{"id":"RHSA-2019:1529","summary":"Red Hat Security Advisory: pki-deps:10.6 security update","modified":"2026-03-19T10:02:35Z","published":"2024-10-21T22:15:11Z","upstream":["CVE-2018-11784","CVE-2018-8014","CVE-2018-8034","CVE-2018-8037"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1529"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1579611"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1607580"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1607582"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1636512"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_1529.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-8014"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-8014"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8014"},{"type":"ARTICLE","url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.89"},{"type":"ARTICLE","url":"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.53"},{"type":"ARTICLE","url":"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.32"},{"type":"ARTICLE","url":"http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.9"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-8034"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-8034"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8034"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-8037"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-8037"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8037"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-11784"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-11784"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11784"},{"type":"ARTICLE","url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.91"},{"type":"ARTICLE","url":"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.34"},{"type":"ARTICLE","url":"http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.12"}],"affected":[{"package":{"name":"apache-commons-collections","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/apache-commons-collections"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.2.2-10.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"apache-commons-lang","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/apache-commons-lang"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.6-21.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"bea-stax","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/bea-stax"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.0-16.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"bea-stax-api","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/bea-stax-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.0-16.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"glassfish-fastinfoset","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-fastinfoset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.13-9.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"glassfish-jaxb","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-11.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"glassfish-jaxb-api","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.12-8.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"glassfish-jaxb-core","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-11.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"glassfish-jaxb-runtime","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-runtime"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-11.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"glassfish-jaxb-txw2","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-txw2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-11.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"jackson-annotations","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.9.8-1.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"jackson-core","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.9.8-1.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"jackson-databind","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-databind"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.9.8-1.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"jackson-jaxrs-json-provider","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-jaxrs-json-provider"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.9.8-1.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"jackson-jaxrs-providers","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-jaxrs-providers"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.9.8-1.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"jackson-module-jaxb-annotations","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-module-jaxb-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.6-4.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"jakarta-commons-httpclient","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jakarta-commons-httpclient"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.1-28.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"javassist","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/javassist"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.18.1-8.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"javassist-javadoc","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/javassist-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.18.1-8.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"pki-servlet-4.0-api","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/pki-servlet-4.0-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.0.7-14.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"pki-servlet-container","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/pki-servlet-container"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.0.7-14.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"python-nss","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/python-nss"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.1-10.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"python-nss-debugsource","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/python-nss-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.1-10.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"python-nss-doc","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/python-nss-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.1-10.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"python3-nss","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/python3-nss"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.1-10.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"python3-nss-debuginfo","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/python3-nss-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.1-10.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"relaxngDatatype","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/relaxngDatatype"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2011.1-7.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"resteasy","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/resteasy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.0.26-3.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"slf4j","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.25-4.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"slf4j-jdk14","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/slf4j-jdk14"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.25-4.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"stax-ex","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/stax-ex"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.7-8.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"velocity","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/velocity"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7-24.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"xalan-j2","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xalan-j2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.1-38.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"xerces-j2","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xerces-j2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.11.0-34.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"xml-commons-apis","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xml-commons-apis"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.01-25.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"xml-commons-resolver","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xml-commons-resolver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2-26.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"xmlstreambuffer","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xmlstreambuffer"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.4-8.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}},{"package":{"name":"xsom","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xsom"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0-19.20110809svn.module+el8.0.0+3248+9d514f3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:1529.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}