Advisories » MGASA-2020-0018

Updated jss packages fix security vulnerability

Publication date: 05 Jan 2020
Modification date: 05 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-14823

Description

Updated jss packages fix security vulnerability:

A flaw was found in the "Leaf and Chain" OCSP policy implementation in
JSS CryptoManager, where it implicitly trusted the root certificate of
a certificate chain. Applications using this policy may not properly
verify the chain and could be vulnerable to attacks such as Man in the
Middle (CVE-2019-14823).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25958
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14823

SRPMS

7/core

• jss-4.6.2-1.mga7