module+el8.3.0+53+ea062990

Rocky Linux:8 / jakarta-commons-httpclient

Package

Name: jakarta-commons-httpclient

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:3.1-28.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / javassist

Package

Name: javassist

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.18.1-8.module+el8.3.0+53+ea062990

Rocky Linux:8 / javassist

Package

Name: javassist

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.18.1-8.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / python-nss

Package

Name: python-nss

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0.1-10.module+el8.3.0+53+ea062990

Rocky Linux:8 / relaxngDatatype

Package

Name: relaxngDatatype

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2011.1-7.module+el8.3.0+53+ea062990

Rocky Linux:8 / resteasy

Package

Name: resteasy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.0.26-3.module+el8.3.0+53+ea062990

Rocky Linux:8 / slf4j

Package

Name: slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.25-4.module+el8.5.0+697+f586bb30

Rocky Linux:8 / slf4j

Package

Name: slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.25-4.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / slf4j

Package

Name: slf4j

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.25-4.module+el8.3.0+133+b8b54b58

Rocky Linux:8 / stax-ex

Package

Name: stax-ex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7.7-8.module+el8.3.0+53+ea062990

Rocky Linux:8 / velocity

Package

Name: velocity

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7-24.module+el8.3.0+53+ea062990

Rocky Linux:8 / velocity

Package

Name: velocity

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.7-24.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / xalan-j2

Package

Name: xalan-j2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.7.1-38.module+el8.3.0+53+ea062990

Rocky Linux:8 / xalan-j2

Package

Name: xalan-j2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.7.1-38.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / xerces-j2

Package

Name: xerces-j2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.11.0-34.module+el8.3.0+53+ea062990

Rocky Linux:8 / xerces-j2

Package

Name: xerces-j2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.11.0-34.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / xml-commons-apis

Package

Name: xml-commons-apis

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4.01-25.module+el8.5.0+697+f586bb30

Rocky Linux:8 / xml-commons-apis

Package

Name: xml-commons-apis

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4.01-25.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / xml-commons-apis

Package

Name: xml-commons-apis

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.4.01-25.module+el8.3.0+53+ea062990

Rocky Linux:8 / xml-commons-resolver

Package

Name: xml-commons-resolver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.2-26.module+el8.3.0+53+ea062990

Rocky Linux:8 / xml-commons-resolver

Package

Name: xml-commons-resolver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.2-26.module+el8.3.0+74+855e3f5d

Rocky Linux:8 / xmlstreambuffer

Package

Name: xmlstreambuffer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.5.4-8.module+el8.3.0+53+ea062990

Rocky Linux:8 / xsom

Package

Name: xsom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0-19.20110809svn.module+el8.3.0+53+ea062990