/[advisories]/24755.adv
ViewVC logotype

Contents of /24755.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 8574 - (show annotations) (download)
Sun May 19 10:52:32 2019 UTC (5 weeks, 3 days ago) by tmb
File size: 868 byte(s)
MGASA-2019-0184: tomcat-native-1.2.18-1.mga6
1 type: security
2 subject: Updated tomcat-native packages fix security vulnerability
3 CVE:
4 - CVE-2018-8019
5 - CVE-2018-8020
6 src:
7 6:
8 core:
9 - tomcat-native-1.2.18-1.mga6
10 description: |
11 When using an OCSP responder did not correctly handle invalid responses.
12 This allowed for revoked client certificates to be incorrectly identified.
13 It was therefore possible for users to authenticate with revoked
14 certificates when using mutual TLS (CVE-2018-8019).
15
16 Did not properly check OCSP pre-produced responses. Revoked client
17 certificates may have not been properly identified, allowing for users to
18 authenticate with revoked certificates to connections that require mutual
19 TLS (CVE-2018-8020).
20 references:
21 - https://bugs.mageia.org/show_bug.cgi?id=24755
22 - http://lists.suse.com/pipermail/sle-security-updates/2019-April/005314.html
23 ID: MGASA-2019-0184

  ViewVC Help
Powered by ViewVC 1.1.26