Skip to navigation

Enhancement Advisory keyutils bug fix and enhancement update

Advisory: RHEA-2011:1684-2
Type: Product Enhancement Advisory
Severity: N/A
Issued on: 2011-12-06
Last updated on: 2011-12-06
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated keyutils packages that fix one bug and add one enhancement are now
available for Red Hat Enterprise Linux 6.

The keyutils package provides utilities to control the Linux kernel key
management facility and to provide a mechanism by which the kernel calls up to
user space to get a key instantiated.

This update fixes the following bug:

* The keyutils subpackage did not contain a dependency on the keyutils-libs
subpackage but rather it contained only an implicit dependency on the
libkeyutils.so.[n] shared object files specified as the SONAME variable. As a
consequence, the keyutils subpackage could have been updated without applying
the newest keyutils libraries, which could have caused keyutils to work
incorrectly. To fix this issue, the keyutils spec file has been modified to
include an explicit dependency on the version of keyutils-libs that matches the
keyutils subpackage. Both subpackages are now updated together. (BZ#730002)

This update also provides the following enhancement:

* Previously, the keyutils subpackages were compiled without the RELRO
(read-only relocations) flag. Programs provided by this package and also
programs built against the keyutils libraries were thus vulnerable to various
attacks based on overwriting the ELF section of a program. To increase the
security of keyutils programs and libraries, the keyutils spec file has been
modified to use the "-Wl,-z,relro" flags when compiling the packages. As a
result, the keyutils subpackages are now provided with partial RELRO protection.
(BZ#727280)

Users are advised to upgrade to these updated keyutils packages, which fix this
bug and add this enhancement.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
keyutils-1.4-3.el6.src.rpm
File outdated by:  RHEA-2012:0963
    MD5: b6acb6ef634b566ed6e9eacd772c6fa6
SHA-256: 9d9b9242001223cf40d599e4e527825799dfcbfe4e6b9054548c07c574f7bc80
 
IA-32:
keyutils-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: b3bf701fc750d3e5a1797d2c5e5e9845
SHA-256: 09c123260fee13e6362a702eb70f7953cf877587d2e8e524c4fa08c818d6a23b
keyutils-debuginfo-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 5868dacdf815394c0a94b959419a9a8c
SHA-256: 8a36222949ab921142d99f420f5e457563459d7c623f933738f2735b99db1ee6
keyutils-libs-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 82abf5e21b08b69eba32ed3da09769d4
SHA-256: e47993d629398cd08b354556f7e54bb294529e919ff64b276822d3579985fa54
keyutils-libs-devel-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: c1facbd4b1ce9faa55bec2276155bff3
SHA-256: 06d759fad1b24548727432b1036f0afca68449630dd66776493ce394e8e9d168
 
x86_64:
keyutils-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 7b4958486a0def1ede3322f09441a8c9
SHA-256: 73a24008dd142c6c83d8838c6e6885dcf2713356656f886bb304768b4526239a
keyutils-debuginfo-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 5868dacdf815394c0a94b959419a9a8c
SHA-256: 8a36222949ab921142d99f420f5e457563459d7c623f933738f2735b99db1ee6
keyutils-debuginfo-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 7e5b1bf25ad00eaa7e21e0342e7aae0e
SHA-256: 1a69d76af9b3c9c2b7c22332d943b08e2e22589d6a7886ff88b03f3e06fadcc0
keyutils-libs-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 82abf5e21b08b69eba32ed3da09769d4
SHA-256: e47993d629398cd08b354556f7e54bb294529e919ff64b276822d3579985fa54
keyutils-libs-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 6cde382d0e353463635747469875ef2b
SHA-256: 0a0ee99dc650e19a11442d48c2251922a3c34c448777d6371f443ac8b89946fe
keyutils-libs-devel-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: c1facbd4b1ce9faa55bec2276155bff3
SHA-256: 06d759fad1b24548727432b1036f0afca68449630dd66776493ce394e8e9d168
keyutils-libs-devel-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 676cb782dfbc77997da02afce37c6f35
SHA-256: 30c7a9ebc526c1060cfa1d8ae835aaef667365539bca4c08cd6b824cf1e07d5d
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
keyutils-1.4-3.el6.src.rpm
File outdated by:  RHEA-2012:0963
    MD5: b6acb6ef634b566ed6e9eacd772c6fa6
SHA-256: 9d9b9242001223cf40d599e4e527825799dfcbfe4e6b9054548c07c574f7bc80
 
