{"id":"RHSA-2024:3061","summary":"Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security update","modified":"2026-03-28T10:03:50Z","published":"2024-09-13T15:48:09Z","upstream":["CVE-2020-36518"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:3061"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064698"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/RHEL-12764"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/RHEL-12765"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/RHEL-16724"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/RHEL-19140"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/RHEL-22445"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3061.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2020-36518"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2020-36518"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36518"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-57j2-w4cx-62h2"}],"affected":[{"package":{"name":"apache-commons-collections","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/apache-commons-collections"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.2.2-10.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"apache-commons-lang","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/apache-commons-lang"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.6-21.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"apache-commons-net","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/apache-commons-net"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.6-3.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"bea-stax","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/bea-stax"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.0-16.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"bea-stax-api","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/bea-stax-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.0-16.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"fasterxml-oss-parent","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/fasterxml-oss-parent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:49-1.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"glassfish-fastinfoset","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-fastinfoset"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.13-9.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"glassfish-jaxb","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-12.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"glassfish-jaxb-api","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.12-8.module+el8.10.0+21035+a01f6469"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"glassfish-jaxb-core","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-12.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"glassfish-jaxb-runtime","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-runtime"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-12.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"glassfish-jaxb-txw2","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/glassfish-jaxb-txw2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.11-12.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"jackson-annotations","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.14.2-1.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"jackson-bom","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-bom"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.14.2-1.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"jackson-core","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.14.2-1.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"jackson-databind","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-databind"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.14.2-1.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"jackson-jaxrs-json-provider","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-jaxrs-json-provider"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.14.2-1.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"jackson-jaxrs-providers","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-jaxrs-providers"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.14.2-1.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"jackson-module-jaxb-annotations","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-module-jaxb-annotations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.14.2-2.module+el8.10.0+21055+7d27fa3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"jackson-modules-base","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-modules-base"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.14.2-2.module+el8.10.0+21055+7d27fa3b"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"jackson-parent","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jackson-parent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.14-1.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"jakarta-commons-httpclient","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/jakarta-commons-httpclient"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.1-28.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"javassist","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/javassist"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.18.1-8.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"javassist-javadoc","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/javassist-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.18.1-8.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"pki-servlet-engine","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/pki-servlet-engine"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.0.62-1.module+el8.10.0+21257+2b5308b5"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"relaxngDatatype","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/relaxngDatatype"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2011.1-7.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"slf4j","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/slf4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.25-4.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"slf4j-jdk14","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/slf4j-jdk14"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.25-4.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"stax-ex","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/stax-ex"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.7-8.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"velocity","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/velocity"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7-24.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"xalan-j2","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xalan-j2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.1-38.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"xerces-j2","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xerces-j2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.11.0-34.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"xml-commons-apis","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xml-commons-apis"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.01-25.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"xml-commons-resolver","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xml-commons-resolver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2-26.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"xmlstreambuffer","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xmlstreambuffer"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.4-8.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}},{"package":{"name":"xsom","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/xsom"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0-19.20110809svn.module+el8.10.0+20993+d0f024b0"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:3061.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}