-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0985
        pki-core, redhat-pki-theme and certificate system security
                            and bug fix update
                               23 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           pki-core
                   redhat-pki-theme
                   Certificate System
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Cross-site Scripting -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-1696 CVE-2019-10180 CVE-2019-10178

Reference:         ASB-2020.0221

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:0947
   https://access.redhat.com/errata/RHSA-2021:0948

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: pki-core and redhat-pki-theme security and bug fix update
Advisory ID:       RHSA-2021:0947-01
Product:           Red Hat Certificate System
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0947
Issue date:        2021-03-22
CVE Names:         CVE-2019-10178 CVE-2019-10180 CVE-2020-1696 
=====================================================================

1. Summary:

An update for pki-core and redhat-pki-theme is now available for Red Hat
Certificate System 9.7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7 - noarch, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity
tab (CVE-2019-10178)

* pki-core: unsanitized token parameters in TPS resulting in stored XSS
(CVE-2019-10180)

* pki-core: Stored XSS in TPS profile creation (CVE-2020-1696)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* TPS - Add logging to tdbAddCertificatesForCUID if adding or searching for
cert record fails (BZ#1710978)

* TPS - Update Error Codes returned to client (CIW/ESC) to Match CS8
(BZ#1858860)

* TPS - Server side key generation is not working for Identity only tokens
- - - Missing some commits (BZ#1858861)

* TPS does not check token cuid on the user registration record during PIN
reset (BZ#1858867)

* Update RHCS version of CA, KRA, OCSP, and TKS so that it can be
identified using a browser  [RHCS 9.7.z BU 2] (BZ#1895104)

* Update RHCS version of CA, KRA, OCSP, and TKS so that it can be
identified using a browser  [RHCS 9.7.z BU 4] (BZ#1914474)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1719042 - CVE-2019-10178 pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity tab
1721137 - CVE-2019-10180 pki-core: unsanitized token parameters in TPS resulting in stored XSS
1780707 - CVE-2020-1696 pki-core: Stored XSS in TPS profile creation

6. Package List:

Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7:

Source:
pki-core-10.5.18-12.el7pki.src.rpm
redhat-pki-theme-10.5.18-5.el7pki.src.rpm

noarch:
pki-ocsp-10.5.18-12.el7pki.noarch.rpm
pki-tks-10.5.18-12.el7pki.noarch.rpm
redhat-pki-console-theme-10.5.18-5.el7pki.noarch.rpm
redhat-pki-server-theme-10.5.18-5.el7pki.noarch.rpm

x86_64:
pki-core-debuginfo-10.5.18-12.el7pki.x86_64.rpm
pki-tps-10.5.18-12.el7pki.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-10178
https://access.redhat.com/security/cve/CVE-2019-10180
https://access.redhat.com/security/cve/CVE-2020-1696
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYFhQ6tzjgjWX9erEAQgznw/8CXabpC7kn8wNVevZQGxeeyLv3s4IJ9ii
hxY6ZJuft87FsRlH5dT4tzAhybJN2igQGAL29OjLx6RcNkscJHr+mdKosV1CyTNd
dafD7K6LnH3X/b6PKurkfDr8ehv2xpn5Gn5p2kB6x15AceGGPrMJ6WjiYM+J0yYY
bAFaRRWbO3G27l4ZNKRSinDTU8cVxnV9olGwRcrHu8T5EdxudcEB6PHTy4dSbgwn
H5z5JF92+IbbKiD/FvfW4ryuljb+IIf2EYqDzSmKZd3bGqP7Xt1K6+Sw3K3FzSxn
nbdfAiKwMUZLJaKQWZRgwjwP2jYSeGjyMmvzyBk/a+6AsA69F7LlMjQ3jGkt2yst
O8miYKURucBY4ghtu/CngtD/wypra2zkTtxDUTMiEc0fSjwI95SPjCcvg3UZQLOE
QiKDeTptoyzrL2g4x4SSewIOEfBHEVAFy3S8a6XObGRpKG4dZvZB/tH1U+WqABBC
5z8rxRPWKPFN+4mBGLpp7S4gD2GOn1aoaZoMvPzLYIhVgHWZ+3maoDw6K1uMdl3G
TZ6wdfdfPqvlbbmRz4sn7yVOR40dWirpju26qTcPhNquN0AdXiNJZiKkX9GVP9Y0
QegBtc7phSQOKl6jKT/foj592YQLP+j9vMR0Xy6+kbUmGAFC10A3ffRlRwcbpFLw
HjTvuM1MjUI=
=yvFZ
- -----END PGP SIGNATURE-----


- --------------------------------------------------------------------------------


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Certificate System security and bug fix update
Advisory ID:       RHSA-2021:0948-01
Product:           Red Hat Certificate System
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0948
Issue date:        2021-03-22
CVE Names:         CVE-2019-10178 CVE-2019-10180 CVE-2020-1696 
=====================================================================

1. Summary:

An update for pki-console, pki-core, and redhat-pki-theme is now available
for Red Hat Certificate System 9.4 EUS.

Red Hat Certificate System 9.4 EUS is a special channel for the delivery of
Red Hat Certificate System updates. Downgrading the installed packages is
not supported. 

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Certificate System 9.4 EUS for Red Hat Enterprise Server 7 - noarch, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity
tab (CVE-2019-10178)

* pki-core: unsanitized token parameters in TPS resulting in stored XSS
(CVE-2019-10180)

* pki-core: Stored XSS in TPS profile creation (CVE-2020-1696)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Update Batch Update Information to Version 20 [RHCS 9.4.z] (BZ#1931149)

* Not able to launch pkiconsole -- RHEL 7.6.z backport request [RHCS 9.4.z]
(BZ#1931718)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1719042 - CVE-2019-10178 pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity tab
1721137 - CVE-2019-10180 pki-core: unsanitized token parameters in TPS resulting in stored XSS
1780707 - CVE-2020-1696 pki-core: Stored XSS in TPS profile creation

6. Package List:

Red Hat Certificate System 9.4 EUS for Red Hat Enterprise Server 7:

Source:
idm-console-framework-1.1.17-4.el7dsrv.src.rpm
pki-console-10.5.9-2.el7pki.src.rpm
pki-core-10.5.9-15.el7pki.src.rpm
redhat-pki-theme-10.5.9-5.el7pki.src.rpm

noarch:
idm-console-framework-1.1.17-4.el7dsrv.noarch.rpm
pki-console-10.5.9-2.el7pki.noarch.rpm
pki-ocsp-10.5.9-15.el7pki.noarch.rpm
pki-tks-10.5.9-15.el7pki.noarch.rpm
redhat-pki-console-theme-10.5.9-5.el7pki.noarch.rpm
redhat-pki-server-theme-10.5.9-5.el7pki.noarch.rpm

x86_64:
pki-core-debuginfo-10.5.9-15.el7pki.x86_64.rpm
pki-tps-10.5.9-15.el7pki.x86_64.rpm

Red Hat Certificate System 9.4 EUS for Red Hat Enterprise Server 7:

Source:
pki-console-10.5.9-2.el7pki.src.rpm
pki-core-10.5.9-15.el7pki.src.rpm
redhat-pki-theme-10.5.9-5.el7pki.src.rpm

noarch:
pki-console-10.5.9-2.el7pki.noarch.rpm
pki-ocsp-10.5.9-15.el7pki.noarch.rpm
pki-tks-10.5.9-15.el7pki.noarch.rpm
redhat-pki-console-theme-10.5.9-5.el7pki.noarch.rpm
redhat-pki-server-theme-10.5.9-5.el7pki.noarch.rpm

x86_64:
pki-core-debuginfo-10.5.9-15.el7pki.x86_64.rpm
pki-tps-10.5.9-15.el7pki.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-10178
https://access.redhat.com/security/cve/CVE-2019-10180
https://access.redhat.com/security/cve/CVE-2020-1696
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYFhdztzjgjWX9erEAQj6aA//bR+6+2CzjiglKDMwLrRzn4A0zL5hWJdV
5Vp7Di3ryqpxkTfNRiZDxpUoLRRUa1aNy9tqeZiAnP1VrqxfjM+HTtea7qCFDbsX
MBdKj4LHSiONZlS/Af4A0oUVfPMqhppIy2ZiQLVEfjZEMFH67Xhlh6f1VzshFSVe
uk+tcVG7TTOmTbjAW5i2CwpbzdTGxyOEXGcgWiQ0JiJ+tIJP2adRYiGfcu0A95ZF
s5hL5okcWP9VEvOXXDfiQMjOw3fbsrTyn7ilL9wUEpD7zH0hBuvKqmRmirYt/4G9
g39/t7wUKJ2Jue1O0NbFhZ/gn1lpemXHN2z75p+4EUeH8lw9gTapciZD24VP7gDK
djLXrErjzKr+R01BKKaw8tg0Mtvwq7HhXJS0+aEW+tytjBIsMAQyVwXWQqndRVJ8
pwq/UnU2tIVCx4/bsU0m6FDNPw3BiQAZZGZjefHKoHLtgrFgyIpLIxM2skIUsRcz
TaL3P64NHLUSQAyrbHx2moeoO00hk3IoMKUMPxU9rbTOJ5Nl1WKQGIUmGjfl69g6
S9be1WwlWiwrCdFNbOmdMzm4/Go51Nn7INKwpqmLbLhJuRh8zkQE0bQPBc5mTKBj
LOAOg0JsKhM0AId2M1Xy/88O1E2Xbb7b1+uWmcLVi7V7VY7PigDYiRD04W30B6Bo
pswGYd8qNHA=
=xm9O
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFkrLuNLKJtyKPYoAQhAQQ/9GwMNzJpRWzbvklSmbdVE21utBLakhxp7
Hvw6YLQeRDp9dF6owYMkswceBtuWw6Nu5rbT2jcumV1YJnLUSGvxPcYOxX0OqZls
f+HBDtf12djP9uyxjz2QdcwctxPl6yMjVCSHx7F6lrGtxzEgl/MH9fI80gbUoNJQ
Ol06EnrzUiZ4E+RENSfn5tQSKPtafo9E95dJgtDV4ipnhcuoJEx8nN2V9DoOd2PN
BjWh9CuDhiJ/3fzoAjHpUtclm2xba9yCb0sN5LuD2+2LgF1rs7pf1orVtfWP4bDV
wFyB4SMCkroejeTIOfYW7qzKmXZ+QYrz1eQUS+vtIoBntuABX1nRD2wSl5BRcFGi
WYT5ttk8pbK/6DNsiA5H5b/Yr9ItaV+z2NORMQo9CnrHVGbUSQtORiEZYfGlOTXt
39PKpEo0LEzCn/e+M69tQsk318GcqW/LFREFitHP4Wbht7VxS71aWMteBP5oHlAI
HeZEuUrNCkPURWXSXCcGLjS8PU2RQJ8v3fUv5DFK7Re03nO2FaOogjzvheyCaQ9s
OS8BD8q9Jzd4aCmXcydhH/lKNpzUesxbf+BshSdU+EbnAsaZ1YsfhOVbdmvIQ48Q
/qLVeHyuAWjT3cutGwz6Jw/9X/1rZ+LbXgovOY/gV0cxdLMsN6YXnGxdsJmXm/lb
grtMn30f2XA=
=S82c
-----END PGP SIGNATURE-----