Red Hat has issues urgent security update for rhpki package -- the Red Hat PKI Common Framework. This update has been rated as having important security impact by the Red Hat Security Response Team.
Red Hat Certificate System (RHCS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. rhpki-common -- the Red Hat PKI Common Framework -- is required by the following four RHCS subsystems: the Red Hat Certificate Authority; the Red
Hat Data Recovery Manager; the Red Hat Online Certificate Status Protocol Manager; and the Red Hat Token Key Service.
A flaw was found in the way Red Hat Certificate System handled Extensions in the certificate signing requests (CSR). All requested Extensions were added to the issued certificate even if constraints were defined in the Certificate Authority (CA) profile. An attacker could submit a CSR for a
subordinate CA certificate even if the CA configuration prohibited subordinate CA certificates. This lead to a bypass of the intended security policy, possibly simplifying man-in-the-middle attacks against users that trust Certificate Authorities managed by Red Hat Certificate System.
How do I update my system?
Simply type the following command:
# yum update
Sample output:
Loading "rhnplugin" plugin Loading "security" plugin rhel-x86_64-server-vt-5 100% |=========================| 1.2 kB 00:00 rhel-x86_64-server-5 100% |=========================| 1.2 kB 00:00 Skipping security plugin, no data Setting up Update Process Resolving Dependencies Skipping security plugin, no data --> Running transaction check ---> Package yelp.x86_64 0:2.16.0-19.el5 set to be updated ---> Package nspr.i386 0:4.7.1-1.el5 set to be updated ---> Package nspr.x86_64 0:4.7.1-1.el5 set to be updated ---> Package nss.i386 0:3.12.0.3-1.el5 set to be updated ---> Package nss-tools.x86_64 0:3.12.0.3-1.el5 set to be updated ---> Package nss.x86_64 0:3.12.0.3-1.el5 set to be updated ---> Package xulrunner.x86_64 0:1.9-1.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Updating: nspr i386 4.7.1-1.el5 rhel-x86_64-server-5 119 k nspr x86_64 4.7.1-1.el5 rhel-x86_64-server-5 117 k nss i386 3.12.0.3-1.el5 rhel-x86_64-server-5 1.1 M nss x86_64 3.12.0.3-1.el5 rhel-x86_64-server-5 1.1 M nss-tools x86_64 3.12.0.3-1.el5 rhel-x86_64-server-5 2.2 M xulrunner x86_64 1.9-1.el5 rhel-x86_64-server-5 10 M yelp x86_64 2.16.0-19.el5 rhel-x86_64-server-5 583 k Transaction Summary ============================================================================= Install 0 Package(s) Update 7 Package(s) Remove 0 Package(s) Total download size: 16 M Is this ok [y/N]: y Downloading Packages: (1/7): xulrunner-1.9-1.el 100% |=========================| 10 MB 00:09 (2/7): nss-3.12.0.3-1.el5 100% |=========================| 1.1 MB 00:00 (3/7): nss-tools-3.12.0.3 100% |=========================| 2.2 MB 00:02 (4/7): nss-3.12.0.3-1.el5 100% |=========================| 1.1 MB 00:00 (5/7): nspr-4.7.1-1.el5.x 100% |=========================| 117 kB 00:00 (6/7): nspr-4.7.1-1.el5.i 100% |=========================| 119 kB 00:00 (7/7): yelp-2.16.0-19.el5 100% |=========================| 583 kB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : nspr ####################### [ 1/14] Updating : nss ####################### [ 2/14] Updating : xulrunner ####################### [ 3/14] Updating : nspr ####################### [ 4/14] Updating : yelp ####################### [ 5/14] Updating : nss-tools ####################### [ 6/14] Updating : nss ####################### [ 7/14] warning: /etc/pki/nssdb/cert8.db created as /etc/pki/nssdb/cert8.db.rpmnew warning: /etc/pki/nssdb/key3.db created as /etc/pki/nssdb/key3.db.rpmnew Cleanup : yelp ####################### [ 8/14] Cleanup : nspr ####################### [ 9/14] Cleanup : nspr ####################### [10/14] Cleanup : nss ####################### [11/14] Cleanup : nss-tools ####################### [12/14] Cleanup : nss ####################### [13/14] Cleanup : xulrunner ####################### [14/14] Updated: nspr.i386 0:4.7.1-1.el5 nspr.x86_64 0:4.7.1-1.el5 nss.i386 0:3.12.0.3-1.el5 nss.x86_64 0:3.12.0.3-1.el5 nss-tools.x86_64 0:3.12.0.3-1.el5 xulrunner.x86_64 0:1.9-1.el5 yelp.x86_64 0:2.16.0-19.el5 Complete!
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
![Important: Openssl Security Update [CVE-2008-5077]](http://s0.cyberciti.org/images/rp/1/16.jpg)
![Red Hat Enterprise Linux 5 IMPORTANT Security Update [ 4-Nov-2008 ]](http://s0.cyberciti.org/images/rp/1/4.jpg)
{ 0 comments… add one now }