Enhancement Advisory audit enhancement and bug fix update

Advisory: RHEA-2008:0358-4
Type: Product Enhancement Advisory
Severity: N/A
Issued on: 2008-05-21
Last updated on: 2008-05-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: N/A

Details

Enhanced audit packages that fix a bug are now available.

The audit package contains the user space utilities for storing and
searching the audit records generated by the audit subsystem in the Linux
2.6 kernel.

These updated audit packages add the following enhancements:

* audit has been updated to the newer 1.6.5 version.

* the system-config-audit GUI configuration tool, for easy audit
administration, has been added.

* auditd now supports group permissions on audit logs.

* audit now has a new multi-threaded event dispatcher which supports plugins.

* the "node"/"machine" field can now be added to audit events.

* the RACF zos remote-logging plugin for IBM systems has been added.

* the "week-ago" keyword has been added to aureport and ausearch.

* auditctl now supports errno abbreviations as the syscall exit code ("-F
exit=-EPERM").

* audit logging can now be resumed with SIGUSR2.

* a new utility, aulastlog, has been added.

* TTY audit support has been added.

In addition, these updated audit packages fix a buffer overflow in the
audit_log_user_command() function. Note that this issue was assigned a
Common Vulnerabilities and Exposures number, CVE-2008-1628, by the Mitre
CVE project. However, we are not treating this issue as a security
vulnerability, as it can only result in a controlled application
termination when overflow is detected by the FORTIFY_SOURCE protection
mechanism. Moreover, no application in Red Hat Enterprise Linux 5.1 uses
this vulnerable interface.

Users of audit are advised to upgrade to these updated packages, which add
these enhancements and resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
audit-libs-devel-1.6.5-9.el5.i386.rpm     00243be2b624c57e9e4a68934a20ebce
 
x86_64:
audit-libs-devel-1.6.5-9.el5.i386.rpm     00243be2b624c57e9e4a68934a20ebce
audit-libs-devel-1.6.5-9.el5.x86_64.rpm     f21e40ba0d972fdba75bac06e14cbe8c
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
audit-1.6.5-9.el5.src.rpm     1e25e8ce82b41d633c5b24bff7250667
 
IA-32:
audispd-plugins-1.6.5-9.el5.i386.rpm     4b70aab92919f21000145f0e5ca3de2a
audit-1.6.5-9.el5.i386.rpm     5c7214646e984cbf406666127ef167e0
audit-libs-1.6.5-9.el5.i386.rpm     50fb33145a7d4b5e3b39d639c62b7129
audit-libs-devel-1.6.5-9.el5.i386.rpm     00243be2b624c57e9e4a68934a20ebce
audit-libs-python-1.6.5-9.el5.i386.rpm     75f26ae04a5a9daec9781aef1ab9ac34
system-config-audit-0.4.5-8.el5.i386.rpm     0502bd1b67d50fd7adec95f3197ef226
 
IA-64:
audispd-plugins-1.6.5-9.el5.ia64.rpm     0932465e54e9e24cd00c8626f0d5989b
audit-1.6.5-9.el5.ia64.rpm     efa9573f37d527b5f3e8a7b550045357
audit-libs-1.6.5-9.el5.i386.rpm     50fb33145a7d4b5e3b39d639c62b7129
audit-libs-1.6.5-9.el5.ia64.rpm     03009cea27705e1c0d276ab12426d2ef
audit-libs-devel-1.6.5-9.el5.ia64.rpm     b60a86059802ea70a2152f8f33616d70
audit-libs-python-1.6.5-9.el5.ia64.rpm     4529bb993114df5a07477d7df5dd0387
system-config-audit-0.4.5-8.el5.ia64.rpm     3c675c1e400ac847bd5d8b9fbbf1c0b5
 
