Skip to navigation

Bug Fix Advisory esc bug fix update

Advisory: RHBA-2009:1310-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2009-09-02
Last updated on: 2009-09-02
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

An updated esc package that fixes various bugs is now available.

The esc package contains the "Smart Card Manager" GUI tool, which allows
the user to manage security smart cards. The primary function of the tool
is to enroll smart cards, so that they can be used for common cryptographic
operations, such as secure email and website access.

This updated package fixes the following bugs:

* If a smart card were inserted when the esc daemon was already running
then there could be odd behaviors when the ESC GUI was opened. For example,
if the smart card was blank, then the Phone Home configuration dialog would
not open. When the smart card was removed, then esc could crash. (Bug
496410)

* If a user attempted to re-enroll a formatted token when the RE_ENROLL
value was set to NO, then the ESC wrongly gave an error that the token was
suspended, not that re-enrollment wasn't allowed. This message has been
corrected. (Bug 494981)

This update also includes enhancements for smart card management:

* Certificate System previously supported re-enrollment for tokens, which
allows a formatted token to be re-formatted with new certificates. This
enhancement also allows smart cards to have renewal operations, so existing
certificates can have renewed.

* This release includes enhancements to streamline the security officer
mode for ESC. Security officer mode allows designated users to perform
in-person token enrollments, as added security. This simplifies launching
the ESC GUI in security officer mode.

Users of esc are advised to upgrade to this updated package, which
resolves these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259.

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
esc-1.1.0-9.el5.src.rpm
File outdated by:  RHBA-2013:0734
    MD5: 06ae006ee630b0da844b34d7d1ebdb40
 
IA-32:
esc-1.1.0-9.el5.i386.rpm
File outdated by:  RHBA-2013:0734
    MD5: 440a7c638687439a875a6b1b87c99bfe
 
IA-64:
esc-1.1.0-9.el5.ia64.rpm
File outdated by:  RHBA-2013:0734
    MD5: 747cca909f404683455a25caf54ab4c1
 
PPC:
esc-1.1.0-9.el5.ppc.rpm
File outdated by:  RHBA-2013:0734
    MD5: 794816b26f7688868e855394db4fd066
 
x86_64:
esc-1.1.0-9.el5.x86_64.rpm
File outdated by:  RHBA-2013:0734
    MD5: 874b82064cf7fd485935ce4f3c07e663
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
esc-1.1.0-9.el5.src.rpm
File outdated by:  RHBA-2013:0734
    MD5: 06ae006ee630b0da844b34d7d1ebdb40
 
IA-32:
esc-1.1.0-9.el5.i386.rpm
File outdated by:  RHBA-2013:0734
    MD5: 440a7c638687439a875a6b1b87c99bfe
 
x86_64:
esc-1.1.0-9.el5.x86_64.rpm
File outdated by:  RHBA-2013:0734
    MD5: 874b82064cf7fd485935ce4f3c07e663
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

235474 - Default esc.disable.password.prompt to no for secmode
236268 - ESC: get rid of the -secmode option
445274 - Make security officer enrollment work with Dogtag
493118 - Allow enrolled token to be re-enrolled with local ESC UI
494981 - CS 8.0 Alpha -- When Renrollment policy is set (RE_ENROLL) then the error message display erroneously specifies the card is suspended.
496410 - Problems launching ESC with token already plugged in



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/