Red Hat Product Errata RHEA-2008:0358 - Product Enhancement Advisory
Issued:
2008-05-21
Updated:
2008-05-21

RHEA-2008:0358 - Product Enhancement Advisory

Synopsis

audit enhancement and bug fix update

Type/Severity

Product Enhancement Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Enhanced audit packages that fix a bug are now available.

Description

The audit package contains the user space utilities for storing and
searching the audit records generated by the audit subsystem in the Linux
2.6 kernel.

These updated audit packages add the following enhancements:

  • audit has been updated to the newer 1.6.5 version.
  • the system-config-audit GUI configuration tool, for easy audit

administration, has been added.

  • auditd now supports group permissions on audit logs.
  • audit now has a new multi-threaded event dispatcher which supports plugins.
  • the "node"/"machine" field can now be added to audit events.
  • the RACF zos remote-logging plugin for IBM systems has been added.
  • the "week-ago" keyword has been added to aureport and ausearch.
  • auditctl now supports errno abbreviations as the syscall exit code ("-F

exit=-EPERM").

  • audit logging can now be resumed with SIGUSR2.
  • a new utility, aulastlog, has been added.
  • TTY audit support has been added.

In addition, these updated audit packages fix a buffer overflow in the
audit_log_user_command() function. Note that this issue was assigned a
Common Vulnerabilities and Exposures number, CVE-2008-1628, by the Mitre
CVE project. However, we are not treating this issue as a security
vulnerability, as it can only result in a controlled application
termination when overflow is detected by the FORTIFY_SOURCE protection
mechanism. Moreover, no application in Red Hat Enterprise Linux 5.1 uses
this vulnerable interface.

Users of audit are advised to upgrade to these updated packages, which add
these enhancements and resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

CVEs

(none)

References

(none)

Red Hat Enterprise Linux Server 5

SRPM
audit-1.6.5-9.el5.src.rpm SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38
x86_64
audispd-plugins-1.6.5-9.el5.x86_64.rpm SHA-256: c8f7aed49b68fbd38ec1fbc6829e82a555da0a27eb264a179a74f68aa7ed2ff2
audit-1.6.5-9.el5.x86_64.rpm SHA-256: f29334cb751b073dd29cb04dfa73d45c54469ab008b2523afff0068b7128cf12
audit-libs-1.6.5-9.el5.i386.rpm SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f
audit-libs-1.6.5-9.el5.x86_64.rpm SHA-256: d2c5488df855e04069e0ecce92e950365ba9aff3a5fa3743fa088a0fad26e317
audit-libs-devel-1.6.5-9.el5.i386.rpm SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f
audit-libs-devel-1.6.5-9.el5.x86_64.rpm SHA-256: cde752fb169017fdb2d0eda6d83308c40fc0bb6c81d27a88b73d49265a3df30b
audit-libs-python-1.6.5-9.el5.x86_64.rpm SHA-256: 8efce0111f697055dbf211af074a67f02035b45fa21fd28d269f5e8c20145594
system-config-audit-0.4.5-8.el5.x86_64.rpm SHA-256: 31f7119d3a13bc426c13321783d2c1d79d771e98059ea0243138c401ce52ed91
ia64
audispd-plugins-1.6.5-9.el5.ia64.rpm SHA-256: fe84a904548ad10fcf7ed093902ecb1f2fb5575622654af1b1da3c93e8a3be51
audit-1.6.5-9.el5.ia64.rpm SHA-256: b25e4fc150ccd4d76f3c6ff4bb7403d6d4c473aecf1932094143b7431d382447
audit-libs-1.6.5-9.el5.i386.rpm SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f
audit-libs-1.6.5-9.el5.ia64.rpm SHA-256: c703d51500ec16661435861f44a63b7fcfe44a9cb8e9de899b744ebf4420e365
audit-libs-devel-1.6.5-9.el5.ia64.rpm SHA-256: 295412fd73425b96208afa5b7a54e79ced29d2fa461cc616b7784903fd77af86
audit-libs-python-1.6.5-9.el5.ia64.rpm SHA-256: 951f8fb167adada6071fa6fadc3c8df6dab9f00d005513cebbd9a5cf59e495e2
system-config-audit-0.4.5-8.el5.ia64.rpm SHA-256: d65beb93d99078609fa125b0e54a3e406295b1ff25c636a9feb119b12b6a7add
i386
audispd-plugins-1.6.5-9.el5.i386.rpm SHA-256: bf079967a35504a948f8eda546965f8c073098a308e1368e38cc4d79a0164d53
audit-1.6.5-9.el5.i386.rpm SHA-256: f6543a6a85db55daf217d54b4a3ad3a056b0bd20141151e44c0fc49770f079a2
audit-libs-1.6.5-9.el5.i386.rpm SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f
audit-libs-devel-1.6.5-9.el5.i386.rpm SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f
audit-libs-python-1.6.5-9.el5.i386.rpm SHA-256: 06dda1af9df4a6d63d0c70b7ed09e8f7c6e422b3f1d4f289f821e31ae8da3405
system-config-audit-0.4.5-8.el5.i386.rpm SHA-256: 304416272c280c9bc2a769ebfeb9edd00219a01537bc7a2ec43b382b0e29e7ce

