Issued:
2012-06-20
Updated:
2012-06-20

RHBA-2012:0833 - certmonger bug fix and enhancement update

Synopsis

certmonger bug fix and enhancement update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated certmonger packages that fix multiple bugs and add multiple enhancements are now available for Red Hat Enterprise Linux 6.

Description

The certmonger daemon monitors certificates which have been registered with it, and as a certificate's not-valid-after date approaches, the daemon can optionally attempt to obtain a fresh certificate from a supported CA.

The certmonger packages have been upgraded to upstream version 0.56, which provides a number of bug fixes and enhancements over the previous version. (BZ#789153)

This update fixes the following bugs:

  • Prior to this update, one of the examples provided in the getting-started.txt file did not work as expected if the daemon was prevented from accessing files in user-specified locations, for example by the SELinux policy. With this update, this problem is now documented in the getting-started.txt file. (BZ#765599)

  • Prior to this update, the certmonger daemon was not configured to start by default when the package was installed. This update enables the certmonger service by default. (BZ#765600)

  • Prior to this update, the "getcert" command could under certain circumstances, display the misleading error message "invalid option" when an option that required an argument was used and the argument was not specified. This update modifies the error code so that the correct message is now sent. (BZ#796542)

In addition, this update adds the following enhancement:

  • Prior to this update, newly added certificates were not automatically visible. To see these certificates, servers had to be manually restarted. This update adds the emission of D-Bus signals over the message bus to allow applications to perform the actions they need to use a new certificate. Also, the new "-C" option was added to invoke a user-specified command. (BZ#766167)

All users of certmonger are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for Scientific Computing6x86_64
Red Hat Enterprise Linux for Power, big endian6ppc64
Red Hat Enterprise Linux for IBM z Systems6s390x
Red Hat Enterprise Linux Workstation6x86_64
Red Hat Enterprise Linux Workstation6i386
Red Hat Enterprise Linux Server6x86_64
Red Hat Enterprise Linux Server6i386
Red Hat Enterprise Linux Server from RHUI6x86_64
Red Hat Enterprise Linux Server from RHUI6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support6x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension6x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems)6s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems)6s390x
Red Hat Enterprise Linux Desktop6x86_64
Red Hat Enterprise Linux Desktop6i386

Updated Packages

  • certmonger-0.56-1.el6.s390x.rpm
  • certmonger-0.56-1.el6.ppc64.rpm
  • certmonger-0.56-1.el6.src.rpm
  • certmonger-0.56-1.el6.i686.rpm
  • certmonger-debuginfo-0.56-1.el6.i686.rpm
  • certmonger-debuginfo-0.56-1.el6.ppc64.rpm
  • certmonger-debuginfo-0.56-1.el6.s390x.rpm
  • certmonger-0.56-1.el6.x86_64.rpm
  • certmonger-debuginfo-0.56-1.el6.x86_64.rpm

Fixes

CVEs

(none)

References

(none)

Additional information