1 |
type: security |
2 |
subject: Updated tomcat-native packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2018-8019 |
5 |
- CVE-2018-8020 |
6 |
src: |
7 |
6: |
8 |
core: |
9 |
- tomcat-native-1.2.18-1.mga6 |
10 |
description: | |
11 |
When using an OCSP responder did not correctly handle invalid responses. |
12 |
This allowed for revoked client certificates to be incorrectly identified. |
13 |
It was therefore possible for users to authenticate with revoked |
14 |
certificates when using mutual TLS (CVE-2018-8019). |
15 |
|
16 |
Did not properly check OCSP pre-produced responses. Revoked client |
17 |
certificates may have not been properly identified, allowing for users to |
18 |
authenticate with revoked certificates to connections that require mutual |
19 |
TLS (CVE-2018-8020). |
20 |
references: |
21 |
- https://bugs.mageia.org/show_bug.cgi?id=24755 |
22 |
- http://lists.suse.com/pipermail/sle-security-updates/2019-April/005314.html |
23 |
ID: MGASA-2019-0184 |