Red Hat Enterprise Linux Workstation 5

SRPM
audit-1.6.5-9.el5.src.rpm SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38
x86_64
audispd-plugins-1.6.5-9.el5.x86_64.rpm SHA-256: c8f7aed49b68fbd38ec1fbc6829e82a555da0a27eb264a179a74f68aa7ed2ff2
audit-1.6.5-9.el5.x86_64.rpm SHA-256: f29334cb751b073dd29cb04dfa73d45c54469ab008b2523afff0068b7128cf12
audit-libs-1.6.5-9.el5.i386.rpm SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f
audit-libs-1.6.5-9.el5.x86_64.rpm SHA-256: d2c5488df855e04069e0ecce92e950365ba9aff3a5fa3743fa088a0fad26e317
audit-libs-devel-1.6.5-9.el5.i386.rpm SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f
audit-libs-devel-1.6.5-9.el5.x86_64.rpm SHA-256: cde752fb169017fdb2d0eda6d83308c40fc0bb6c81d27a88b73d49265a3df30b
audit-libs-python-1.6.5-9.el5.x86_64.rpm SHA-256: 8efce0111f697055dbf211af074a67f02035b45fa21fd28d269f5e8c20145594
system-config-audit-0.4.5-8.el5.x86_64.rpm SHA-256: 31f7119d3a13bc426c13321783d2c1d79d771e98059ea0243138c401ce52ed91
i386
audispd-plugins-1.6.5-9.el5.i386.rpm SHA-256: bf079967a35504a948f8eda546965f8c073098a308e1368e38cc4d79a0164d53
audit-1.6.5-9.el5.i386.rpm SHA-256: f6543a6a85db55daf217d54b4a3ad3a056b0bd20141151e44c0fc49770f079a2
audit-libs-1.6.5-9.el5.i386.rpm SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f
audit-libs-devel-1.6.5-9.el5.i386.rpm SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f
audit-libs-python-1.6.5-9.el5.i386.rpm SHA-256: 06dda1af9df4a6d63d0c70b7ed09e8f7c6e422b3f1d4f289f821e31ae8da3405
system-config-audit-0.4.5-8.el5.i386.rpm SHA-256: 304416272c280c9bc2a769ebfeb9edd00219a01537bc7a2ec43b382b0e29e7ce

Red Hat Enterprise Linux Desktop 5

SRPM
audit-1.6.5-9.el5.src.rpm SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38
x86_64
audispd-plugins-1.6.5-9.el5.x86_64.rpm SHA-256: c8f7aed49b68fbd38ec1fbc6829e82a555da0a27eb264a179a74f68aa7ed2ff2
audit-1.6.5-9.el5.x86_64.rpm SHA-256: f29334cb751b073dd29cb04dfa73d45c54469ab008b2523afff0068b7128cf12
audit-libs-1.6.5-9.el5.i386.rpm SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f
audit-libs-1.6.5-9.el5.x86_64.rpm SHA-256: d2c5488df855e04069e0ecce92e950365ba9aff3a5fa3743fa088a0fad26e317
audit-libs-python-1.6.5-9.el5.x86_64.rpm SHA-256: 8efce0111f697055dbf211af074a67f02035b45fa21fd28d269f5e8c20145594
system-config-audit-0.4.5-8.el5.x86_64.rpm SHA-256: 31f7119d3a13bc426c13321783d2c1d79d771e98059ea0243138c401ce52ed91
i386
audispd-plugins-1.6.5-9.el5.i386.rpm SHA-256: bf079967a35504a948f8eda546965f8c073098a308e1368e38cc4d79a0164d53
audit-1.6.5-9.el5.i386.rpm SHA-256: f6543a6a85db55daf217d54b4a3ad3a056b0bd20141151e44c0fc49770f079a2
audit-libs-1.6.5-9.el5.i386.rpm SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f
audit-libs-python-1.6.5-9.el5.i386.rpm SHA-256: 06dda1af9df4a6d63d0c70b7ed09e8f7c6e422b3f1d4f289f821e31ae8da3405
system-config-audit-0.4.5-8.el5.i386.rpm SHA-256: 304416272c280c9bc2a769ebfeb9edd00219a01537bc7a2ec43b382b0e29e7ce

