- Issued:
- 2012-06-20
- Updated:
- 2012-06-20
RHBA-2012:0920 - Bug Fix Advisory
Synopsis
jss bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated jss packages that fix several bugs are now available for Red Hat
Enterprise Linux 6.
Description
JSS (Java Security Services) is a Java binding to Network Security Services
(NSS), which provides SSL/TLS network protocols and other security services in
the Public Key Infrastructure (PKI) suite. JSS is primarily utilized by the
Certificate Server.
This update fixes the following bugs:
- During key archival process, DRM (Data Recovery Manager) decrypted user's
private keys and then re-encrypted the keys for storage purposes. The reverse
process took place during key recovery; therefore, the private key was not
processed in a token at all times as the decrypted private key was present in
the DRM memory between the time of decryption and encryption. This update adds
the secure PKCS #12 and PKCS #5 v2.0 support, support for wrapping and
unwrapping private keys in their token, and secure private key handling for TMS
(Token Management System) key recovery to Red Hat Certificate System 8.1. As a
result, the key archival operations now happen in the token. (BZ#767768)
- The "kra.storageUnit.hardware" configuration parameter did not exist in DRM's
CS.cfg after upgrade. Consequently, if parameter "kra.storageUnit.hardware" was
defined, recovery operations failed and the server returned the following error
message:
PKCS #12 Creation Failed java.lang.IllegalArgumentException: bagType or
bagContent is null
This update modifies the jss, pki-kra, pki-common components so that the
"kra.storageUnit.hardware" configuration parameter is processed correctly. As a
result, the key archival and recovery process is successful on in-place upgraded
and migrated instances. (BZ#767771)
- Previously, JSS was using the HSM (Hardware Security Module) token name as
manufacturer ID. If the HSM token name differed from the manufacturer ID, the
key archival and recovery failed. This update adds logic to JSS so that it can
recognize the currently supported HSMs: nCipher and SafeNet. Key archival and
recovery in TMS and non-TMS Common Criteria environments now work as expected.
(BZ#767773)
All users of jss are advised to upgrade to these updated packages, which fix
these bugs.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6 x86_64
Fixes
(none)CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 6
SRPM | |
---|---|
jss-4.2.6-22.el6.src.rpm | SHA-256: edfaac04c53203d89d4e1e87fd940374d4bc6f4ec9eae5be4f4280f3dd3ce552 |
x86_64 | |
jss-4.2.6-22.el6.x86_64.rpm | SHA-256: 073d56d7d30452abf65a6a8df8ce2126ee06aac338f9d67ebf856216d183190f |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-javadoc-4.2.6-22.el6.x86_64.rpm | SHA-256: 1ba2c6f77415a933e58ede62fcc72797a5814f6646616241119592db58f8d4f8 |
i386 | |
jss-4.2.6-22.el6.i686.rpm | SHA-256: 8d1a2a0d9798610ca01b742a9189da4a6fab01bcbdd685fdcdc9ffd31a359d33 |
jss-debuginfo-4.2.6-22.el6.i686.rpm | SHA-256: a8fda3989f693191223a96c0577bf9a783d1088f8b19b09f8e229b141b434036 |
jss-debuginfo-4.2.6-22.el6.i686.rpm | SHA-256: a8fda3989f693191223a96c0577bf9a783d1088f8b19b09f8e229b141b434036 |
jss-javadoc-4.2.6-22.el6.i686.rpm | SHA-256: 607622e645d3fcd65c36cbbbdc210dc50bf65fc3c6e6fccebee5cdd5abb05eb1 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
