RHBA-2012:0833 - Bug Fix Advisory

Topic

Updated certmonger packages that fix multiple bugs and add multiple enhancements
are now available for Red Hat Enterprise Linux 6.

Description

The certmonger daemon monitors certificates which have been registered with it,
and as a certificate's not-valid-after date approaches, the daemon can
optionally attempt to obtain a fresh certificate from a supported CA.

The certmonger packages have been upgraded to upstream version 0.56,
which provides a number of bug fixes and enhancements over the
previous version. (BZ#789153)

This update fixes the following bugs:

• Prior to this update, one of the examples provided in the getting-started.txt

file did not work as expected if the daemon was prevented from accessing files
in user-specified locations, for example by the SELinux policy. With this
update, this problem is now documented in the getting-started.txt file.
(BZ#765599)

• Prior to this update, the certmonger daemon was not configured to start by

default when the package was installed. This update enables the certmonger
service by default. (BZ#765600)

• Prior to this update, the "getcert" command could under certain circumstances,

display the misleading error message "invalid option" when an option that
required an argument was used and the argument was not specified. This update
modifies the error code so that the correct message is now sent. (BZ#796542)

In addition, this update adds the following enhancement:

• Prior to this update, newly added certificates were not automatically visible.

To see these certificates, servers had to be manually restarted. This update
adds the emission of D-Bus signals over the message bus to allow applications to
perform the actions they need to use a new certificate. Also, the new "-C"
option was added to invoke a user-specified command. (BZ#766167)

All users of certmonger are advised to upgrade to these updated packages, which
fix these bugs and add this enhancement.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

• BZ - 765599 - certmonger's getting-started.txt includes an example that doesn't work by default
• BZ - 766167 - RFE: provide a command/signal for certmonger to send after renewing cert
• BZ - 796542 - Incorrect error message is displayed when no argument is provided for optional switches.
• BZ - 796813 - Deadcode in tdbush.c

CVEs

(none)

References

(none)