Skip to navigation

Bug Fix Advisory hmaccalc bug fix update

Advisory: RHBA-2011:1462-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-02-20
Last updated on: 2012-02-20
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

An updated hmaccalc package that fixes a bug is now available for Red Hat
Enterprise Linux 5.

The hmaccalc package contains tools to calculate HMAC (Hash-based Message
Authentication Code) values for files. The names and interfaces were designed to
mimic those of the sha1sum, sha256sum, sha384sum and sha512sum tools provided by
the coreutils package.

This updated hmaccalc package fixes the following bug:

* Prior to this update, hmaccalc erroneously truncated the values which it read
from a checkfile before comparing them with the computed values. Consequently,
comparison between differently truncated sums of files passed in some cases.
This update backports a change which modifies the hmaccalc tool so that when it
is used to verify checksums, if it is told to truncate computed values during a
verification operation, it will not truncate the values which it reads from a
checkfile before comparing them with the computed values. As a result hmaccalc
correctly detects differences in hmac values. (BZ#658178).

All users of hmaccalc are advised to upgrade to this updated package, which
fixes this bug.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

IA-32:
hmaccalc-0.9.6-4.el5.i386.rpm     MD5: eb70fd6979e9bb989f8aa0c84c600ac5
SHA-256: 7badbe8cf505f7dd19999e45246bb226d49fb06a28427e52ee6abe743c2c615a
 
IA-64:
hmaccalc-0.9.6-4.el5.ia64.rpm     MD5: a24ee7427a30823df429fd7d5e2949ef
SHA-256: e858a0b149eb9ebb685805fe5507262f883f3c3acc2dc7f4d7c8761f85b25298
 
PPC:
hmaccalc-0.9.6-4.el5.ppc.rpm     MD5: 0f69e19a79ab8f98f71ed3af4a25ad07
SHA-256: 1273736787115a03ced61107436654530fffd03329881d085fb1efbdd4b2b890
 
s390x:
hmaccalc-0.9.6-4.el5.s390x.rpm     MD5: 5150a9282d197fe77cf95be3fe47f4ae
SHA-256: 5d29656660a658be740af02a2de44cff196c05a3d84afa96c55825ae0b569d7c
 
x86_64:
hmaccalc-0.9.6-4.el5.x86_64.rpm     MD5: 11f7b61cbc88ad0fa3be754c7fd23d0d
SHA-256: 26f1b1e7ee17ba23a0f2d5a3e402234d17411ca2a72e73188bd6e5ce5bf039c8
 
Red Hat Enterprise Linux Desktop (v. 5 client)

IA-32:
hmaccalc-0.9.6-4.el5.i386.rpm     MD5: eb70fd6979e9bb989f8aa0c84c600ac5
SHA-256: 7badbe8cf505f7dd19999e45246bb226d49fb06a28427e52ee6abe743c2c615a
 
x86_64:
hmaccalc-0.9.6-4.el5.x86_64.rpm     MD5: 11f7b61cbc88ad0fa3be754c7fd23d0d
SHA-256: 26f1b1e7ee17ba23a0f2d5a3e402234d17411ca2a72e73188bd6e5ce5bf039c8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

658178 - sha512hmac passes comparison between differently truncated sums of files



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/