- Issued:
- 2008-05-21
- Updated:
- 2008-05-21
RHEA-2008:0358 - Product Enhancement Advisory
Synopsis
audit enhancement and bug fix update
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Enhanced audit packages that fix a bug are now available.
Description
The audit package contains the user space utilities for storing and
searching the audit records generated by the audit subsystem in the Linux
2.6 kernel.
These updated audit packages add the following enhancements:
- audit has been updated to the newer 1.6.5 version.
- the system-config-audit GUI configuration tool, for easy audit
administration, has been added.
- auditd now supports group permissions on audit logs.
- audit now has a new multi-threaded event dispatcher which supports plugins.
- the "node"/"machine" field can now be added to audit events.
- the RACF zos remote-logging plugin for IBM systems has been added.
- the "week-ago" keyword has been added to aureport and ausearch.
- auditctl now supports errno abbreviations as the syscall exit code ("-F
exit=-EPERM").
- audit logging can now be resumed with SIGUSR2.
- a new utility, aulastlog, has been added.
- TTY audit support has been added.
In addition, these updated audit packages fix a buffer overflow in the
audit_log_user_command() function. Note that this issue was assigned a
Common Vulnerabilities and Exposures number, CVE-2008-1628, by the Mitre
CVE project. However, we are not treating this issue as a security
vulnerability, as it can only result in a controlled application
termination when overflow is detected by the FORTIFY_SOURCE protection
mechanism. Moreover, no application in Red Hat Enterprise Linux 5.1 uses
this vulnerable interface.
Users of audit are advised to upgrade to these updated packages, which add
these enhancements and resolve this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 244349 - TTY audit support
- BZ - 435329 - [RHEL5.2] audit tests cause oom-kills
- BZ - 435947 - system-config-audit does not run
- BZ - 438844 - buffer overflow in audit_log_user_command
- BZ - 442556 - audit rules with >= get corrupted
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
audit-1.6.5-9.el5.src.rpm | SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38 |
x86_64 | |
audispd-plugins-1.6.5-9.el5.x86_64.rpm | SHA-256: c8f7aed49b68fbd38ec1fbc6829e82a555da0a27eb264a179a74f68aa7ed2ff2 |
audit-1.6.5-9.el5.x86_64.rpm | SHA-256: f29334cb751b073dd29cb04dfa73d45c54469ab008b2523afff0068b7128cf12 |
audit-libs-1.6.5-9.el5.i386.rpm | SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f |
audit-libs-1.6.5-9.el5.x86_64.rpm | SHA-256: d2c5488df855e04069e0ecce92e950365ba9aff3a5fa3743fa088a0fad26e317 |
audit-libs-devel-1.6.5-9.el5.i386.rpm | SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f |
audit-libs-devel-1.6.5-9.el5.x86_64.rpm | SHA-256: cde752fb169017fdb2d0eda6d83308c40fc0bb6c81d27a88b73d49265a3df30b |
