hmaccalc bug fix update
| Advisory: | RHBA-2011:1462-1 |
|---|---|
| Type: | Bug Fix Advisory |
| Severity: | N/A |
| Issued on: | 2012-02-20 |
| Last updated on: | 2012-02-20 |
| Affected Products: | Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) |
Details
An updated hmaccalc package that fixes a bug is now available for Red Hat
Enterprise Linux 5.
The hmaccalc package contains tools to calculate HMAC (Hash-based Message
Authentication Code) values for files. The names and interfaces were designed to
mimic those of the sha1sum, sha256sum, sha384sum and sha512sum tools provided by
the coreutils package.
This updated hmaccalc package fixes the following bug:
* Prior to this update, hmaccalc erroneously truncated the values which it read
from a checkfile before comparing them with the computed values. Consequently,
comparison between differently truncated sums of files passed in some cases.
This update backports a change which modifies the hmaccalc tool so that when it
is used to verify checksums, if it is told to truncate computed values during a
verification operation, it will not truncate the values which it reads from a
checkfile before comparing them with the computed values. As a result hmaccalc
correctly detects differences in hmac values. (BZ#658178).
All users of hmaccalc are advised to upgrade to this updated package, which
fixes this bug.
Solution
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Updated packages
| Red Hat Enterprise Linux (v. 5 server) | |
| IA-32: | |
| hmaccalc-0.9.6-4.el5.i386.rpm | MD5: eb70fd6979e9bb989f8aa0c84c600ac5 SHA-256: 7badbe8cf505f7dd19999e45246bb226d49fb06a28427e52ee6abe743c2c615a |
| IA-64: | |
| hmaccalc-0.9.6-4.el5.ia64.rpm | MD5: a24ee7427a30823df429fd7d5e2949ef SHA-256: e858a0b149eb9ebb685805fe5507262f883f3c3acc2dc7f4d7c8761f85b25298 |
| PPC: | |
| hmaccalc-0.9.6-4.el5.ppc.rpm | MD5: 0f69e19a79ab8f98f71ed3af4a25ad07 SHA-256: 1273736787115a03ced61107436654530fffd03329881d085fb1efbdd4b2b890 |
| s390x: | |
| hmaccalc-0.9.6-4.el5.s390x.rpm | MD5: 5150a9282d197fe77cf95be3fe47f4ae SHA-256: 5d29656660a658be740af02a2de44cff196c05a3d84afa96c55825ae0b569d7c |
| x86_64: | |
| hmaccalc-0.9.6-4.el5.x86_64.rpm | MD5: 11f7b61cbc88ad0fa3be754c7fd23d0d SHA-256: 26f1b1e7ee17ba23a0f2d5a3e402234d17411ca2a72e73188bd6e5ce5bf039c8 |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| IA-32: | |
| hmaccalc-0.9.6-4.el5.i386.rpm | MD5: eb70fd6979e9bb989f8aa0c84c600ac5 SHA-256: 7badbe8cf505f7dd19999e45246bb226d49fb06a28427e52ee6abe743c2c615a |
| x86_64: | |
| hmaccalc-0.9.6-4.el5.x86_64.rpm | MD5: 11f7b61cbc88ad0fa3be754c7fd23d0d SHA-256: 26f1b1e7ee17ba23a0f2d5a3e402234d17411ca2a72e73188bd6e5ce5bf039c8 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
658178 - sha512hmac passes comparison between differently truncated sums of files
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
