RHBA-2009:1310 - Bug Fix Advisory

Topic

An updated esc package that fixes various bugs is now available.

Description

The esc package contains the "Smart Card Manager" GUI tool, which allows
the user to manage security smart cards. The primary function of the tool
is to enroll smart cards, so that they can be used for common cryptographic
operations, such as secure email and website access.

This updated package fixes the following bugs:

• If a smart card were inserted when the esc daemon was already running

then there could be odd behaviors when the ESC GUI was opened. For example,
if the smart card was blank, then the Phone Home configuration dialog would
not open. When the smart card was removed, then esc could crash. (Bug
496410)

• If a user attempted to re-enroll a formatted token when the RE_ENROLL

value was set to NO, then the ESC wrongly gave an error that the token was
suspended, not that re-enrollment wasn't allowed. This message has been
corrected. (Bug 494981)

This update also includes enhancements for smart card management:

• Certificate System previously supported re-enrollment for tokens, which

allows a formatted token to be re-formatted with new certificates. This
enhancement also allows smart cards to have renewal operations, so existing
certificates can have renewed.

• This release includes enhancements to streamline the security officer

mode for ESC. Security officer mode allows designated users to perform
in-person token enrollments, as added security. This simplifies launching
the ESC GUI in security officer mode.

Users of esc are advised to upgrade to this updated package, which
resolves these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259.

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 235474 - Default esc.disable.password.prompt to no for secmode
• BZ - 236268 - ESC: get rid of the -secmode option
• BZ - 445274 - Make security officer enrollment work with Dogtag
• BZ - 493118 - Allow enrolled token to be re-enrolled with local ESC UI
• BZ - 494981 - CS 8.0 Alpha -- When Renrollment policy is set (RE_ENROLL) then the error message display erroneously specifies the card is suspended.
• BZ - 496410 - Problems launching ESC with token already plugged in

CVEs

(none)

References

(none)