Red Hat Product Errata RHEA-2013:1626 - Product Enhancement Advisory

Issued:: 2013-11-20
Updated:: 2013-11-20

RHEA-2013:1626 - Product Enhancement Advisory

Overview
Updated Packages

Synopsis

new packages: p11-kit

Type/Severity

Product Enhancement Advisory

Topic

New p11-kit packages are now available for Red Hat Enterprise Linux 6.

Description

The p11-kit package provides a mechanism to manage PKCS#11 modules. The
p11-kit-trust subpackage includes a PKCS#11 trust module that provides
certificate anchors and black lists based on configuration files.

This enhancement update adds the p11-kit packages to Red Hat Enterprise Linux 6.
(BZ#915798)

Red Hat Enterprise Linux 6.5 provides the p11-kit package to implement
the Shared System Certificates feature. If enabled by the administrator,
it ensures system-wide trust store of static data that is used by crypto
toolkits as input for certificate trust decisions. (BZ#977886)

These new packages had several bugs fixed during testing:

Support for using the freebl3 library for the SHA1 and MD5 cryptographic hash
functions has been added even though the hashing is done in a strictly
non-cryptographic context. (BZ#983384)
All file handles opened by p11-kit are created with the O_CLOEXEC
flag, so that they are automatically closed on the execve() function and
do not leak to subprocesses. (BZ#984986)
When expanding the "$HOME" variable or the "~/" path for SUID and SGID
programs, the expand_home() function returns NULL. This change allows for
avoiding vulnerabilities that could occur if SUID or SGID programs accidentally
trusted this environment. Also, documentation concerning the fact that user
directories are not read for SUID/SGID programs has been added. (BZ#985014)
Users need to use the standard environment $TMPDIR variable for locating the
temp directory. (BZ#985017)
If a critical module fails to initialize, module initialization stops and the
user is informed about the failure. (BZ#985023)
The p11_kit_space_strlen() function returns a "0" value for empty strings.
(BZ#985416)
Arguments of the size_t variable are correctly passed to the "p11_hash_xxx"
functions. (BZ#985421)
Changes in the code ensures that the memdup() function is not called with a
zero length or NULL pointers. (BZ#985433)

All users who require the Shared System Certificates feature are advised
to install these new packages.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386

Fixes

BZ - 985017 - p11-kit: TEMP environment variable
BZ - 985023 - p11-kit: _p11_kit_initialize_registered_unlocked_reentrant and module load failure
BZ - 985416 - p11-kit: p11_kit_space_strlen returns wrong value for empty string
BZ - 985421 - p11-kit: type mismatch in varargs
BZ - 985433 - p11-kit: memdup inconsistent

CVEs

(none)

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
p11-kit-0.18.5-2.el6.src.rpm	SHA-256: 40043e3490219bd6fa4f318004397230fac753a7538903915588991c023b1200
x86_64
p11-kit-0.18.5-2.el6.i686.rpm	SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-0.18.5-2.el6.x86_64.rpm	SHA-256: a05d149d676963cdafe1f843dfee31e3d2df615671778c12071eaeaea8acbf39
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm	SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm	SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-devel-0.18.5-2.el6.i686.rpm	SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-devel-0.18.5-2.el6.x86_64.rpm	SHA-256: 813fd1ce691e1d24e0b6fb132c0d1137b4f42aba6d79fe17781556b7c4ef8112
p11-kit-trust-0.18.5-2.el6.i686.rpm	SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
p11-kit-trust-0.18.5-2.el6.x86_64.rpm	SHA-256: ff17cfe9eadbd89bd70bdac9efb0825428c01e21299ad85e7f95e3687b888b2e
i386
p11-kit-0.18.5-2.el6.i686.rpm	SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-devel-0.18.5-2.el6.i686.rpm	SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-trust-0.18.5-2.el6.i686.rpm	SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8

