{"id":"MGASA-2019-0184","summary":"Updated tomcat-native packages fix security vulnerability","details":"When using an OCSP responder did not correctly handle invalid responses.\nThis allowed for revoked client certificates to be incorrectly identified.\nIt was therefore possible for users to authenticate with revoked\ncertificates when using mutual TLS (CVE-2018-8019).\n\nDid not properly check OCSP pre-produced responses. Revoked client\ncertificates may have not been properly identified, allowing for users to\nauthenticate with revoked certificates to connections that require mutual\nTLS (CVE-2018-8020).\n","modified":"2026-04-16T04:41:44.443805085Z","published":"2019-05-19T11:27:30Z","upstream":["CVE-2018-8019","CVE-2018-8020"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0184.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24755"},{"type":"WEB","url":"http://lists.suse.com/pipermail/sle-security-updates/2019-April/005314.html"}],"affected":[{"package":{"name":"tomcat-native","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/tomcat-native?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.18-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0184.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}