audit-libs-python-1.6.5-9.el5.x86_64.rpm | SHA-256: 8efce0111f697055dbf211af074a67f02035b45fa21fd28d269f5e8c20145594 |
system-config-audit-0.4.5-8.el5.x86_64.rpm | SHA-256: 31f7119d3a13bc426c13321783d2c1d79d771e98059ea0243138c401ce52ed91 |
ia64 | |
audispd-plugins-1.6.5-9.el5.ia64.rpm | SHA-256: fe84a904548ad10fcf7ed093902ecb1f2fb5575622654af1b1da3c93e8a3be51 |
audit-1.6.5-9.el5.ia64.rpm | SHA-256: b25e4fc150ccd4d76f3c6ff4bb7403d6d4c473aecf1932094143b7431d382447 |
audit-libs-1.6.5-9.el5.i386.rpm | SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f |
audit-libs-1.6.5-9.el5.ia64.rpm | SHA-256: c703d51500ec16661435861f44a63b7fcfe44a9cb8e9de899b744ebf4420e365 |
audit-libs-devel-1.6.5-9.el5.ia64.rpm | SHA-256: 295412fd73425b96208afa5b7a54e79ced29d2fa461cc616b7784903fd77af86 |
audit-libs-python-1.6.5-9.el5.ia64.rpm | SHA-256: 951f8fb167adada6071fa6fadc3c8df6dab9f00d005513cebbd9a5cf59e495e2 |
system-config-audit-0.4.5-8.el5.ia64.rpm | SHA-256: d65beb93d99078609fa125b0e54a3e406295b1ff25c636a9feb119b12b6a7add |
i386 | |
audispd-plugins-1.6.5-9.el5.i386.rpm | SHA-256: bf079967a35504a948f8eda546965f8c073098a308e1368e38cc4d79a0164d53 |
audit-1.6.5-9.el5.i386.rpm | SHA-256: f6543a6a85db55daf217d54b4a3ad3a056b0bd20141151e44c0fc49770f079a2 |
audit-libs-1.6.5-9.el5.i386.rpm | SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f |
audit-libs-devel-1.6.5-9.el5.i386.rpm | SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f |
audit-libs-python-1.6.5-9.el5.i386.rpm | SHA-256: 06dda1af9df4a6d63d0c70b7ed09e8f7c6e422b3f1d4f289f821e31ae8da3405 |
system-config-audit-0.4.5-8.el5.i386.rpm | SHA-256: 304416272c280c9bc2a769ebfeb9edd00219a01537bc7a2ec43b382b0e29e7ce |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
audit-1.6.5-9.el5.src.rpm | SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38 |
x86_64 | |
audispd-plugins-1.6.5-9.el5.x86_64.rpm | SHA-256: c8f7aed49b68fbd38ec1fbc6829e82a555da0a27eb264a179a74f68aa7ed2ff2 |
audit-1.6.5-9.el5.x86_64.rpm | SHA-256: f29334cb751b073dd29cb04dfa73d45c54469ab008b2523afff0068b7128cf12 |
audit-libs-1.6.5-9.el5.i386.rpm | SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f |
audit-libs-1.6.5-9.el5.x86_64.rpm | SHA-256: d2c5488df855e04069e0ecce92e950365ba9aff3a5fa3743fa088a0fad26e317 |
audit-libs-devel-1.6.5-9.el5.i386.rpm | SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f |
audit-libs-devel-1.6.5-9.el5.x86_64.rpm | SHA-256: cde752fb169017fdb2d0eda6d83308c40fc0bb6c81d27a88b73d49265a3df30b |
audit-libs-python-1.6.5-9.el5.x86_64.rpm | SHA-256: 8efce0111f697055dbf211af074a67f02035b45fa21fd28d269f5e8c20145594 |
system-config-audit-0.4.5-8.el5.x86_64.rpm | SHA-256: 31f7119d3a13bc426c13321783d2c1d79d771e98059ea0243138c401ce52ed91 |
i386 | |
audispd-plugins-1.6.5-9.el5.i386.rpm | SHA-256: bf079967a35504a948f8eda546965f8c073098a308e1368e38cc4d79a0164d53 |