Red Hat Enterprise Linux Workstation 6

SRPM
p11-kit-0.18.5-2.el6.src.rpm	SHA-256: 40043e3490219bd6fa4f318004397230fac753a7538903915588991c023b1200
x86_64
p11-kit-0.18.5-2.el6.i686.rpm	SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-0.18.5-2.el6.x86_64.rpm	SHA-256: a05d149d676963cdafe1f843dfee31e3d2df615671778c12071eaeaea8acbf39
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm	SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm	SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-devel-0.18.5-2.el6.i686.rpm	SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-devel-0.18.5-2.el6.x86_64.rpm	SHA-256: 813fd1ce691e1d24e0b6fb132c0d1137b4f42aba6d79fe17781556b7c4ef8112
p11-kit-trust-0.18.5-2.el6.i686.rpm	SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
p11-kit-trust-0.18.5-2.el6.x86_64.rpm	SHA-256: ff17cfe9eadbd89bd70bdac9efb0825428c01e21299ad85e7f95e3687b888b2e
i386
p11-kit-0.18.5-2.el6.i686.rpm	SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-devel-0.18.5-2.el6.i686.rpm	SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-trust-0.18.5-2.el6.i686.rpm	SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8

Red Hat Enterprise Linux Desktop 6

SRPM
p11-kit-0.18.5-2.el6.src.rpm	SHA-256: 40043e3490219bd6fa4f318004397230fac753a7538903915588991c023b1200
x86_64
p11-kit-0.18.5-2.el6.i686.rpm	SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-0.18.5-2.el6.x86_64.rpm	SHA-256: a05d149d676963cdafe1f843dfee31e3d2df615671778c12071eaeaea8acbf39
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm	SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm	SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-devel-0.18.5-2.el6.i686.rpm	SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-devel-0.18.5-2.el6.x86_64.rpm	SHA-256: 813fd1ce691e1d24e0b6fb132c0d1137b4f42aba6d79fe17781556b7c4ef8112
p11-kit-trust-0.18.5-2.el6.i686.rpm	SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
p11-kit-trust-0.18.5-2.el6.x86_64.rpm	SHA-256: ff17cfe9eadbd89bd70bdac9efb0825428c01e21299ad85e7f95e3687b888b2e
i386
p11-kit-0.18.5-2.el6.i686.rpm	SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-devel-0.18.5-2.el6.i686.rpm	SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-trust-0.18.5-2.el6.i686.rpm	SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
p11-kit-0.18.5-2.el6.src.rpm	SHA-256: 40043e3490219bd6fa4f318004397230fac753a7538903915588991c023b1200
s390x
p11-kit-0.18.5-2.el6.s390.rpm	SHA-256: 79fffe2a84da8f7b526d77244b5d5a1fe6a206260de66665ef1924b68fc4571f
p11-kit-0.18.5-2.el6.s390x.rpm	SHA-256: 846f76b8cfa1e039e11b5660de4684032286f8a49d5d5576cdf4423fadf98cd2
p11-kit-debuginfo-0.18.5-2.el6.s390.rpm	SHA-256: 66b45b33e88c1edfcd71d30ab44baffac86fe2b8f33d8063d1ff9b3dfbf4778c
p11-kit-debuginfo-0.18.5-2.el6.s390.rpm	SHA-256: 66b45b33e88c1edfcd71d30ab44baffac86fe2b8f33d8063d1ff9b3dfbf4778c
p11-kit-debuginfo-0.18.5-2.el6.s390x.rpm	SHA-256: a4f9d9fad5c69263f2565768b1267ad07665825d1319ae1399791df3f8e30800
p11-kit-debuginfo-0.18.5-2.el6.s390x.rpm	SHA-256: a4f9d9fad5c69263f2565768b1267ad07665825d1319ae1399791df3f8e30800
p11-kit-devel-0.18.5-2.el6.s390.rpm	SHA-256: bc7bc3c388811190ccff61018e441e4bc31927c843c3c36d8e94dc2f4c53967b
p11-kit-devel-0.18.5-2.el6.s390x.rpm	SHA-256: cfdafababca364be6db8b688d6e68a18ffb98cca7464e2333eaac3c4a9e8a436
p11-kit-trust-0.18.5-2.el6.s390x.rpm	SHA-256: 2abd6ef4220cde52176b0cbbdfced4e7a044b3f1f8b095c8875707f6082d66db

