RHBA-2010:0066 - Bug Fix Advisory

Topic

An updated esc package that fixes various bugs is now available.

Description

The esc package contains the Smart Card Manager tool, which allows users
to manage security smart cards. The primary function of the tool is to
enroll smart cards, so that they can be used for common cryptographic
operations, such as secure email and website access.

This updated esc package includes fixes for the following bugs:

• The Enterprise Security Client incorrectly identified CAC cards as

CoolKey cards and mistakenly opened the Phone Home connection dialog. With
this update, CoolKey correctly identifies CAC cards and assigns the correct
functionality to them. With this fix, it is still possible to view
certificates and diagnostics for CAC cards, though the management functions
are now disabled. RHBA-2010:9263, a CoolKey update, must also be installed
to fully resolve this issue. (BZ#467011)

• The Enterprise Security Client did not open the Phone Home connection

dialog when a blank token was inserted. (BZ#514053)

• Removing a smart card when the Enterprise Security Client was open could

cause the Enterprise Security Client to terminate abnormally. With this
update, removing smart cards should no longer cause the Enterprise Security
Client to crash. (BZ#517414)

• When creating a password for the Enterprise Security Client, using

certain characters, such as the dollar sign and exclamation point, could
cause a failure to enroll when entering the password later. This update
fixes this problem so that using such symbols when creating passwords does
not fail when attempting to enroll. (BZ#549540)

• When the Enterprise Security Client was using an external user interface

for enrollment and the UI page could not be downloaded because of a
disconnected network or similar problem, then the user could neither enroll
nor was made aware of the source of the problem. With this update, when
such a situation occurs, a descriptive error message is sent to the user.
(BZ#549542)

• Inserting a CAC card into the computer causes the Enterprise Security

Client to display an enabled "Enroll" button to the user erroneously
because all management functions should be disabled for CAC cards. With
this update, when a CAC card is entered, all management functions are
disabled, including the "Enroll" function. (BZ#553661)

All users of the Enterprise Security Client are advised to upgrade to this
updated package, which resolves these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 514053 - ESC on Rhel does not pop up home phone url configuration dialog and esc crashes.
• BZ - 517414 - un-reportable gnome bug when removing smart card
• BZ - 549540 - rhcs80 esc - cannot enroll on some passwords when using SSHA password storage scheme
• BZ - 553661 - Enroll button in ESC is active for an enrolled CAC card.

CVEs

(none)

References

(none)