x86_64:
keyutils-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 7b4958486a0def1ede3322f09441a8c9
SHA-256: 73a24008dd142c6c83d8838c6e6885dcf2713356656f886bb304768b4526239a
keyutils-debuginfo-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 5868dacdf815394c0a94b959419a9a8c
SHA-256: 8a36222949ab921142d99f420f5e457563459d7c623f933738f2735b99db1ee6
keyutils-debuginfo-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 7e5b1bf25ad00eaa7e21e0342e7aae0e
SHA-256: 1a69d76af9b3c9c2b7c22332d943b08e2e22589d6a7886ff88b03f3e06fadcc0
keyutils-libs-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 82abf5e21b08b69eba32ed3da09769d4
SHA-256: e47993d629398cd08b354556f7e54bb294529e919ff64b276822d3579985fa54
keyutils-libs-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 6cde382d0e353463635747469875ef2b
SHA-256: 0a0ee99dc650e19a11442d48c2251922a3c34c448777d6371f443ac8b89946fe
keyutils-libs-devel-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: c1facbd4b1ce9faa55bec2276155bff3
SHA-256: 06d759fad1b24548727432b1036f0afca68449630dd66776493ce394e8e9d168
keyutils-libs-devel-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 676cb782dfbc77997da02afce37c6f35
SHA-256: 30c7a9ebc526c1060cfa1d8ae835aaef667365539bca4c08cd6b824cf1e07d5d
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
keyutils-1.4-3.el6.src.rpm
File outdated by:  RHEA-2012:0963
    MD5: b6acb6ef634b566ed6e9eacd772c6fa6
SHA-256: 9d9b9242001223cf40d599e4e527825799dfcbfe4e6b9054548c07c574f7bc80
 
IA-32:
keyutils-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: b3bf701fc750d3e5a1797d2c5e5e9845
SHA-256: 09c123260fee13e6362a702eb70f7953cf877587d2e8e524c4fa08c818d6a23b
keyutils-debuginfo-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 5868dacdf815394c0a94b959419a9a8c
SHA-256: 8a36222949ab921142d99f420f5e457563459d7c623f933738f2735b99db1ee6
keyutils-libs-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 82abf5e21b08b69eba32ed3da09769d4
SHA-256: e47993d629398cd08b354556f7e54bb294529e919ff64b276822d3579985fa54
keyutils-libs-devel-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: c1facbd4b1ce9faa55bec2276155bff3
SHA-256: 06d759fad1b24548727432b1036f0afca68449630dd66776493ce394e8e9d168
 
