Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2021-4213) ELSA-2022-1851: pki-core:10.6 security and bug fix update

Back to Search

Oracle Linux: (CVE-2021-4213) ELSA-2022-1851: pki-core:10.6 security and bug fix update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
05/17/2022
Created
05/20/2022
Added
05/18/2022
Modified
05/18/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-1851:

jss [4.9.3-1] - Rebase to JSS 4.9.3 - Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM [rhel-8] [4.9.2-1] - Rebase to JSS 4.9.2 ldapjdk [4.23.0-1] - Rebase to LDAP SDK 4.23.0 [4.23.0-0.1] - Rebase to LDAP SDK 4.23.0-alpha1 pki-core [10.12.0-2.0.1] - Remove upstream reference. [10.12.0-2] - Bug 2027470 - pki-healthcheck ClonesConnectivyAndDataCheck fails [10.12.0-0.1] - Rebase to PKI 10.12.0 - Bug 1904112 - pki fails to start if empty dir /var/lib/pki/pki-tomcat/kra exists - Bug 1984455 - [RFE] Date Format on the TPS Agent Page - Bug 1980378 - 'keyctl_search: Required key not available' message when running 'ipa-healthcheck' - Bug 2004084 - Reinstall of the same ipa-replica fails with 'RuntimeError: CA configuration failed.' - Bug 2006070 - Upgrades incorrectly add secret attribute to connectors

Solution(s)

  • oracle-linux-upgrade-jss
  • oracle-linux-upgrade-jss-javadoc
  • oracle-linux-upgrade-ldapjdk
  • oracle-linux-upgrade-ldapjdk-javadoc
  • oracle-linux-upgrade-pki-acme
  • oracle-linux-upgrade-pki-base
  • oracle-linux-upgrade-pki-base-java
  • oracle-linux-upgrade-pki-ca
  • oracle-linux-upgrade-pki-core
  • oracle-linux-upgrade-pki-kra
  • oracle-linux-upgrade-pki-server
  • oracle-linux-upgrade-pki-symkey
  • oracle-linux-upgrade-pki-tools
  • oracle-linux-upgrade-python3-pki
  • oracle-linux-upgrade-tomcatjss

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;