Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 17 Update: pki-tps-9.0.11-1.fc17
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Thursday 6th June 2013 01:41:43 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-9258
2013-05-26 02:08:23
--------------------------------------------------------------------------------

Name        : pki-tps
Product     : Fedora 17
Version     : 9.0.11
Release     : 1.fc17
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Token Processing System
Description :
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

The Token Processing System (TPS) is an optional PKI subsystem that acts
as a Registration Authority (RA) for authenticating and processing
enrollment requests, PIN reset requests, and formatting requests from
the Enterprise Security Client (ESC).

TPS is designed to communicate with tokens that conform to
Global Platform's Open Platform Specification.

TPS communicates over SSL with various PKI backend subsystems (including
the Certificate Authority (CA), the Data Recovery Manager (DRM), and the
Token Key Service (TKS)) to fulfill the user's requests.

TPS also interacts with the token database, an LDAP server that stores
information about individual tokens.

For deployment purposes, a TPS requires the following components from the
PKI Core package:

  * pki-setup
  * pki-native-tools
  * pki-selinux

and can also make use of the following optional components from the
PKI CORE package:

  * pki-silent

Additionally, Certificate System requires ONE AND ONLY ONE of the
following "Mutually-Exclusive" PKI Theme packages:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
  * redhat-pki-theme (Red Hat Certificate System deployments)




==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================
${overview}

--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #923039 - (CVE-2013-1885) Certificate System: pki-tps XSS
flaw, Bugzilla Bug #924870 - (CVE-2013-1886) Certificate System: pki-tps
format string injection
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 24 2013 Andrew Wnuk  9.0.11-1
- Bugzilla Bug #903401 - TMS: RSA token enrollment failed : public key
decode
- Bugzilla Bug #923039 - (CVE-2013-1885) Certificate System: pki-tps XSS
flaw
- Bugzilla Bug #924870 - (CVE-2013-1886) Certificate System: pki-tps format
string injection
* Thu Dec  6 2012 Jack Magne <[email protected]> 9.0.10-1
- Bugzilla Bug #863272 - rhcs81 tps httpd segfault on interrupted token
format operations. -
- Bugzilla Bug #864607 - Empty certificate search in TPS results in
httpd.worker segmentation fault then server error.
* Tue Oct 30 2012 Andrew Wnuk  9.0.9-1
- New official build
- Changes to allow tps to start correctly - (alee)
- TMS - ECC Key Recovery - ticket #252 (cfu)
- Provide default for operations transition list, related #858816 -
(jmagne)
- TMS ECC infrastructure - ticket #304 (cfu)
* Wed Aug 22 2012 Ade Lee  9.0.8-1
- Added systemd scripts
* Tue Aug  7 2012 Nathan Kinder  9.0.7-4
- The API changed between httpd 2.2 and 2.4.  We now need to pass
  the module index to ap_log_error() when calling it.  The remote_ip
  member of the connection struct also was renamed to client_ip.
  (Patch for Fedora 18 only)
* Sat Jul 21 2012 Fedora Release Engineering
 - 9.0.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #923039 - CVE-2013-1885 Certificate System: pki-tps XSS flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=923039
  [ 2 ] Bug #924870 - CVE-2013-1886 Certificate System: pki-tps format
string injection
        https://bugzilla.redhat.com/show_bug.cgi?id=924870
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pki-tps' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms