- Issued:
- 2011-12-06
- Updated:
- 2011-12-06
RHBA-2011:1739 - audit bug fix and enhancement update
Synopsis
audit bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated audit packages that fix various bugs and add several enhancements are now available for Red Hat Enterprise Linux 6.
Description
The audit packages contain the user space utilities for storing and searching the audit records which have been generated by the audit subsystem in the Linux 2.6 kernel.
The audit package has been upgraded to upstream version 2.1.3, which provides a number of bug fixes and enhancements over the previous version. (BZ#731723)
This update fixes the following bugs:
-
Previously, the audit daemon was logging messages even when configured to ignore "disk full" and "disk error" actions. With this update, audit now does nothing if it is set to ignore these actions, and no messages are logged in the described scenario. (BZ#715279)
-
Previously, the Audit remote logging client received a "disk error" event instead of "disk full" event from a server when the server's disk space ran out. This bug has been fixed and the logging client now returns the correct event in the described scenario. (BZ#715315)
-
Prior to this update, the audit system was identifying the accept4() system call as the now deprecated paccept() system call. Now, the code has been fixed and audit uses the correct identifier for the accept4() system call. (BZ#748124)
-
Previously, the "auditctl -l" command returned 0 even if it failed because of dropped capabilities. This bug has been fixed and a non-zero value is now returned if the operation is not permitted. (BZ#709345)
-
When Kerberos support was disabled, some configuration options in the audisp-remote.conf file related to Kerberos 5 generated warning messages about GSSAPI support during boot. With this update, the options are now commented out in the described scenario and the messages are no longer returned. (BZ#728475)
-
On i386 and IBM System z architectures, the "autrace -r /bin/ls" command returned error messages even though all relevant rules were added correctly. This bug has been fixed and no error messages about sending add rule data requests are now returned in the described scenario. (BZ#700005)
All audit users are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- audit-libs-static-2.1.3-3.el6.ppc64.rpm
- audit-2.1.3-3.el6.src.rpm
- audit-libs-2.1.3-3.el6.ppc.rpm
- audit-libs-static-2.1.3-3.el6.x86_64.rpm
- audit-libs-devel-2.1.3-3.el6.ppc.rpm
- audispd-plugins-2.1.3-3.el6.i686.rpm
- audit-libs-devel-2.1.3-3.el6.ppc64.rpm
- audit-libs-python-2.1.3-3.el6.ppc64.rpm
- audit-debuginfo-2.1.3-3.el6.s390.rpm
- audit-2.1.3-3.el6.ppc64.rpm
- audit-libs-2.1.3-3.el6.x86_64.rpm
- audispd-plugins-2.1.3-3.el6.x86_64.rpm
- audit-debuginfo-2.1.3-3.el6.s390x.rpm
- audit-debuginfo-2.1.3-3.el6.ppc.rpm
- audit-libs-2.1.3-3.el6.ppc64.rpm
- audit-libs-2.1.3-3.el6.s390x.rpm
- audispd-plugins-2.1.3-3.el6.s390x.rpm
- audit-libs-python-2.1.3-3.el6.s390x.rpm
- audit-libs-devel-2.1.3-3.el6.s390.rpm
- audit-libs-devel-2.1.3-3.el6.i686.rpm
- audit-libs-python-2.1.3-3.el6.x86_64.rpm
- audit-debuginfo-2.1.3-3.el6.x86_64.rpm
- audit-libs-devel-2.1.3-3.el6.s390x.rpm
- audispd-plugins-2.1.3-3.el6.ppc64.rpm
- audit-libs-static-2.1.3-3.el6.s390x.rpm
- audit-2.1.3-3.el6.i686.rpm
- audit-debuginfo-2.1.3-3.el6.ppc64.rpm
- audit-debuginfo-2.1.3-3.el6.i686.rpm
- audit-2.1.3-3.el6.s390x.rpm
- audit-libs-devel-2.1.3-3.el6.x86_64.rpm
- audit-libs-python-2.1.3-3.el6.i686.rpm
- audit-libs-2.1.3-3.el6.s390.rpm
- audit-libs-static-2.1.3-3.el6.i686.rpm
- audit-2.1.3-3.el6.x86_64.rpm
- audit-libs-2.1.3-3.el6.i686.rpm
Fixes
- This content is not included.BZ - 700005
- This content is not included.BZ - 709345
- This content is not included.BZ - 715315
- This content is not included.BZ - 728475
- This content is not included.BZ - 731723
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.