SRPM | |
---|---|
jss-4.2.6-22.el6.src.rpm | SHA-256: edfaac04c53203d89d4e1e87fd940374d4bc6f4ec9eae5be4f4280f3dd3ce552 |
x86_64 | |
jss-4.2.6-22.el6.x86_64.rpm | SHA-256: 073d56d7d30452abf65a6a8df8ce2126ee06aac338f9d67ebf856216d183190f |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-javadoc-4.2.6-22.el6.x86_64.rpm | SHA-256: 1ba2c6f77415a933e58ede62fcc72797a5814f6646616241119592db58f8d4f8 |
i386 | |
jss-4.2.6-22.el6.i686.rpm | SHA-256: 8d1a2a0d9798610ca01b742a9189da4a6fab01bcbdd685fdcdc9ffd31a359d33 |
jss-debuginfo-4.2.6-22.el6.i686.rpm | SHA-256: a8fda3989f693191223a96c0577bf9a783d1088f8b19b09f8e229b141b434036 |
jss-debuginfo-4.2.6-22.el6.i686.rpm | SHA-256: a8fda3989f693191223a96c0577bf9a783d1088f8b19b09f8e229b141b434036 |
jss-javadoc-4.2.6-22.el6.i686.rpm | SHA-256: 607622e645d3fcd65c36cbbbdc210dc50bf65fc3c6e6fccebee5cdd5abb05eb1 |
Red Hat Enterprise Linux Workstation 6
SRPM | |
---|---|
jss-4.2.6-22.el6.src.rpm | SHA-256: edfaac04c53203d89d4e1e87fd940374d4bc6f4ec9eae5be4f4280f3dd3ce552 |
x86_64 | |
jss-4.2.6-22.el6.x86_64.rpm | SHA-256: 073d56d7d30452abf65a6a8df8ce2126ee06aac338f9d67ebf856216d183190f |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-javadoc-4.2.6-22.el6.x86_64.rpm | SHA-256: 1ba2c6f77415a933e58ede62fcc72797a5814f6646616241119592db58f8d4f8 |
i386 | |
jss-4.2.6-22.el6.i686.rpm | SHA-256: 8d1a2a0d9798610ca01b742a9189da4a6fab01bcbdd685fdcdc9ffd31a359d33 |
jss-debuginfo-4.2.6-22.el6.i686.rpm | SHA-256: a8fda3989f693191223a96c0577bf9a783d1088f8b19b09f8e229b141b434036 |
jss-debuginfo-4.2.6-22.el6.i686.rpm | SHA-256: a8fda3989f693191223a96c0577bf9a783d1088f8b19b09f8e229b141b434036 |
jss-javadoc-4.2.6-22.el6.i686.rpm | SHA-256: 607622e645d3fcd65c36cbbbdc210dc50bf65fc3c6e6fccebee5cdd5abb05eb1 |
Red Hat Enterprise Linux Desktop 6
SRPM | |
---|---|
jss-4.2.6-22.el6.src.rpm | SHA-256: edfaac04c53203d89d4e1e87fd940374d4bc6f4ec9eae5be4f4280f3dd3ce552 |
x86_64 | |
jss-4.2.6-22.el6.x86_64.rpm | SHA-256: 073d56d7d30452abf65a6a8df8ce2126ee06aac338f9d67ebf856216d183190f |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-javadoc-4.2.6-22.el6.x86_64.rpm | SHA-256: 1ba2c6f77415a933e58ede62fcc72797a5814f6646616241119592db58f8d4f8 |
i386 | |
jss-4.2.6-22.el6.i686.rpm | SHA-256: 8d1a2a0d9798610ca01b742a9189da4a6fab01bcbdd685fdcdc9ffd31a359d33 |
jss-debuginfo-4.2.6-22.el6.i686.rpm | SHA-256: a8fda3989f693191223a96c0577bf9a783d1088f8b19b09f8e229b141b434036 |
jss-debuginfo-4.2.6-22.el6.i686.rpm | SHA-256: a8fda3989f693191223a96c0577bf9a783d1088f8b19b09f8e229b141b434036 |
jss-javadoc-4.2.6-22.el6.i686.rpm | SHA-256: 607622e645d3fcd65c36cbbbdc210dc50bf65fc3c6e6fccebee5cdd5abb05eb1 |
Red Hat Enterprise Linux for IBM z Systems 6
SRPM | |
---|---|
jss-4.2.6-22.el6.src.rpm | SHA-256: edfaac04c53203d89d4e1e87fd940374d4bc6f4ec9eae5be4f4280f3dd3ce552 |
s390x | |
jss-4.2.6-22.el6.s390x.rpm | SHA-256: ac09128b1c7b65800f49855ef8770c4295c5761506daa5d9155471d0fc95ad86 |
jss-debuginfo-4.2.6-22.el6.s390x.rpm | SHA-256: 33c59bbe044696a15c18d4ad00ee068a0321b27bd6dbf8ed6d2dfba3240907e2 |
jss-debuginfo-4.2.6-22.el6.s390x.rpm | SHA-256: 33c59bbe044696a15c18d4ad00ee068a0321b27bd6dbf8ed6d2dfba3240907e2 |
jss-javadoc-4.2.6-22.el6.s390x.rpm | SHA-256: d86cf675424fb6142c2f136e0289346562d434c884a782a6de27983209908fb8 |