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
audit-1.6.5-9.el5.src.rpm SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38
s390x
audispd-plugins-1.6.5-9.el5.s390x.rpm SHA-256: 639e245edd3b0ca0c451eacdd9f0776213cfe41c8faf7df1e8673e41769b3759
audit-1.6.5-9.el5.s390x.rpm SHA-256: b2a20dcec2cd1491d8b82867f97a02dfca7af35b1c480b1d6c3e32c0afca3a8e
audit-libs-1.6.5-9.el5.s390.rpm SHA-256: f80b2a6482c21e5d973ddb4a1055178876f3dad5da166e5262694b65d6cfb21a
audit-libs-1.6.5-9.el5.s390x.rpm SHA-256: 9d5f90f3a775050a3d379c509478f19b475a4cf1309d3255ebdbf000a509b26b
audit-libs-devel-1.6.5-9.el5.s390.rpm SHA-256: 9c122b3496a83b3831df6d70b69d9349996a41dcb593cc889b5e0d12d240336b
audit-libs-devel-1.6.5-9.el5.s390x.rpm SHA-256: f66b95bd08959f960411de01e0ce3592d81df8636b4e6adb7366304baf4a1de6
audit-libs-python-1.6.5-9.el5.s390x.rpm SHA-256: 246e0b943734db2a708e6c32f1fb585f848930a4630d117435c3e33f662fdbba
system-config-audit-0.4.5-8.el5.s390x.rpm SHA-256: 862f5f9c3f41d1dc152131bb18fac1a405862833650927cf9a982f6949f6ef68

Red Hat Enterprise Linux for Power, big endian 5

SRPM
audit-1.6.5-9.el5.src.rpm SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38
ppc
audispd-plugins-1.6.5-9.el5.ppc.rpm SHA-256: 5ff885c1ba39c9240b48b1cc79b5fad0535a88108facc69a8caef5a26aea5574
audit-1.6.5-9.el5.ppc.rpm SHA-256: 8713deb8875db4d25dee891a60eea09c2b93035839481f3fe42d0adb02530041
audit-libs-1.6.5-9.el5.ppc.rpm SHA-256: 1568ce51e6e960826bc483d91d23e530a3c7b3c0d4b35d0663f6bb57716cc073
audit-libs-1.6.5-9.el5.ppc64.rpm SHA-256: a5447b72189a9f4fe098ec1f73d4d2b8f3a73b7891685d3a7cb78dc399cabe01
audit-libs-devel-1.6.5-9.el5.ppc.rpm SHA-256: ff9d9fe84e00282d44fef5ca1b7786bffd0776df7f08e7881d5cf323643eafeb
audit-libs-devel-1.6.5-9.el5.ppc64.rpm SHA-256: a2195ab74ebccbd382db318511b0bf57cffbe38ec7d484ed5fc528b1c17cbe14
audit-libs-python-1.6.5-9.el5.ppc.rpm SHA-256: 7ff0bd5a53e396424173f4090b717383e11cb80ede4a0766eb0fa0d4c385ebaf
system-config-audit-0.4.5-8.el5.ppc.rpm SHA-256: e482a0e040bba5d0589b02e810c67ed0b2b3921419ca8c69c7ad67a8f02e88a9

Red Hat Enterprise Linux Server from RHUI 5

SRPM
audit-1.6.5-9.el5.src.rpm SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38
x86_64
audispd-plugins-1.6.5-9.el5.x86_64.rpm SHA-256: c8f7aed49b68fbd38ec1fbc6829e82a555da0a27eb264a179a74f68aa7ed2ff2
audit-1.6.5-9.el5.x86_64.rpm SHA-256: f29334cb751b073dd29cb04dfa73d45c54469ab008b2523afff0068b7128cf12
audit-libs-1.6.5-9.el5.i386.rpm SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f
audit-libs-1.6.5-9.el5.x86_64.rpm SHA-256: d2c5488df855e04069e0ecce92e950365ba9aff3a5fa3743fa088a0fad26e317
audit-libs-devel-1.6.5-9.el5.i386.rpm SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f
audit-libs-devel-1.6.5-9.el5.x86_64.rpm SHA-256: cde752fb169017fdb2d0eda6d83308c40fc0bb6c81d27a88b73d49265a3df30b
audit-libs-python-1.6.5-9.el5.x86_64.rpm SHA-256: 8efce0111f697055dbf211af074a67f02035b45fa21fd28d269f5e8c20145594
system-config-audit-0.4.5-8.el5.x86_64.rpm SHA-256: 31f7119d3a13bc426c13321783d2c1d79d771e98059ea0243138c401ce52ed91
i386
audispd-plugins-1.6.5-9.el5.i386.rpm SHA-256: bf079967a35504a948f8eda546965f8c073098a308e1368e38cc4d79a0164d53
audit-1.6.5-9.el5.i386.rpm SHA-256: f6543a6a85db55daf217d54b4a3ad3a056b0bd20141151e44c0fc49770f079a2
audit-libs-1.6.5-9.el5.i386.rpm SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f
audit-libs-devel-1.6.5-9.el5.i386.rpm SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f
audit-libs-python-1.6.5-9.el5.i386.rpm SHA-256: 06dda1af9df4a6d63d0c70b7ed09e8f7c6e422b3f1d4f289f821e31ae8da3405
system-config-audit-0.4.5-8.el5.i386.rpm SHA-256: 304416272c280c9bc2a769ebfeb9edd00219a01537bc7a2ec43b382b0e29e7ce

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.