RLSA-2019:1529
- Source
- https://errata.rockylinux.org/RLSA-2019:1529
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2019:1529.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2019:1529
- Related
- Published
- 2019-06-18T16:36:21Z
- Modified
- 2023-02-02T12:55:23.655206Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- Important: pki-deps:10.6 security update
- Details
-
The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System.
Security Fix(es):
tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037)
tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014)
tomcat: Open redirect in default servlet (CVE-2018-11784)
tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / apache-commons-collections
Package
- Name
- apache-commons-collections
- Purl
- pkg:rpm/rocky-linux/apache-commons-collections?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / apache-commons-collections
Package
- Name
- apache-commons-collections
- Purl
- pkg:rpm/rocky-linux/apache-commons-collections?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / apache-commons-lang
Package
- Name
- apache-commons-lang
- Purl
- pkg:rpm/rocky-linux/apache-commons-lang?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / apache-commons-lang
Package
- Name
- apache-commons-lang
- Purl
- pkg:rpm/rocky-linux/apache-commons-lang?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / bea-stax
Package
- Name
- bea-stax
- Purl
- pkg:rpm/rocky-linux/bea-stax?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / glassfish-fastinfoset
Package
- Name
- glassfish-fastinfoset
- Purl
- pkg:rpm/rocky-linux/glassfish-fastinfoset?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / glassfish-jaxb
Package
- Name
- glassfish-jaxb
- Purl
- pkg:rpm/rocky-linux/glassfish-jaxb?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / glassfish-jaxb-api
Package
- Name
- glassfish-jaxb-api
- Purl
- pkg:rpm/rocky-linux/glassfish-jaxb-api?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / jackson-module-jaxb-annotations
Package
- Name
- jackson-module-jaxb-annotations
- Purl
- pkg:rpm/rocky-linux/jackson-module-jaxb-annotations?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / jakarta-commons-httpclient
Package
- Name
- jakarta-commons-httpclient
- Purl
- pkg:rpm/rocky-linux/jakarta-commons-httpclient?distro=rocky-linux-8&epoch=1
Rocky Linux:8 / jakarta-commons-httpclient
Package
- Name
- jakarta-commons-httpclient
- Purl
- pkg:rpm/rocky-linux/jakarta-commons-httpclient?distro=rocky-linux-8&epoch=1
Rocky Linux:8 / javassist
Package
- Name
- javassist
- Purl
- pkg:rpm/rocky-linux/javassist?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / javassist
Package
- Name
- javassist
- Purl
- pkg:rpm/rocky-linux/javassist?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / python-nss
Package
- Name
- python-nss
- Purl
- pkg:rpm/rocky-linux/python-nss?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / relaxngDatatype
Package
- Name
- relaxngDatatype
- Purl
- pkg:rpm/rocky-linux/relaxngDatatype?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / resteasy
Package
- Name
- resteasy
- Purl
- pkg:rpm/rocky-linux/resteasy?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / slf4j
Package
- Name
- slf4j
- Purl
- pkg:rpm/rocky-linux/slf4j?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / slf4j
Package
- Name
- slf4j
- Purl
- pkg:rpm/rocky-linux/slf4j?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / slf4j
Package
- Name
- slf4j
- Purl
- pkg:rpm/rocky-linux/slf4j?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / stax-ex
Package
- Name
- stax-ex
- Purl
- pkg:rpm/rocky-linux/stax-ex?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / velocity
Package
- Name
- velocity
- Purl
- pkg:rpm/rocky-linux/velocity?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / velocity
Package
- Name
- velocity
- Purl
- pkg:rpm/rocky-linux/velocity?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xalan-j2
Package
- Name
- xalan-j2
- Purl
- pkg:rpm/rocky-linux/xalan-j2?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xalan-j2
Package
- Name
- xalan-j2
- Purl
- pkg:rpm/rocky-linux/xalan-j2?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xerces-j2
Package
- Name
- xerces-j2
- Purl
- pkg:rpm/rocky-linux/xerces-j2?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xerces-j2
Package
- Name
- xerces-j2
- Purl
- pkg:rpm/rocky-linux/xerces-j2?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xml-commons-apis
Package
- Name
- xml-commons-apis
- Purl
- pkg:rpm/rocky-linux/xml-commons-apis?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xml-commons-apis
Package
- Name
- xml-commons-apis
- Purl
- pkg:rpm/rocky-linux/xml-commons-apis?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xml-commons-apis
Package
- Name
- xml-commons-apis
- Purl
- pkg:rpm/rocky-linux/xml-commons-apis?distro=rocky-linux-8-4-legacy&epoch=0
Rocky Linux:8 / xml-commons-resolver
Package
- Name
- xml-commons-resolver
- Purl
- pkg:rpm/rocky-linux/xml-commons-resolver?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xml-commons-resolver
Package
- Name
- xml-commons-resolver
- Purl
- pkg:rpm/rocky-linux/xml-commons-resolver?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xmlstreambuffer
Package
- Name
- xmlstreambuffer
- Purl
- pkg:rpm/rocky-linux/xmlstreambuffer?distro=rocky-linux-8&epoch=0
Rocky Linux:8 / xsom
Package
- Name
- xsom
- Purl
- pkg:rpm/rocky-linux/xsom?distro=rocky-linux-8&epoch=0