{"id":"ALSA-2022:7326","summary":"Important: pki-core security update","details":"The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System.\n\nSecurity Fix(es):\n\n* pki-core: access to external entities when parsing XML can lead to XXE (CVE-2022-2414)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-01-30T02:26:52.152485Z","published":"2022-11-02T00:00:00Z","related":["CVE-2022-2414"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2022:7326"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2414"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2104676"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2022-7326.html"}],"affected":[{"package":{"name":"pki-acme","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/pki-acme"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.6-2.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:7326.json"}},{"package":{"name":"pki-base","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/pki-base"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.6-2.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:7326.json"}},{"package":{"name":"pki-base-java","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/pki-base-java"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.6-2.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:7326.json"}},{"package":{"name":"pki-ca","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/pki-ca"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.6-2.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:7326.json"}},{"package":{"name":"pki-kra","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/pki-kra"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.6-2.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:7326.json"}},{"package":{"name":"pki-server","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/pki-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.6-2.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:7326.json"}},{"package":{"name":"pki-symkey","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/pki-symkey"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.6-2.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:7326.json"}},{"package":{"name":"pki-tools","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/pki-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.6-2.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:7326.json"}},{"package":{"name":"python3-pki","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3-pki"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.6-2.el9_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:7326.json"}}],"schema_version":"1.7.3"}