RHBA-2020:4536 - Bug Fix Advisory

Topic

An update for crypto-policies is now available for Red Hat Enterprise Linux
8.

Description

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
• Red Hat Enterprise Linux Server - AUS 8.6 x86_64
• Red Hat Enterprise Linux Server - AUS 8.4 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
• Red Hat Enterprise Linux Server - TUS 8.8 x86_64
• Red Hat Enterprise Linux Server - TUS 8.6 x86_64
• Red Hat Enterprise Linux Server - TUS 8.4 x86_64
• Red Hat Enterprise Linux for ARM 64 8 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

• BZ - 1784473 - fips-mode-setup breaks the Grub default value handling
• BZ - 1790791 - update-crypto-policies manual is confusing about /etc/crypto-policies/local.d directory
• BZ - 1801849 - LEGACY policy prefers weaker algorithms preventing ssh authentication using RSA keys to FIPS server
• BZ - 1804281 - Enable FIPS mode during crypto-policies installation when kernel is in FIPS mode
• BZ - 1813064 - Update OSPP settings
• BZ - 1816253 - Weak GSSAPI key exchange methods enabled by default [crypto-policies]
• BZ - 1829669 - Document how to install an arbitrary pre-generated policy in RHEL 8.2 and above
• BZ - 1829914 - Typo in fips-mode-setup(8) manpage
• BZ - 1832743 - Move update-crypto-policies and fips-mode-setup to a subpackage pulled via "Recommends" from the base package
• BZ - 1841943 - Man page for update-crypto-policies is incorrect with regards to Openjdk
• BZ - 1842850 - gnutls_set_default_priority() fails with a non-existing /etc/crypto-policies/back-ends/gnutls.config
• BZ - 1847989 - typos in update-crypto-policies man page
• BZ - 1851458 - add AD-SUPPORT policy module to allow IPA and Samba to enable RC4 cipher

CVEs

(none)

References

• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/index