audit-1.6.5-9.el5.i386.rpm | SHA-256: f6543a6a85db55daf217d54b4a3ad3a056b0bd20141151e44c0fc49770f079a2 |
audit-libs-1.6.5-9.el5.i386.rpm | SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f |
audit-libs-devel-1.6.5-9.el5.i386.rpm | SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f |
audit-libs-python-1.6.5-9.el5.i386.rpm | SHA-256: 06dda1af9df4a6d63d0c70b7ed09e8f7c6e422b3f1d4f289f821e31ae8da3405 |
system-config-audit-0.4.5-8.el5.i386.rpm | SHA-256: 304416272c280c9bc2a769ebfeb9edd00219a01537bc7a2ec43b382b0e29e7ce |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
audit-1.6.5-9.el5.src.rpm | SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38 |
x86_64 | |
audispd-plugins-1.6.5-9.el5.x86_64.rpm | SHA-256: c8f7aed49b68fbd38ec1fbc6829e82a555da0a27eb264a179a74f68aa7ed2ff2 |
audit-1.6.5-9.el5.x86_64.rpm | SHA-256: f29334cb751b073dd29cb04dfa73d45c54469ab008b2523afff0068b7128cf12 |
audit-libs-1.6.5-9.el5.i386.rpm | SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f |
audit-libs-1.6.5-9.el5.x86_64.rpm | SHA-256: d2c5488df855e04069e0ecce92e950365ba9aff3a5fa3743fa088a0fad26e317 |
audit-libs-python-1.6.5-9.el5.x86_64.rpm | SHA-256: 8efce0111f697055dbf211af074a67f02035b45fa21fd28d269f5e8c20145594 |
system-config-audit-0.4.5-8.el5.x86_64.rpm | SHA-256: 31f7119d3a13bc426c13321783d2c1d79d771e98059ea0243138c401ce52ed91 |
i386 | |
audispd-plugins-1.6.5-9.el5.i386.rpm | SHA-256: bf079967a35504a948f8eda546965f8c073098a308e1368e38cc4d79a0164d53 |
audit-1.6.5-9.el5.i386.rpm | SHA-256: f6543a6a85db55daf217d54b4a3ad3a056b0bd20141151e44c0fc49770f079a2 |
audit-libs-1.6.5-9.el5.i386.rpm | SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f |
audit-libs-python-1.6.5-9.el5.i386.rpm | SHA-256: 06dda1af9df4a6d63d0c70b7ed09e8f7c6e422b3f1d4f289f821e31ae8da3405 |
system-config-audit-0.4.5-8.el5.i386.rpm | SHA-256: 304416272c280c9bc2a769ebfeb9edd00219a01537bc7a2ec43b382b0e29e7ce |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
audit-1.6.5-9.el5.src.rpm | SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38 |
s390x | |
audispd-plugins-1.6.5-9.el5.s390x.rpm | SHA-256: 639e245edd3b0ca0c451eacdd9f0776213cfe41c8faf7df1e8673e41769b3759 |
audit-1.6.5-9.el5.s390x.rpm | SHA-256: b2a20dcec2cd1491d8b82867f97a02dfca7af35b1c480b1d6c3e32c0afca3a8e |
audit-libs-1.6.5-9.el5.s390.rpm | SHA-256: f80b2a6482c21e5d973ddb4a1055178876f3dad5da166e5262694b65d6cfb21a |
audit-libs-1.6.5-9.el5.s390x.rpm | SHA-256: 9d5f90f3a775050a3d379c509478f19b475a4cf1309d3255ebdbf000a509b26b |
audit-libs-devel-1.6.5-9.el5.s390.rpm | SHA-256: 9c122b3496a83b3831df6d70b69d9349996a41dcb593cc889b5e0d12d240336b |
audit-libs-devel-1.6.5-9.el5.s390x.rpm | SHA-256: f66b95bd08959f960411de01e0ce3592d81df8636b4e6adb7366304baf4a1de6 |
audit-libs-python-1.6.5-9.el5.s390x.rpm | SHA-256: 246e0b943734db2a708e6c32f1fb585f848930a4630d117435c3e33f662fdbba |
