RHBA-2012:1119 - Bug Fix Advisory

Topic

Updated aide packages that fix three bugs are now available for Red Hat
Enterprise Linux 5.

Description

Advanced Intrusion Detection Environment (AIDE) is a program that creates a
database of files on a system, and then uses that database to ensure file
integrity and detect system intrusions.

This update fixes the following bugs:

• The help output of the aide executable did not mention the "-D" option which

is a shortcut for "--config-check". The option could only be found on the
aide(1) man page. With this update, the "-D" option is mentioned in both the
help output and on the man page. (BZ#547658)

• Previously, the aide utility incorrectly initialized the gcrypt library. This

consequently prevented aide to initialize its database if the system was running
in FIPS-compliant mode. The initialization routine has been corrected, and along
with an extension to the libgcrypt's API introduced in the RHEA-2012:0484
advisory, aide now initializes its database as expected if run in a
FIPS-compliant way. (BZ#553137)

• The compare_dbline() function returned an "int" value, even though the

function can operate with variables of size larger than "int" (for example,
DB_SELINUX, DB_XATTRS or DB_WHIRPOOL). As a consequence, aide could produce
incorrect results when checking a database for inconsistencies. The underlying
source code has been modified so that the compare_dbline() function now returns
an "unsigned long long" value, and aide correctly detects and reports database
inconsistencies. (BZ#580253)

All users of aide are advised to upgrade to these updated packages, which fix
these bugs.

Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 547658 - aide executable doesn't mention -D option in "aide --help" usage page
• BZ - 553137 - Aide doesn't initialize its database when FIPS is enabled
• BZ - 580253 - AIDE compare_dbline function returns int

CVEs

(none)

References

(none)