Updated keyutils packages that fix one bug and add one enhancement are now available for Red Hat Enterprise Linux 6.
The keyutils package provides utilities to control the Linux kernel key management facility and to provide a mechanism by which the kernel calls up to user space to get a key instantiated.
- The keyutils subpackage did not contain a dependency on the keyutils-libs subpackage but rather it contained only an implicit dependency on the libkeyutils.so.[n] shared object files specified as the SONAME variable. As a consequence, the keyutils subpackage could have been updated without applying the newest keyutils libraries, which could have caused keyutils to work incorrectly. To fix this issue, the keyutils spec file has been modified to include an explicit dependency on the version of keyutils-libs that matches the keyutils subpackage. Both subpackages are now updated together.
- Previously, the keyutils subpackages were compiled without the RELRO (read-only relocations) flag. Programs provided by this package and also programs built against the keyutils libraries were thus vulnerable to various attacks based on overwriting the ELF section of a program. To increase the security of keyutils programs and libraries, the keyutils spec file has been modified to use the "-Wl,-z,relro" flags when compiling the packages. As a result, the keyutils subpackages are now provided with partial RELRO protection.
Users are advised to upgrade to these updated keyutils packages, which fix this bug and add this enhancement.