PPC:
keyutils-1.4-3.el6.ppc64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 8d27e7705443c4cff9394c575934f3c1
SHA-256: 8de24ce7d2f7034a2cea7c0d1bdb568fc8ac1f91c9bd15b3a1d2d45d9f85f1c3
keyutils-debuginfo-1.4-3.el6.ppc.rpm
File outdated by:  RHEA-2012:0963
    MD5: 2d3fc9146cbb0df81dad5d6b4d92a891
SHA-256: d02169843d77e4cb77f960e1591e3543fcb6de0e712bdd68acb3b61d7a30ce60
keyutils-debuginfo-1.4-3.el6.ppc64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 50f54976b54ad18dd8387d28d29d67ff
SHA-256: d3b38d30f72a1d61f99aacc6f160f898d763cc69e60d59ba1dac47e864e5215a
keyutils-libs-1.4-3.el6.ppc.rpm
File outdated by:  RHEA-2012:0963
    MD5: d1a2cb6aa1ce2ba46204c77db1307757
SHA-256: 4cb3200a7e2f3a4de785d73f0176fd2c8a29c28d683c42b66a2211abe38d2592
keyutils-libs-1.4-3.el6.ppc64.rpm
File outdated by:  RHEA-2012:0963
    MD5: bc0d4d90cfd98dc2998229b332ec1b1b
SHA-256: 881406a624952a92a92217fa690798c8aff34fdb933efb7ac07bea1bb82b5d6b
keyutils-libs-devel-1.4-3.el6.ppc.rpm
File outdated by:  RHEA-2012:0963
    MD5: 8a03ddc0abf2a5af030beb5be321cd2a
SHA-256: a1495005e0c2ceff3179d73b402d6a715637da7a72645c8d69a21d307972db87
keyutils-libs-devel-1.4-3.el6.ppc64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 568e5f47af97c8b2a180dc7ecaa4fda4
SHA-256: 156d6f8eb647084f7c69cdea11799a1763873620055aed90fb9ac6f0f10df0a9
 
s390x:
keyutils-1.4-3.el6.s390x.rpm
File outdated by:  RHEA-2012:0963
    MD5: f561d391785f9fb12f01781f2293a74f
SHA-256: 84b8dc9b594dbd4aa57a4b64b74f4044d553b3fda5bf7e586c246473e9d7d611
keyutils-debuginfo-1.4-3.el6.s390.rpm
File outdated by:  RHEA-2012:0963
    MD5: e1fff4b95bd5e38b2eb3627df7562174
SHA-256: fdfe5d68fdc5680762bcc7c8c4ae49d083db4f2f3fe60ad5828ec6c9edfe97c5
keyutils-debuginfo-1.4-3.el6.s390x.rpm
File outdated by:  RHEA-2012:0963
    MD5: e52fb0870bdaa811b7914a1d05fb7e68
SHA-256: 286936867c4ddd5fc3641b1795f34828dec1e0d3c73b96221e77101167b0a2af
keyutils-libs-1.4-3.el6.s390.rpm
File outdated by:  RHEA-2012:0963
    MD5: 661362a82f66ab5f892db423394679f2
SHA-256: c4cb4b3eadd50a9c049f250447e99facdd449fc44defcea94d406c9faf9c1c95
keyutils-libs-1.4-3.el6.s390x.rpm
File outdated by:  RHEA-2012:0963
    MD5: 58c57f16212869eeafa5d348a465cdc3
SHA-256: e36212c430e924da072fd69efc1ebc8f6dbfac453a7cd65598cadb5ad186493b
keyutils-libs-devel-1.4-3.el6.s390.rpm
File outdated by:  RHEA-2012:0963
    MD5: 45f46cc50aad5ca89930d9b0996a3ca0
SHA-256: f393741a2885b5f1a9e8bce3ac42a1d830c556470ce5a9d148b92d27218d81c0
keyutils-libs-devel-1.4-3.el6.s390x.rpm
File outdated by:  RHEA-2012:0963
    MD5: 00d07e56ba597e2754d96034e53254aa
SHA-256: 935bbec4f8ab2bc1485c4a194e75421388295adbdb7817f25ae7c4563e09e198
 
