Issued:
2013-02-20
Updated:
2013-02-20

RHBA-2013:0320 - Bug Fix Advisory

Synopsis

certmonger bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated certmonger packages that fix several bugs and add various enhancements
are now available for Red Hat Enterprise Linux 6.

Description

The certmonger daemon monitors certificates which have been registered with it,
and as a certificate's not-valid-after date approaches, the daemon can
optionally attempt to obtain a fresh certificate from a supported CA.

The certmonger packages have been upgraded to upstream version 0.61, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#827611)

This update also fixes the following bugs:

  • When certmonger was set up to not attempt to obtain a new certificate and the

certificate's valid remaining time crossed a configured time to live (TTL)
threshold, certmonger warned of a certificate's impending not-valid-after date.
Certmonger then immediately logged the warning again, and continued to do so
indefinitely, causing the /var/log/messages file to fill up with warnings. This
bug has been fixed and certmonger returns a warning again only when another
configured TTL threshold is crossed or the service is restarted. (BZ#810016)

  • When certmonger attempts to save a certificate to an NSS database, it

necessarily opens that database for writing. Previously, if any other process,
including any other certmonger tasks that could require access to that database,
had the database open for writing, that database could become corrupted. This
update backports changes from later versions of certmonger which change its
behavior. Now, actions that could result in database modifications are only
performed one at a time. (BZ#893611)

All users of certmonger are advised to upgrade to these updated packages which
fix these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

  • BZ - 810016 - After notifying that a certificate is no longer valid, certmonger shouldn't do so again right away.

CVEs

(none)

References

(none)

Red Hat Enterprise Linux Server 6

SRPM
certmonger-0.61-3.el6.src.rpm SHA-256: 1a262052adc94adff9a5e303521680292154334b81d4c3c7e3fb8e660c4b54b0
x86_64
certmonger-0.61-3.el6.x86_64.rpm SHA-256: 1e123cc17005e2a05adc3ef8c71c675072b690c7d7f31e5a27e8c3f7aa1cd541
certmonger-debuginfo-0.61-3.el6.x86_64.rpm SHA-256: 898688676f61aa63de9ad00984a958adf6e14ba2a0dc9239368592e04e57be74
i386
certmonger-0.61-3.el6.i686.rpm SHA-256: 3cf2927efb4b703a3f791d9dbdbe7c3a03b31b88a991f1f6bab07e18a9cf2ab3
certmonger-debuginfo-0.61-3.el6.i686.rpm SHA-256: 241b3992ce4cf5d29b8946584866406555ddc2eed8b8851a71020e6f50344487

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
certmonger-0.61-3.el6.src.rpm SHA-256: 1a262052adc94adff9a5e303521680292154334b81d4c3c7e3fb8e660c4b54b0
x86_64
certmonger-0.61-3.el6.x86_64.rpm SHA-256: 1e123cc17005e2a05adc3ef8c71c675072b690c7d7f31e5a27e8c3f7aa1cd541
certmonger-debuginfo-0.61-3.el6.x86_64.rpm SHA-256: 898688676f61aa63de9ad00984a958adf6e14ba2a0dc9239368592e04e57be74
i386
certmonger-0.61-3.el6.i686.rpm SHA-256: 3cf2927efb4b703a3f791d9dbdbe7c3a03b31b88a991f1f6bab07e18a9cf2ab3
certmonger-debuginfo-0.61-3.el6.i686.rpm SHA-256: 241b3992ce4cf5d29b8946584866406555ddc2eed8b8851a71020e6f50344487

Red Hat Enterprise Linux Workstation 6

SRPM
certmonger-0.61-3.el6.src.rpm SHA-256: 1a262052adc94adff9a5e303521680292154334b81d4c3c7e3fb8e660c4b54b0
x86_64
certmonger-0.61-3.el6.x86_64.rpm SHA-256: 1e123cc17005e2a05adc3ef8c71c675072b690c7d7f31e5a27e8c3f7aa1cd541
certmonger-debuginfo-0.61-3.el6.x86_64.rpm SHA-256: 898688676f61aa63de9ad00984a958adf6e14ba2a0dc9239368592e04e57be74
i386
certmonger-0.61-3.el6.i686.rpm SHA-256: 3cf2927efb4b703a3f791d9dbdbe7c3a03b31b88a991f1f6bab07e18a9cf2ab3
certmonger-debuginfo-0.61-3.el6.i686.rpm SHA-256: 241b3992ce4cf5d29b8946584866406555ddc2eed8b8851a71020e6f50344487

