- Issued:
- 2009-09-14
- Updated:
- 2009-09-14
RHBA-2009:1443 - Bug Fix Advisory
Synopsis
pki-ca, pki-ca-ui, pki-kra-ui, pki-common, jss bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated pki-ca, pki-common, pki-ca-ui, pki-kra-ui, and jss packages fixing
several bugs and enabling ECC POP on the CA server are now available for
Red Hat Certificate System 8.0.
Description
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise public key infrastructure (PKI) deployments.
These updated packages deliver support for ECC POP on the CA server and
enable ECC enrollment through Firefox versions 2 and 3 using key
constraints. These packages also extend the CA and OCSP servers to provide
support for all ECC algorithms that JSS (NSS) supports.
In addition, these packages fix the following bugs:
- The help button on the 'List Requests' page in the DRM agent services
interface was broken. (BZ#512831)
- The 'Starting request identifier' field in the search form in the DRM
agent services interface did not work. No requests were returned in the
search results. (BZ#512828)
- The default CS.cfg configuration file for the CA was missing a section
that is needed to add the Authority Information Access extension
information to CRLs. (BZ#513450)
- The list and view pages in the CA agent and end-entities services
interfaces incorrectly mapped revocation reasons to values higher than 8,
which is the highest allowed by RFC 5280. (BZ#514093)
- The Online Certificate Status Manager would accept a delta CRL in its
'Add Certificate Revocation List' form in the agent services interface,
when it should only accept full CRLs. (BZ#514270)
- During configuration, the configuration wizard incorrectly prompted the
user to save or open for a ca.p7c binary file while importing the CA agent
certificate into the browser. (BZ#518431)
Users of Red Hat Certificate System should upgrade to these updated
packages, which resolve these issues.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
yum update [filenames]
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Affected Products
- Red Hat Certificate System 8 x86_64
- Red Hat Certificate System 8 i386
Fixes
- BZ - 465507 - Enhancement: Support SHA2 + EC signature algorithms
- BZ - 518431 - ca.p7c bin file is prompted while importing CA Agent certificate in browser
CVEs
(none)
References
(none)
Red Hat Certificate System 8
SRPM | |
---|---|
jss-4.2.6-5.el5idm.src.rpm | SHA-256: d2e11271a34d1a0fb5969761b15e5e67bdb05f5fab680cf64f6fa418b4233a88 |
pki-ca-8.0.1-2.el5pki.src.rpm | SHA-256: 6e1834f3a2503d7b0ebd1657cc14c9f60bb3402685caf3a60e1b936c7ada4bd8 |
pki-common-8.0.1-3.el5pki.src.rpm | SHA-256: 40fc4b308df24f278b4a90b9893fc2943de4bd5d3e5503395a6ffb8b2f63bca2 |
pki-ocsp-8.0.1-1.el5pki.src.rpm | SHA-256: 9f1507e702f640d9426aa7658bc8e868ac51973fb6cdaeb9636f1504ddafd164 |
pki-util-8.0.1-2.el5pki.src.rpm | SHA-256: 328427d8416ef5008b8f9e5b2420d5ab4e84e01a698d2d50fb231d5c915d8da0 |
redhat-pki-ca-ui-8.0.1-1.el5pki.src.rpm | SHA-256: 366184a7b6b13d49fcb9f97c7026942c1f52b5a884b4f2662d3dff1100755a6c |
redhat-pki-kra-ui-8.0.1-1.el5pki.src.rpm | SHA-256: 643f72b9111c2bd9e7950632fc29563a2fd6bcd99fd5bfa383aced97d97a74ce |
x86_64 | |
jss-4.2.6-5.el5idm.x86_64.rpm | SHA-256: 815243cfbf853bbb24501a66f02f0e61b830ec6e1e1a3977f2ef819d4a709ffe |
jss-javadoc-4.2.6-5.el5idm.x86_64.rpm | SHA-256: 8ea2cade7fa621810460b102f0a8f5a910311f6a3b437bf08bff44489d362a89 |
pki-ca-8.0.1-2.el5pki.noarch.rpm | SHA-256: 80a5521482d5bb947d7c9eaad41879935dd017d8c855b31bbc519a34353ef609 |
pki-common-8.0.1-3.el5pki.noarch.rpm | SHA-256: 4a555fa36fded67959d7f67c102653150dd46abd7ab3f7bce7673a50ae053c49 |
pki-common-javadoc-8.0.1-3.el5pki.noarch.rpm | SHA-256: 0b39f733c3af6263ba43ad86adf81350382a2750b240ae218af69176960bc111 |
pki-ocsp-8.0.1-1.el5pki.noarch.rpm | SHA-256: 4883c3d195a3276ac36dfba95723404172ac91a88ff40552ca379ce696779e05 |
pki-util-8.0.1-2.el5pki.noarch.rpm | SHA-256: 3cfed7589f601f91c968205889296ab6c30440da28f9ceb99b7112cda0269b24 |
pki-util-javadoc-8.0.1-2.el5pki.noarch.rpm | SHA-256: 82be761e61d121175c68b6d5d16becb5ad685218418827153036573c215b769a |
redhat-pki-ca-ui-8.0.1-1.el5pki.noarch.rpm | SHA-256: b760d9c83bf86afb3f8d2139b521e0a62c9ce24a337afa8cf677e1f9835c61cc |
redhat-pki-kra-ui-8.0.1-1.el5pki.noarch.rpm | SHA-256: a747b60708a7cbb59126bc19f2aba49458550b75b27c9cd996ae675e5fed976d |
i386 | |
jss-4.2.6-5.el5idm.i386.rpm | SHA-256: 8fb93e71961137914f9f1c307a7b9867fee2deb8982b70ffaa441727ebe517be |
jss-javadoc-4.2.6-5.el5idm.i386.rpm | SHA-256: 01995d205cdee3aa23e6add4d117eaeba80c78b8968638d2b3104228e91508cd |
pki-ca-8.0.1-2.el5pki.noarch.rpm | SHA-256: 80a5521482d5bb947d7c9eaad41879935dd017d8c855b31bbc519a34353ef609 |
pki-common-8.0.1-3.el5pki.noarch.rpm | SHA-256: 4a555fa36fded67959d7f67c102653150dd46abd7ab3f7bce7673a50ae053c49 |
pki-common-javadoc-8.0.1-3.el5pki.noarch.rpm | SHA-256: 0b39f733c3af6263ba43ad86adf81350382a2750b240ae218af69176960bc111 |
pki-ocsp-8.0.1-1.el5pki.noarch.rpm | SHA-256: 4883c3d195a3276ac36dfba95723404172ac91a88ff40552ca379ce696779e05 |
pki-util-8.0.1-2.el5pki.noarch.rpm | SHA-256: 3cfed7589f601f91c968205889296ab6c30440da28f9ceb99b7112cda0269b24 |
pki-util-javadoc-8.0.1-2.el5pki.noarch.rpm | SHA-256: 82be761e61d121175c68b6d5d16becb5ad685218418827153036573c215b769a |
redhat-pki-ca-ui-8.0.1-1.el5pki.noarch.rpm | SHA-256: b760d9c83bf86afb3f8d2139b521e0a62c9ce24a337afa8cf677e1f9835c61cc |
redhat-pki-kra-ui-8.0.1-1.el5pki.noarch.rpm | SHA-256: a747b60708a7cbb59126bc19f2aba49458550b75b27c9cd996ae675e5fed976d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.