Issued:

2012-06-20

Updated:

2012-06-20

RHBA-2012:0761 - pki-core bug fix update

Synopsis

pki-core bug fix update

Type/Severity

Bug Fix Advisory

Topic

Updated pki-core packages that fix several bugs are now available for Red Hat Enterprise Linux 6.

Description

Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure (PKI) deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority (CA) subsystem.

Note: The Certificate Authority component provided by this advisory cannot be used as a standalone server. It is installed and operates as a part of the Red Hat Enterprise Identity (IPA).

These updated pki-core packages provide fixes for the following bugs:

• A Firefox launcher setting which opened a non-functional Certificate Authority (CA) page was improperly created and applied to all user profiles. With this update, all PKI-related desktop icons have been removed and the problem no longer occurs. (BZ#745677)

• The pkisilent script did not accept special shell characters, such as spaces or quotation marks, in argument values even if they were properly escaped. Consequently, errors occurred and the script failed. This update improves the code and the problem no longer occurs. (BZ#769388)

• When installing IPA, the installer uses the "sslget" utility to communicate with the CA. Due to a change in Network Security Services (NSS), the server sent out a full response to the sslget client consisting of 9906 bytes but the client received only 5 bytes of the encrypted stream. With this update the problem is fixed and sslget now prints the returned XML form from the PKI CA as expected. (BZ#771790)

• Tomcat has changed the way the server startup is logged. In previous versions, server startup and operation was written to the catalina.out file by the root and tomcat users. Now, the root and tomcat users write to different logs. After the change, the Certificate System (CS) tomcat subsystems failed to start due to incorrect permissions. The CS startup code has been modified to reflect this new logging and now works as expected. (BZ#806046)

All users of pki-core are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

Affected Products

Updated Packages

• pki-silent-9.0.3-24.el6.noarch.rpm
• pki-symkey-9.0.3-24.el6.x86_64.rpm
• pki-core-9.0.3-24.el6.src.rpm
• pki-symkey-9.0.3-24.el6.i686.rpm
• pki-core-debuginfo-9.0.3-24.el6.i686.rpm
• pki-java-tools-javadoc-9.0.3-24.el6.noarch.rpm
• pki-selinux-9.0.3-24.el6.noarch.rpm
• pki-common-javadoc-9.0.3-24.el6.noarch.rpm
• pki-common-9.0.3-24.el6.noarch.rpm
• pki-util-javadoc-9.0.3-24.el6.noarch.rpm
• pki-java-tools-9.0.3-24.el6.noarch.rpm
• pki-util-9.0.3-24.el6.noarch.rpm
• pki-native-tools-9.0.3-24.el6.i686.rpm
• pki-native-tools-9.0.3-24.el6.x86_64.rpm
• pki-ca-9.0.3-24.el6.noarch.rpm
• pki-setup-9.0.3-24.el6.noarch.rpm
• pki-core-debuginfo-9.0.3-24.el6.x86_64.rpm

Fixes

• This content is not included.BZ - 745677
• This content is not included.BZ - 769388

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.