Red Hat Enterprise Linux Desktop 6

SRPM
certmonger-0.61-3.el6.src.rpm SHA-256: 1a262052adc94adff9a5e303521680292154334b81d4c3c7e3fb8e660c4b54b0
x86_64
certmonger-0.61-3.el6.x86_64.rpm SHA-256: 1e123cc17005e2a05adc3ef8c71c675072b690c7d7f31e5a27e8c3f7aa1cd541
certmonger-debuginfo-0.61-3.el6.x86_64.rpm SHA-256: 898688676f61aa63de9ad00984a958adf6e14ba2a0dc9239368592e04e57be74
i386
certmonger-0.61-3.el6.i686.rpm SHA-256: 3cf2927efb4b703a3f791d9dbdbe7c3a03b31b88a991f1f6bab07e18a9cf2ab3
certmonger-debuginfo-0.61-3.el6.i686.rpm SHA-256: 241b3992ce4cf5d29b8946584866406555ddc2eed8b8851a71020e6f50344487

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
certmonger-0.61-3.el6.src.rpm SHA-256: 1a262052adc94adff9a5e303521680292154334b81d4c3c7e3fb8e660c4b54b0
s390x
certmonger-0.61-3.el6.s390x.rpm SHA-256: 4f741faca8fa950f6bddb790cdd63e68db9d53ecf4920d957b85b5ed4051b8af
certmonger-debuginfo-0.61-3.el6.s390x.rpm SHA-256: ae4d0286faf92b0ba5527f595e77d235cfbf8e0a5a59e4522d7a70d2fb54ae43

Red Hat Enterprise Linux for Power, big endian 6

SRPM
certmonger-0.61-3.el6.src.rpm SHA-256: 1a262052adc94adff9a5e303521680292154334b81d4c3c7e3fb8e660c4b54b0
ppc64
certmonger-0.61-3.el6.ppc64.rpm SHA-256: 200c9bf6220940af0b72a6e1b8ba3a47ad92d7ce19cf6c770f3aef1069c3edd6
certmonger-debuginfo-0.61-3.el6.ppc64.rpm SHA-256: e7f843dee26ca4ea27f45c5e520b88e36f9804ced4f83427a67f2c9ebc527aed

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
certmonger-0.61-3.el6.src.rpm SHA-256: 1a262052adc94adff9a5e303521680292154334b81d4c3c7e3fb8e660c4b54b0
x86_64
certmonger-0.61-3.el6.x86_64.rpm SHA-256: 1e123cc17005e2a05adc3ef8c71c675072b690c7d7f31e5a27e8c3f7aa1cd541
certmonger-debuginfo-0.61-3.el6.x86_64.rpm SHA-256: 898688676f61aa63de9ad00984a958adf6e14ba2a0dc9239368592e04e57be74

Red Hat Enterprise Linux Server from RHUI 6

SRPM
certmonger-0.61-3.el6.src.rpm SHA-256: 1a262052adc94adff9a5e303521680292154334b81d4c3c7e3fb8e660c4b54b0
x86_64
certmonger-0.61-3.el6.x86_64.rpm SHA-256: 1e123cc17005e2a05adc3ef8c71c675072b690c7d7f31e5a27e8c3f7aa1cd541
certmonger-debuginfo-0.61-3.el6.x86_64.rpm SHA-256: 898688676f61aa63de9ad00984a958adf6e14ba2a0dc9239368592e04e57be74
i386
certmonger-0.61-3.el6.i686.rpm SHA-256: 3cf2927efb4b703a3f791d9dbdbe7c3a03b31b88a991f1f6bab07e18a9cf2ab3
certmonger-debuginfo-0.61-3.el6.i686.rpm SHA-256: 241b3992ce4cf5d29b8946584866406555ddc2eed8b8851a71020e6f50344487

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
certmonger-0.61-3.el6.src.rpm SHA-256: 1a262052adc94adff9a5e303521680292154334b81d4c3c7e3fb8e660c4b54b0
s390x
certmonger-0.61-3.el6.s390x.rpm SHA-256: 4f741faca8fa950f6bddb790cdd63e68db9d53ecf4920d957b85b5ed4051b8af
certmonger-debuginfo-0.61-3.el6.s390x.rpm SHA-256: ae4d0286faf92b0ba5527f595e77d235cfbf8e0a5a59e4522d7a70d2fb54ae43

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.