- Issued:
- 2009-11-25
- Updated:
- 2009-11-25
RHBA-2009:1602 - Bug Fix Advisory
Synopsis
pki-util, pki-silent, pki-common-ui, pki-common, jss, tomcatjss bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated pki-util, pki-silent, pki-common, pki-common-ui, jss, and tomcatjss
packages are now available for Red Hat Certificate System 8.0. These new
packages fix several bugs and add functionality to select signature digest
algorithms (like SHA256 and SHA512) for RSA and ECC.
Description
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise public key infrastructure (PKI) deployments.
These updated packages provide fixes for the following bugs:
- The DRM and TKS did not have CRL checking enabled. (BZ#529945)
- The silent installer did set the subject name for the agent certificate
or audit signing certificate correctly.(BZ#531162)
In addition, these updated packages deliver support for administrators to
select signature digest algorithms for system certificates for both ECC and
RSA cipher families. These include SHA1withRSA, SHA256withRSA,
SHA512withRSA, SHA1withEC, SHA256withEC, SHA384withEC, SHA512withEC,
MD2withRSA, and MD5withRSA.
For CA subsystems, these signing algorithms can be selected when
configuring the subsystem using the configuration wizard. For other
subsystems, the system certificates assume the same algorithm as the CA
signing certificate. If this is not desired, instructions are provided
to specify other system certificate algorithms.
Support for specifying the signing algorithm has been extended to the
pki-silent silent installer as well as the configuration wizard.
Additional information on these changes can be found in BZ#528236 and
BZ#527593.
Users of Red Hat Certificate System should upgrade to these updated
packages, which resolve these issues.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.
This update is also available via Red Hat Network. Many people find this
an easier way to apply updates. To use Red Hat Network, launch the Red
Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Affected Products
- Red Hat Certificate System 8 x86_64
- Red Hat Certificate System 8 i386
Fixes
(none)CVEs
(none)
References
(none)
Red Hat Certificate System 8
SRPM | |
---|---|
jss-4.2.6-6.el5idm.src.rpm | SHA-256: 2084d67593f9e62cd1db565e3c31d6e9bebabd32bf57548edc865dc44ce18ccc |
pki-common-8.0.2-1.el5pki.src.rpm | SHA-256: 14a7712dd270bb437db36e9f65274575d82f00c6b67e4a67745b19ec7cc5fc8a |
pki-silent-8.0.2-3.el5pki.src.rpm | SHA-256: b301802e96dbcdbf713a4883d5ec07479f9662c71cd10c7b86bab8a748863637 |
pki-util-8.0.2-1.el5pki.src.rpm | SHA-256: 9e175459e8ab0ac26009792808605a006c9d98b852e3fe6a1be4f8bf143a9cf6 |
redhat-pki-common-ui-8.0.2-1.el5pki.src.rpm | SHA-256: c35891ef9cf7285a5128252aef3a6cc7b3d3acbdc95c0e95a74f5740947fba68 |
tomcatjss-1.1.1-2.el5idm.src.rpm | SHA-256: e0834637bdf7beb6d83e8ddf4aa4bc1be88b76add1d4e2d4d1f321e0ea202cb2 |
x86_64 | |
jss-4.2.6-6.el5idm.x86_64.rpm | SHA-256: ff0f083cfd4b872c2601cf40c91fc113a6f1ae85ba0e3cbbed88d54420593514 |
jss-javadoc-4.2.6-6.el5idm.x86_64.rpm | SHA-256: c90f7ea919f8d52fcd1c963b8a6b405e5e03c50c42b75100f640e2977a655a04 |
pki-common-8.0.2-1.el5pki.noarch.rpm | SHA-256: 4ba4c0c69c338180f6df1884f58630755c1b25c487d61bb53842567d6412e0b5 |
pki-common-javadoc-8.0.2-1.el5pki.noarch.rpm | SHA-256: 6c1a2b7a58e440c17946c75aeaf9ef0dbe8b6fcd13361a7c6d57fcb26b83e092 |
pki-silent-8.0.2-3.el5pki.noarch.rpm | SHA-256: b52d29b6a57dda4a32c3ff99d2a25e4ddfcb4a95e63d661f51315e8c277eadfb |
pki-util-8.0.2-1.el5pki.noarch.rpm | SHA-256: cc840b07f671fd3f27c7eb4f05710fef40e82497447832d0ee852d5813ddc70c |
pki-util-javadoc-8.0.2-1.el5pki.noarch.rpm | SHA-256: fd922d959c8add4a74f5e7c23a762d4555d904ef6d6addcef2048ce4e34b0689 |
redhat-pki-common-ui-8.0.2-1.el5pki.noarch.rpm | SHA-256: a9d4f6753f8b2adb2344d42f20519390f0367d5fbee97ca1e83261409f9fa763 |
tomcatjss-1.1.1-2.el5idm.noarch.rpm | SHA-256: b3eb4f826b1ff6496d04a863e936c580718c9e0d4331493b2587b7272bfe3098 |
i386 | |
jss-4.2.6-6.el5idm.i386.rpm | SHA-256: 88cfe1b3bea683c5ee5267fa732793abb2904d7cde852c69d0a7e597b9684ac5 |
jss-javadoc-4.2.6-6.el5idm.i386.rpm | SHA-256: 44d74ae40896f65843506bbc29103d3353c0277709c6f4c4615b4733aac2f585 |
pki-common-8.0.2-1.el5pki.noarch.rpm | SHA-256: 4ba4c0c69c338180f6df1884f58630755c1b25c487d61bb53842567d6412e0b5 |
pki-common-javadoc-8.0.2-1.el5pki.noarch.rpm | SHA-256: 6c1a2b7a58e440c17946c75aeaf9ef0dbe8b6fcd13361a7c6d57fcb26b83e092 |
pki-silent-8.0.2-3.el5pki.noarch.rpm | SHA-256: b52d29b6a57dda4a32c3ff99d2a25e4ddfcb4a95e63d661f51315e8c277eadfb |
pki-util-8.0.2-1.el5pki.noarch.rpm | SHA-256: cc840b07f671fd3f27c7eb4f05710fef40e82497447832d0ee852d5813ddc70c |
pki-util-javadoc-8.0.2-1.el5pki.noarch.rpm | SHA-256: fd922d959c8add4a74f5e7c23a762d4555d904ef6d6addcef2048ce4e34b0689 |
redhat-pki-common-ui-8.0.2-1.el5pki.noarch.rpm | SHA-256: a9d4f6753f8b2adb2344d42f20519390f0367d5fbee97ca1e83261409f9fa763 |
tomcatjss-1.1.1-2.el5idm.noarch.rpm | SHA-256: b3eb4f826b1ff6496d04a863e936c580718c9e0d4331493b2587b7272bfe3098 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.