- Issued:
- 2014-10-13
- Updated:
- 2014-10-13
RHBA-2014:1512 - Bug Fix Advisory
Synopsis
certmonger bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated certmonger packages that fix several bugs and add various enhancements
are now available for Red Hat Enterprise Linux 6.
Description
The certmonger service monitors certificates, warning of their impending
expiration, and optionally attempting to re-enroll with supported
Certificate Authorities (CA).
The certmonger packages have been upgraded to upstream version 0.75.13, which
provides a number of bug fixes and enhancements over the previous version
including:
- support for retrieving an IPA server's root certificate and optionally
storing it to specified locations
- improvements in how the certmonger daemon handles disconnection from
the system message bus
- improvements in how the certmonger daemon runs enrollment helpers and parses
results returned by them
- fixed bug causing unexpected termination if an attempt to save a certificate
failed
- fixed incorrect use of the libdbus library that triggered the _dbus_abort()
function
- fixed segmentation fault with incorrectly structured entries in the
/var/lib/certmonger/cas/ directory
(BZ#1098208, BZ#948993, BZ#1032760, BZ#1103090, BZ#1115831)
This update also fixes the following bugs:
- This update fixes the implementation of the remove_known_ca dbus call in the
certmonger package to prevent the certmonger daemon from terminating
unexpectedly when called by remove_known_ca. (BZ#1125342)
In addition, this update adds the following enhancements:
- This update adds the certmonger_selinux manual page to document the effect
that
SELinux has in limiting the allowed access to locations for the certmonger
daemon. Also, the selinux.txt document has been added to the certmonger
package to provide more details about interaction with SELinux. A reference to
certmonger_selinux and selinux.txt has been added to other certmonger man pages.
(BZ#1027265)
Users of certmonger are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6 x86_64
Fixes
- BZ - 948993 - certmonger failing after IPA uninstall and reinstall
- BZ - 1027265 - Certmonger man pages need a note about SELinux
- BZ - 1032760 - Certmonger crashes when trying to decode certificate with invalid data in header
- BZ - 1098208 - Rebase certmonger to include the ability to add IPA CA cert to NSS database (and files)
- BZ - 1103090 - certmonger coredumps -- dbus related
- BZ - 1118468 - [RFE] Add the ability to poll on FETCH_ROOT
- BZ - 1125342 - Support remove_known_ca dbus call
- BZ - 1126985 - ipa-submit helper fails if ldap_url is not present in default.conf
- BZ - 1129537 - CA not saved to specified nss db location
- BZ - 1129696 - start-tracking does not saves the CA cert to specified file location
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 6
SRPM | |
---|---|
certmonger-0.75.13-1.el6.src.rpm | SHA-256: 2a956b9747cf2dc5b61d9743ddb5a234c2af2daf5da7db0b7c8d3421bd8e954b |
x86_64 | |
certmonger-0.75.13-1.el6.x86_64.rpm | SHA-256: 4a0e728e88657770ee55f03071575d89d0786f42728e051c942fb8026cedeb72 |
certmonger-debuginfo-0.75.13-1.el6.x86_64.rpm | SHA-256: 58a72373e9a26dbbeebf205dd1ddbe0818f27be3d0c23a562ccbe2d9b6e64316 |
i386 | |
certmonger-0.75.13-1.el6.i686.rpm | SHA-256: c406a811f7dfeb36b1c5ddc03cda95cb4293320532529ea6504df35eb3029303 |
certmonger-debuginfo-0.75.13-1.el6.i686.rpm | SHA-256: 108d2e26fdf1cd145af0bfc02b82473ec07f40e429866e72e722dfcc3ff7db38 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
SRPM | |
---|---|
certmonger-0.75.13-1.el6.src.rpm | SHA-256: 2a956b9747cf2dc5b61d9743ddb5a234c2af2daf5da7db0b7c8d3421bd8e954b |
x86_64 | |
certmonger-0.75.13-1.el6.x86_64.rpm | SHA-256: 4a0e728e88657770ee55f03071575d89d0786f42728e051c942fb8026cedeb72 |
certmonger-debuginfo-0.75.13-1.el6.x86_64.rpm | SHA-256: 58a72373e9a26dbbeebf205dd1ddbe0818f27be3d0c23a562ccbe2d9b6e64316 |
i386 | |
certmonger-0.75.13-1.el6.i686.rpm | SHA-256: c406a811f7dfeb36b1c5ddc03cda95cb4293320532529ea6504df35eb3029303 |
certmonger-debuginfo-0.75.13-1.el6.i686.rpm | SHA-256: 108d2e26fdf1cd145af0bfc02b82473ec07f40e429866e72e722dfcc3ff7db38 |
