- Issued:
- 2010-06-01
- Updated:
- 2010-06-01
RHBA-2010:0448 - Bug Fix Advisory
Synopsis
esc bug fix update
Type/Severity
Bug Fix Advisory
Topic
A new esc package is available for Red Hat Certificate System. This new
package provides functionality on the Mac OS X Leopard platform.
Description
Red Hat Certificate System (RHCS) manages enterprise public key
infrastructure (PKI) deployments. The esc package contains the Smart Card
Manager GUI tool, which allows users to manage security smart cards. The
primary function of the tool is to enroll smart cards, so that they can be
used for common cryptographic operations, such as secure email and website
access. On Mac OS X 10.5.x systems, this package also provides the smart
card functionality required to interact with applications such as the
Safari web browser and Apple Mail mail client.
The new package fixes the following bugs on the Mac OS X platform:
- When an enrolled smart card was inserted into the computer, the CoolKey
TokenD (the token daemon) would not successfully launch. This daemon is
what allows Apple's Safari browser and Apple Mail client to communicate
with CoolKey smart cards. (BZ#230764)
- The special security officer mode of esc did not function on Mac.
Security officer mode allows designated users to perform in-person token
enrollments, as added security. (BZ#236795)
- If a user deployed an enrolled CoolKey token to visit secure sites in
Safari or used the token with Apple Mail to send encrypted mail, the
CoolKey token daemon required the user to type in the token's PIN value
every time the smart card was accessed because the PIN wasn't being cached
properly. (BZ#239891)
- The CoolKey token daemon was confused with the pre-installed Apple token
daemons when an enrolled token was inserted. This resulted in sporadic or
missing access to the CoolKey smart card features when using Safari or
Apple Mail. (BZ#369011)
- The previous release of esc for Mac OS X was not compatible with Mac OS X
10.5 Leopard. This meant that CoolKey smart cards could not be enrolled on
Mac. (BZ#369031)
- The CoolKey PKCS#11 module, shipped with esc, had problems functioning
fully on Mac OS X 10.5 Leopard. This resulted in problems using esc to
manage tokens and problems actually using the cards for cryptographic
operations. (BZ#403571)
- If a user wanted to enroll and deploy smart cards with 2048-bit keys,
the standard cryptographic functions expected of smart cards were not
possible. For instance, an encrypted email could not be sent with 2048-bit
keys. (BZ#455340)
Solution
Before installing this new package, make sure all previously released errata
relevant to your system have been applied.
Affected Products
- Red Hat Certificate System 8 x86_64
- Red Hat Certificate System 8 i386
Fixes
- BZ - 239891 - Prompt for CoolKey PIN once per application (in tokend)
- BZ - 369011 - Tokend fails on OS X Leopard.
- BZ - 369031 - ESC incompatible with OS X Leopard
CVEs
(none)
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.