Red Hat Enterprise Linux for Power, big endian 6

SRPM
p11-kit-0.18.5-2.el6.src.rpm	SHA-256: 40043e3490219bd6fa4f318004397230fac753a7538903915588991c023b1200
ppc64
p11-kit-0.18.5-2.el6.ppc.rpm	SHA-256: c8b15e21513388ee4952f544a38e0090a790b7e89b71ac52832f12a053ab2076
p11-kit-0.18.5-2.el6.ppc64.rpm	SHA-256: 2228fe003f8531e23ae44c1a97733507763617f87b017684bc3b10157c27d595
p11-kit-debuginfo-0.18.5-2.el6.ppc.rpm	SHA-256: 3f1c2fc1d7a15139a0c3e6764df503cc68f7228aefceb62926d576d62c49dfb7
p11-kit-debuginfo-0.18.5-2.el6.ppc.rpm	SHA-256: 3f1c2fc1d7a15139a0c3e6764df503cc68f7228aefceb62926d576d62c49dfb7
p11-kit-debuginfo-0.18.5-2.el6.ppc64.rpm	SHA-256: 6fadb8f42e964dc76fc614bae1411dc6157f3a8779c104837830d59c753232ff
p11-kit-debuginfo-0.18.5-2.el6.ppc64.rpm	SHA-256: 6fadb8f42e964dc76fc614bae1411dc6157f3a8779c104837830d59c753232ff
p11-kit-devel-0.18.5-2.el6.ppc.rpm	SHA-256: 1a20d33fcbfcfdffe1a8bda00f28da228368487a6d74a01f70af7ccc1046894a
p11-kit-devel-0.18.5-2.el6.ppc64.rpm	SHA-256: c7dbf2fbb0e0b52b6b5460cde2d4ba577c4df80e75d407c68793aa76c924b785
p11-kit-trust-0.18.5-2.el6.ppc64.rpm	SHA-256: ded238ffac6987fda43d1478621b6f11cfa6cf3651972014d80c78e41c87f9e8

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
p11-kit-0.18.5-2.el6.src.rpm	SHA-256: 40043e3490219bd6fa4f318004397230fac753a7538903915588991c023b1200
x86_64
p11-kit-0.18.5-2.el6.i686.rpm	SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-0.18.5-2.el6.x86_64.rpm	SHA-256: a05d149d676963cdafe1f843dfee31e3d2df615671778c12071eaeaea8acbf39
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm	SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm	SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-devel-0.18.5-2.el6.i686.rpm	SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-devel-0.18.5-2.el6.x86_64.rpm	SHA-256: 813fd1ce691e1d24e0b6fb132c0d1137b4f42aba6d79fe17781556b7c4ef8112
p11-kit-trust-0.18.5-2.el6.i686.rpm	SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
p11-kit-trust-0.18.5-2.el6.x86_64.rpm	SHA-256: ff17cfe9eadbd89bd70bdac9efb0825428c01e21299ad85e7f95e3687b888b2e

Red Hat Enterprise Linux Server from RHUI 6

SRPM
p11-kit-0.18.5-2.el6.src.rpm	SHA-256: 40043e3490219bd6fa4f318004397230fac753a7538903915588991c023b1200
x86_64
p11-kit-0.18.5-2.el6.i686.rpm	SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-0.18.5-2.el6.x86_64.rpm	SHA-256: a05d149d676963cdafe1f843dfee31e3d2df615671778c12071eaeaea8acbf39
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm	SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm	SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-devel-0.18.5-2.el6.i686.rpm	SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-devel-0.18.5-2.el6.x86_64.rpm	SHA-256: 813fd1ce691e1d24e0b6fb132c0d1137b4f42aba6d79fe17781556b7c4ef8112
p11-kit-trust-0.18.5-2.el6.i686.rpm	SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
p11-kit-trust-0.18.5-2.el6.x86_64.rpm	SHA-256: ff17cfe9eadbd89bd70bdac9efb0825428c01e21299ad85e7f95e3687b888b2e
i386
p11-kit-0.18.5-2.el6.i686.rpm	SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm	SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-devel-0.18.5-2.el6.i686.rpm	SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-trust-0.18.5-2.el6.i686.rpm	SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories