- Issued:
- 2011-05-19
- Updated:
- 2011-05-19
RHBA-2011:0676 - libica bug fix update
Synopsis
libica bug fix update
Type/Severity
Bug Fix Advisory
Topic
Updated libica packages that fix various bugs are now available.
Description
A library of functions and utilities for accessing ICA hardware crypto on IBM zSeries.
This updated libica packages fix the following bugs:
-
Previously, when the libica library ran in 31-bit mode, the STCK buffer length was smaller than required, which caused corrupted memory and application crashes. This is now fixed to ensure that the libica library allocates an appropriately sized STCK buffer in 31-bit mode to prevent corrupted memory and application crashes. (BZ#640035)
-
Previously, a SIGILL handler wrapped all cryptographic operations and caught crashes caused by invalid CPU instructions. This SIGILL handler prevented crashes but caused significant performance regression in the system. This is now fixed so that the CPU correctly reports the availability of individual cryptographics algorithms, therefore the SIGILL wrappers are removed. (BZ#665401)
-
The libica testsuite failed for libica_keygen_test and libica_sha1_test. The test failed for libica_sha1_test because "return to zero" was missing for the old_api_sha_test() function. The libica_keygen_test test failed because the openSSL powered RSA exponent only handles the values 3 or 65537 and libica_keygen_test provided a default random value. This is now fixed so that libica_sha1_test's old_api_sha_test includes "return to zero" and libica_keygen_test runs with parameters, "libica_keygen_test
<3|65537>". Due to this, the libica testsuite no longer fails for libica_keygen_test and libica_sha1_test. (BZ#624005)
Users are advised to upgrade to these updated packages, which resolves these issues.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
Updated Packages
- libica-2.0.3-4.el6.s390.rpm
- libica-devel-2.0.3-4.el6.s390.rpm
- libica-2.0.3-4.el6.src.rpm
- libica-debuginfo-2.0.3-4.el6.s390.rpm
- libica-devel-2.0.3-4.el6.s390x.rpm
- libica-2.0.3-4.el6.s390x.rpm
- libica-debuginfo-2.0.3-4.el6.s390x.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.