Updated jss packages fix security vulnerability
Publication date: 05 Jan 2020Modification date: 05 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-14823
Description
Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle (CVE-2019-14823).
References
SRPMS
7/core
- jss-4.6.2-1.mga7