system-config-audit-0.4.5-8.el5.s390x.rpm | SHA-256: 862f5f9c3f41d1dc152131bb18fac1a405862833650927cf9a982f6949f6ef68 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
audit-1.6.5-9.el5.src.rpm | SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38 |
ppc | |
audispd-plugins-1.6.5-9.el5.ppc.rpm | SHA-256: 5ff885c1ba39c9240b48b1cc79b5fad0535a88108facc69a8caef5a26aea5574 |
audit-1.6.5-9.el5.ppc.rpm | SHA-256: 8713deb8875db4d25dee891a60eea09c2b93035839481f3fe42d0adb02530041 |
audit-libs-1.6.5-9.el5.ppc.rpm | SHA-256: 1568ce51e6e960826bc483d91d23e530a3c7b3c0d4b35d0663f6bb57716cc073 |
audit-libs-1.6.5-9.el5.ppc64.rpm | SHA-256: a5447b72189a9f4fe098ec1f73d4d2b8f3a73b7891685d3a7cb78dc399cabe01 |
audit-libs-devel-1.6.5-9.el5.ppc.rpm | SHA-256: ff9d9fe84e00282d44fef5ca1b7786bffd0776df7f08e7881d5cf323643eafeb |
audit-libs-devel-1.6.5-9.el5.ppc64.rpm | SHA-256: a2195ab74ebccbd382db318511b0bf57cffbe38ec7d484ed5fc528b1c17cbe14 |
audit-libs-python-1.6.5-9.el5.ppc.rpm | SHA-256: 7ff0bd5a53e396424173f4090b717383e11cb80ede4a0766eb0fa0d4c385ebaf |
system-config-audit-0.4.5-8.el5.ppc.rpm | SHA-256: e482a0e040bba5d0589b02e810c67ed0b2b3921419ca8c69c7ad67a8f02e88a9 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
audit-1.6.5-9.el5.src.rpm | SHA-256: 307805709c30215edf0a7a53fd0966924d5c7e062c648fae2bfd94f42bd46a38 |
x86_64 | |
audispd-plugins-1.6.5-9.el5.x86_64.rpm | SHA-256: c8f7aed49b68fbd38ec1fbc6829e82a555da0a27eb264a179a74f68aa7ed2ff2 |
audit-1.6.5-9.el5.x86_64.rpm | SHA-256: f29334cb751b073dd29cb04dfa73d45c54469ab008b2523afff0068b7128cf12 |
audit-libs-1.6.5-9.el5.i386.rpm | SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f |
audit-libs-1.6.5-9.el5.x86_64.rpm | SHA-256: d2c5488df855e04069e0ecce92e950365ba9aff3a5fa3743fa088a0fad26e317 |
audit-libs-devel-1.6.5-9.el5.i386.rpm | SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f |
audit-libs-devel-1.6.5-9.el5.x86_64.rpm | SHA-256: cde752fb169017fdb2d0eda6d83308c40fc0bb6c81d27a88b73d49265a3df30b |
audit-libs-python-1.6.5-9.el5.x86_64.rpm | SHA-256: 8efce0111f697055dbf211af074a67f02035b45fa21fd28d269f5e8c20145594 |
system-config-audit-0.4.5-8.el5.x86_64.rpm | SHA-256: 31f7119d3a13bc426c13321783d2c1d79d771e98059ea0243138c401ce52ed91 |
i386 | |
audispd-plugins-1.6.5-9.el5.i386.rpm | SHA-256: bf079967a35504a948f8eda546965f8c073098a308e1368e38cc4d79a0164d53 |
audit-1.6.5-9.el5.i386.rpm | SHA-256: f6543a6a85db55daf217d54b4a3ad3a056b0bd20141151e44c0fc49770f079a2 |
audit-libs-1.6.5-9.el5.i386.rpm | SHA-256: d16e576ac6d34c00d24b33183bb08128f07a175adab80a12a5f1a2c9198cd69f |
audit-libs-devel-1.6.5-9.el5.i386.rpm | SHA-256: 1309295c302bb7a66dc9182357b706ef9d7ee23c9714b1d59c9bd9bac23ef78f |
audit-libs-python-1.6.5-9.el5.i386.rpm | SHA-256: 06dda1af9df4a6d63d0c70b7ed09e8f7c6e422b3f1d4f289f821e31ae8da3405 |
system-config-audit-0.4.5-8.el5.i386.rpm | SHA-256: 304416272c280c9bc2a769ebfeb9edd00219a01537bc7a2ec43b382b0e29e7ce |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.