Synopsis: Moderate: pki-core security update Advisory ID: SLSA-2017:2335-1 Issue Date: 2017-08-01 CVE Numbers: CVE-2017-7537 -- Security Fix(es): * It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. (CVE-2017-7537) -- SL7 x86_64 pki-core-debuginfo-10.4.1-11.el7.x86_64.rpm pki-symkey-10.4.1-11.el7.x86_64.rpm pki-tools-10.4.1-11.el7.x86_64.rpm noarch pki-base-10.4.1-11.el7.noarch.rpm pki-base-java-10.4.1-11.el7.noarch.rpm pki-ca-10.4.1-11.el7.noarch.rpm pki-javadoc-10.4.1-11.el7.noarch.rpm pki-kra-10.4.1-11.el7.noarch.rpm pki-server-10.4.1-11.el7.noarch.rpm - Scientific Linux Development Team