RHBA-2011:1002 - Bug Fix Advisory

Topic

An updated certmonger package that fixes multiple bugs and adds several
enhancements is now available for Red Hat Enterprise Linux 5.

Description

The certmonger package contains a service which is primarily concerned with
getting your system enrolled with a certificate authority (CA) and keeping it
enrolled.

The certmonger package has been upgraded to upstream version 0.42, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#688610)

Additionally, this update fixes the following bugs:

• Previously, when issuing a request for a certificate to an IPA server, if the

IPA server returned an error, the ipa-submit helper process terminated
unexpectedly while attempting to parse the error in order to report it. The bug
has been fixed in this update, and the error is now recorded properly.
(BZ#690892)

• Previously, if certmonger did not track any certificates, the output of the

"ipa-getcert list" command was empty. This undesired behavior has been fixed so
that after running the command, the number of the certificates tracked is now
displayed as well as any certificate entries, if they exist. (BZ#681642)

• Previously, when the service attempted to save a certificate to a certificate

database, if there was already a certificate in the database with the desired
nickname assigned to it but which had a different value in its "subject name"
field, the attempt to save the new certificate to the database failed. This bug
has been fixed in this update so that any certificates that are already in the
certificate database which have the desired nickname are now cleared out before
attempting to store a new certificate, and storing the new certificate no longer
fails. (BZ#695717)

• Previously, when a non-root user ran the "ipa-getcert" command, an unclear and

ambiguous error message about insufficient user rights to run the command was
displayed. This update improves the error message text so that it is now clear
and straightforward. (BZ#681641)

• Previously, building the certmonger package failed due to a problem with

self-tests. This problem has been resolved and does not occur anymore.
(BZ#670322)

All users requiring certmonger should upgrade to this updated package, which
fixes these bugs and adds several enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 670322 - certmonger can't be rebuild in mock
• BZ - 681641 - Unhelpful message from ipa-getcert
• BZ - 681642 - No output from ipa-getcert list

CVEs

(none)

References

(none)