x86_64:
keyutils-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 7b4958486a0def1ede3322f09441a8c9
SHA-256: 73a24008dd142c6c83d8838c6e6885dcf2713356656f886bb304768b4526239a
keyutils-debuginfo-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 5868dacdf815394c0a94b959419a9a8c
SHA-256: 8a36222949ab921142d99f420f5e457563459d7c623f933738f2735b99db1ee6
keyutils-debuginfo-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 7e5b1bf25ad00eaa7e21e0342e7aae0e
SHA-256: 1a69d76af9b3c9c2b7c22332d943b08e2e22589d6a7886ff88b03f3e06fadcc0
keyutils-libs-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 82abf5e21b08b69eba32ed3da09769d4
SHA-256: e47993d629398cd08b354556f7e54bb294529e919ff64b276822d3579985fa54
keyutils-libs-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 6cde382d0e353463635747469875ef2b
SHA-256: 0a0ee99dc650e19a11442d48c2251922a3c34c448777d6371f443ac8b89946fe
keyutils-libs-devel-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: c1facbd4b1ce9faa55bec2276155bff3
SHA-256: 06d759fad1b24548727432b1036f0afca68449630dd66776493ce394e8e9d168
keyutils-libs-devel-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 676cb782dfbc77997da02afce37c6f35
SHA-256: 30c7a9ebc526c1060cfa1d8ae835aaef667365539bca4c08cd6b824cf1e07d5d
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
keyutils-1.4-3.el6.src.rpm
File outdated by:  RHEA-2012:0963
    MD5: b6acb6ef634b566ed6e9eacd772c6fa6
SHA-256: 9d9b9242001223cf40d599e4e527825799dfcbfe4e6b9054548c07c574f7bc80
 
IA-32:
keyutils-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: b3bf701fc750d3e5a1797d2c5e5e9845
SHA-256: 09c123260fee13e6362a702eb70f7953cf877587d2e8e524c4fa08c818d6a23b
keyutils-debuginfo-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 5868dacdf815394c0a94b959419a9a8c
SHA-256: 8a36222949ab921142d99f420f5e457563459d7c623f933738f2735b99db1ee6
keyutils-libs-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 82abf5e21b08b69eba32ed3da09769d4
SHA-256: e47993d629398cd08b354556f7e54bb294529e919ff64b276822d3579985fa54
keyutils-libs-devel-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: c1facbd4b1ce9faa55bec2276155bff3
SHA-256: 06d759fad1b24548727432b1036f0afca68449630dd66776493ce394e8e9d168
 
x86_64:
keyutils-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 7b4958486a0def1ede3322f09441a8c9
SHA-256: 73a24008dd142c6c83d8838c6e6885dcf2713356656f886bb304768b4526239a
keyutils-debuginfo-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 5868dacdf815394c0a94b959419a9a8c
SHA-256: 8a36222949ab921142d99f420f5e457563459d7c623f933738f2735b99db1ee6
keyutils-debuginfo-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 7e5b1bf25ad00eaa7e21e0342e7aae0e
SHA-256: 1a69d76af9b3c9c2b7c22332d943b08e2e22589d6a7886ff88b03f3e06fadcc0
keyutils-libs-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: 82abf5e21b08b69eba32ed3da09769d4
SHA-256: e47993d629398cd08b354556f7e54bb294529e919ff64b276822d3579985fa54
keyutils-libs-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 6cde382d0e353463635747469875ef2b
SHA-256: 0a0ee99dc650e19a11442d48c2251922a3c34c448777d6371f443ac8b89946fe
keyutils-libs-devel-1.4-3.el6.i686.rpm
File outdated by:  RHEA-2012:0963
    MD5: c1facbd4b1ce9faa55bec2276155bff3
SHA-256: 06d759fad1b24548727432b1036f0afca68449630dd66776493ce394e8e9d168
keyutils-libs-devel-1.4-3.el6.x86_64.rpm
File outdated by:  RHEA-2012:0963
    MD5: 676cb782dfbc77997da02afce37c6f35
SHA-256: 30c7a9ebc526c1060cfa1d8ae835aaef667365539bca4c08cd6b824cf1e07d5d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

727280 - Request to recompile libraries with -Wl,-z,relro flags
730002 - The keyutils subpackage should depend on the keyutils-libs subpackage



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/