PPC:
audispd-plugins-1.6.5-9.el5.ppc.rpm     0d08f48caf8d327174842d68b7415213
audit-1.6.5-9.el5.ppc.rpm     b45ce8b7fa91da395b73ce59058d696c
audit-libs-1.6.5-9.el5.ppc.rpm     6b57d8056ae7301a98b935f8a0350e1a
audit-libs-1.6.5-9.el5.ppc64.rpm     b7fc3a961c4818cf0f61116d1143f456
audit-libs-devel-1.6.5-9.el5.ppc.rpm     2d9c4c7665f60570142d8742175107dc
audit-libs-devel-1.6.5-9.el5.ppc64.rpm     86ab1ce557b6fc3dae01bc37e7096fb0
audit-libs-python-1.6.5-9.el5.ppc.rpm     5168ae3564a52febf596c9a1d6eaf8ee
system-config-audit-0.4.5-8.el5.ppc.rpm     76a4911627963f4ffbef35b9d8796c1e
 
s390x:
audispd-plugins-1.6.5-9.el5.s390x.rpm     8ea33734b7e18b75b08b9c968fa17b60
audit-1.6.5-9.el5.s390x.rpm     e02f89d66b81ab1e1a7c41076ef8ae2b
audit-libs-1.6.5-9.el5.s390.rpm     81578717d358c3c87154f70fb2b2f2ae
audit-libs-1.6.5-9.el5.s390x.rpm     fb32223760f7b81ad107a1753e72eeb9
audit-libs-devel-1.6.5-9.el5.s390.rpm     9b2f8ff2d3bf91b4014ffdc7e79d5078
audit-libs-devel-1.6.5-9.el5.s390x.rpm     c536a527695d89b308229c9b7fb2a500
audit-libs-python-1.6.5-9.el5.s390x.rpm     a60b9822e8dfd68c7d90c55597acf80c
system-config-audit-0.4.5-8.el5.s390x.rpm     5485e63efb6a2bf7ac7ee9cae5a5bace
 
x86_64:
audispd-plugins-1.6.5-9.el5.x86_64.rpm     c2aedcd6b67c6156990c9a2a7c013212
audit-1.6.5-9.el5.x86_64.rpm     0156708417e7398ef2d446fdb11272a0
audit-libs-1.6.5-9.el5.i386.rpm     50fb33145a7d4b5e3b39d639c62b7129
audit-libs-1.6.5-9.el5.x86_64.rpm     b082453cf9167546005bee3d486bf5e6
audit-libs-devel-1.6.5-9.el5.i386.rpm     00243be2b624c57e9e4a68934a20ebce
audit-libs-devel-1.6.5-9.el5.x86_64.rpm     f21e40ba0d972fdba75bac06e14cbe8c
audit-libs-python-1.6.5-9.el5.x86_64.rpm     aeb50b661442d9d2cdf24d4b6c4bba4a
system-config-audit-0.4.5-8.el5.x86_64.rpm     3913b0ed52d6d6d08c433092d4677c8e
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
audit-1.6.5-9.el5.src.rpm     1e25e8ce82b41d633c5b24bff7250667
 
IA-32:
audispd-plugins-1.6.5-9.el5.i386.rpm     4b70aab92919f21000145f0e5ca3de2a
audit-1.6.5-9.el5.i386.rpm     5c7214646e984cbf406666127ef167e0
audit-libs-1.6.5-9.el5.i386.rpm     50fb33145a7d4b5e3b39d639c62b7129
audit-libs-python-1.6.5-9.el5.i386.rpm     75f26ae04a5a9daec9781aef1ab9ac34
system-config-audit-0.4.5-8.el5.i386.rpm     0502bd1b67d50fd7adec95f3197ef226
 
x86_64:
audispd-plugins-1.6.5-9.el5.x86_64.rpm     c2aedcd6b67c6156990c9a2a7c013212
audit-1.6.5-9.el5.x86_64.rpm     0156708417e7398ef2d446fdb11272a0
audit-libs-1.6.5-9.el5.i386.rpm     50fb33145a7d4b5e3b39d639c62b7129
audit-libs-1.6.5-9.el5.x86_64.rpm     b082453cf9167546005bee3d486bf5e6
audit-libs-python-1.6.5-9.el5.x86_64.rpm     aeb50b661442d9d2cdf24d4b6c4bba4a
system-config-audit-0.4.5-8.el5.x86_64.rpm     3913b0ed52d6d6d08c433092d4677c8e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

244349 - TTY audit support
435329 - [RHEL5.2] audit tests cause oom-kills
435947 - system-config-audit does not run
438844 - buffer overflow in audit_log_user_command
442556 - audit rules with >= get corrupted


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/