Red Hat Enterprise Linux Workstation 6
SRPM | |
---|---|
certmonger-0.75.13-1.el6.src.rpm | SHA-256: 2a956b9747cf2dc5b61d9743ddb5a234c2af2daf5da7db0b7c8d3421bd8e954b |
x86_64 | |
certmonger-0.75.13-1.el6.x86_64.rpm | SHA-256: 4a0e728e88657770ee55f03071575d89d0786f42728e051c942fb8026cedeb72 |
certmonger-debuginfo-0.75.13-1.el6.x86_64.rpm | SHA-256: 58a72373e9a26dbbeebf205dd1ddbe0818f27be3d0c23a562ccbe2d9b6e64316 |
i386 | |
certmonger-0.75.13-1.el6.i686.rpm | SHA-256: c406a811f7dfeb36b1c5ddc03cda95cb4293320532529ea6504df35eb3029303 |
certmonger-debuginfo-0.75.13-1.el6.i686.rpm | SHA-256: 108d2e26fdf1cd145af0bfc02b82473ec07f40e429866e72e722dfcc3ff7db38 |
Red Hat Enterprise Linux Desktop 6
SRPM | |
---|---|
certmonger-0.75.13-1.el6.src.rpm | SHA-256: 2a956b9747cf2dc5b61d9743ddb5a234c2af2daf5da7db0b7c8d3421bd8e954b |
x86_64 | |
certmonger-0.75.13-1.el6.x86_64.rpm | SHA-256: 4a0e728e88657770ee55f03071575d89d0786f42728e051c942fb8026cedeb72 |
certmonger-debuginfo-0.75.13-1.el6.x86_64.rpm | SHA-256: 58a72373e9a26dbbeebf205dd1ddbe0818f27be3d0c23a562ccbe2d9b6e64316 |
i386 | |
certmonger-0.75.13-1.el6.i686.rpm | SHA-256: c406a811f7dfeb36b1c5ddc03cda95cb4293320532529ea6504df35eb3029303 |
certmonger-debuginfo-0.75.13-1.el6.i686.rpm | SHA-256: 108d2e26fdf1cd145af0bfc02b82473ec07f40e429866e72e722dfcc3ff7db38 |
Red Hat Enterprise Linux for IBM z Systems 6
SRPM | |
---|---|
certmonger-0.75.13-1.el6.src.rpm | SHA-256: 2a956b9747cf2dc5b61d9743ddb5a234c2af2daf5da7db0b7c8d3421bd8e954b |
s390x | |
certmonger-0.75.13-1.el6.s390x.rpm | SHA-256: 6befea78224c577e3f9915bb64eb2ed85b3a0b34fa8d66772dcbb31c46e11f71 |
certmonger-debuginfo-0.75.13-1.el6.s390x.rpm | SHA-256: d3cbe6cb76a9a830c7a75d5acf641df7f0f0318157d3f4eca161906c0aa61821 |
Red Hat Enterprise Linux for Power, big endian 6
SRPM | |
---|---|
certmonger-0.75.13-1.el6.src.rpm | SHA-256: 2a956b9747cf2dc5b61d9743ddb5a234c2af2daf5da7db0b7c8d3421bd8e954b |
ppc64 | |
certmonger-0.75.13-1.el6.ppc64.rpm | SHA-256: 50207d6081f7a963cb29fc2ec1e0fd548d9e8650ee8994170fe473c6676092ba |
certmonger-debuginfo-0.75.13-1.el6.ppc64.rpm | SHA-256: 479f8d4df69599ecf10a908538d1d66e3f1ceb7124dac42e19f6b166a212b05c |
Red Hat Enterprise Linux for Scientific Computing 6
SRPM | |
---|---|
certmonger-0.75.13-1.el6.src.rpm | SHA-256: 2a956b9747cf2dc5b61d9743ddb5a234c2af2daf5da7db0b7c8d3421bd8e954b |
x86_64 | |
certmonger-0.75.13-1.el6.x86_64.rpm | SHA-256: 4a0e728e88657770ee55f03071575d89d0786f42728e051c942fb8026cedeb72 |
certmonger-debuginfo-0.75.13-1.el6.x86_64.rpm | SHA-256: 58a72373e9a26dbbeebf205dd1ddbe0818f27be3d0c23a562ccbe2d9b6e64316 |
Red Hat Enterprise Linux Server from RHUI 6
SRPM | |
---|---|
certmonger-0.75.13-1.el6.src.rpm | SHA-256: 2a956b9747cf2dc5b61d9743ddb5a234c2af2daf5da7db0b7c8d3421bd8e954b |
x86_64 | |
certmonger-0.75.13-1.el6.x86_64.rpm | SHA-256: 4a0e728e88657770ee55f03071575d89d0786f42728e051c942fb8026cedeb72 |
certmonger-debuginfo-0.75.13-1.el6.x86_64.rpm | SHA-256: 58a72373e9a26dbbeebf205dd1ddbe0818f27be3d0c23a562ccbe2d9b6e64316 |
i386 | |
certmonger-0.75.13-1.el6.i686.rpm | SHA-256: c406a811f7dfeb36b1c5ddc03cda95cb4293320532529ea6504df35eb3029303 |
certmonger-debuginfo-0.75.13-1.el6.i686.rpm | SHA-256: 108d2e26fdf1cd145af0bfc02b82473ec07f40e429866e72e722dfcc3ff7db38 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
SRPM | |
---|---|
certmonger-0.75.13-1.el6.src.rpm | SHA-256: 2a956b9747cf2dc5b61d9743ddb5a234c2af2daf5da7db0b7c8d3421bd8e954b |
s390x | |
certmonger-0.75.13-1.el6.s390x.rpm | SHA-256: 6befea78224c577e3f9915bb64eb2ed85b3a0b34fa8d66772dcbb31c46e11f71 |
certmonger-debuginfo-0.75.13-1.el6.s390x.rpm | SHA-256: d3cbe6cb76a9a830c7a75d5acf641df7f0f0318157d3f4eca161906c0aa61821 |
Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6
SRPM | |
---|---|
certmonger-0.75.13-1.el6.src.rpm | SHA-256: 2a956b9747cf2dc5b61d9743ddb5a234c2af2daf5da7db0b7c8d3421bd8e954b |
x86_64 | |
certmonger-0.75.13-1.el6.x86_64.rpm | SHA-256: 4a0e728e88657770ee55f03071575d89d0786f42728e051c942fb8026cedeb72 |
certmonger-debuginfo-0.75.13-1.el6.x86_64.rpm | SHA-256: 58a72373e9a26dbbeebf205dd1ddbe0818f27be3d0c23a562ccbe2d9b6e64316 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.