Red Hat Enterprise Linux for Power, big endian 6
SRPM | |
---|---|
jss-4.2.6-22.el6.src.rpm | SHA-256: edfaac04c53203d89d4e1e87fd940374d4bc6f4ec9eae5be4f4280f3dd3ce552 |
ppc64 | |
jss-4.2.6-22.el6.ppc64.rpm | SHA-256: a0da097911edb81c9f929d79f24a5166b1e875e718a02cf16ecad0f30b67a1b7 |
jss-debuginfo-4.2.6-22.el6.ppc64.rpm | SHA-256: e47e68cf635e441885b3c9e7d6a3061e566ffb2cd5a87cc4580b1a035ef49b67 |
jss-debuginfo-4.2.6-22.el6.ppc64.rpm | SHA-256: e47e68cf635e441885b3c9e7d6a3061e566ffb2cd5a87cc4580b1a035ef49b67 |
jss-javadoc-4.2.6-22.el6.ppc64.rpm | SHA-256: 79fa0a937375974b02f222cbff85ae7b42a9525a8b7be75c1d265e22120aa83b |
Red Hat Enterprise Linux for Scientific Computing 6
SRPM | |
---|---|
jss-4.2.6-22.el6.src.rpm | SHA-256: edfaac04c53203d89d4e1e87fd940374d4bc6f4ec9eae5be4f4280f3dd3ce552 |
x86_64 | |
jss-4.2.6-22.el6.x86_64.rpm | SHA-256: 073d56d7d30452abf65a6a8df8ce2126ee06aac338f9d67ebf856216d183190f |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-javadoc-4.2.6-22.el6.x86_64.rpm | SHA-256: 1ba2c6f77415a933e58ede62fcc72797a5814f6646616241119592db58f8d4f8 |
Red Hat Enterprise Linux Server from RHUI 6
SRPM | |
---|---|
jss-4.2.6-22.el6.src.rpm | SHA-256: edfaac04c53203d89d4e1e87fd940374d4bc6f4ec9eae5be4f4280f3dd3ce552 |
x86_64 | |
jss-4.2.6-22.el6.x86_64.rpm | SHA-256: 073d56d7d30452abf65a6a8df8ce2126ee06aac338f9d67ebf856216d183190f |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-javadoc-4.2.6-22.el6.x86_64.rpm | SHA-256: 1ba2c6f77415a933e58ede62fcc72797a5814f6646616241119592db58f8d4f8 |
i386 | |
jss-4.2.6-22.el6.i686.rpm | SHA-256: 8d1a2a0d9798610ca01b742a9189da4a6fab01bcbdd685fdcdc9ffd31a359d33 |
jss-debuginfo-4.2.6-22.el6.i686.rpm | SHA-256: a8fda3989f693191223a96c0577bf9a783d1088f8b19b09f8e229b141b434036 |
jss-debuginfo-4.2.6-22.el6.i686.rpm | SHA-256: a8fda3989f693191223a96c0577bf9a783d1088f8b19b09f8e229b141b434036 |
jss-javadoc-4.2.6-22.el6.i686.rpm | SHA-256: 607622e645d3fcd65c36cbbbdc210dc50bf65fc3c6e6fccebee5cdd5abb05eb1 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
SRPM | |
---|---|
jss-4.2.6-22.el6.src.rpm | SHA-256: edfaac04c53203d89d4e1e87fd940374d4bc6f4ec9eae5be4f4280f3dd3ce552 |
s390x | |
jss-4.2.6-22.el6.s390x.rpm | SHA-256: ac09128b1c7b65800f49855ef8770c4295c5761506daa5d9155471d0fc95ad86 |
jss-debuginfo-4.2.6-22.el6.s390x.rpm | SHA-256: 33c59bbe044696a15c18d4ad00ee068a0321b27bd6dbf8ed6d2dfba3240907e2 |
jss-debuginfo-4.2.6-22.el6.s390x.rpm | SHA-256: 33c59bbe044696a15c18d4ad00ee068a0321b27bd6dbf8ed6d2dfba3240907e2 |
jss-javadoc-4.2.6-22.el6.s390x.rpm | SHA-256: d86cf675424fb6142c2f136e0289346562d434c884a782a6de27983209908fb8 |
Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6
SRPM | |
---|---|
jss-4.2.6-22.el6.src.rpm | SHA-256: edfaac04c53203d89d4e1e87fd940374d4bc6f4ec9eae5be4f4280f3dd3ce552 |
x86_64 | |
jss-4.2.6-22.el6.x86_64.rpm | SHA-256: 073d56d7d30452abf65a6a8df8ce2126ee06aac338f9d67ebf856216d183190f |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-debuginfo-4.2.6-22.el6.x86_64.rpm | SHA-256: 77051892e32818af4cba8df0982ccf2c713270f7abbbd98f3cc0e19ac02d491a |
jss-javadoc-4.2.6-22.el6.x86_64.rpm | SHA-256: 1ba2c6f77415a933e58ede62fcc72797a5814f6646616241119592db58f8d4f8 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.