- Issued:
- 2011-02-16
- Updated:
- 2011-02-16
RHBA-2011:0231 - Bug Fix Advisory
Synopsis
openCryptoki bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated openCryptoki packages that fix 3 bugs are now available for Red Hat
Enterprise Linux 4.
Description
The openCryptoki package contains the PKCS#11 Version 2.11 API implemented for
the IBM Crypto cards. This package includes support for the IBM 4758
Cryptographic CoProcessor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on IBM eServer System p).
This update fixes the following bugs:
- Previously, pkcsconf compared the re-entered PIN up to the length of the
already entered PIN. Due to this behavior, pkcsconf could consider a longer
re-entered PIN as the same as the first entered PIN. This update checks the
length of both PINs and their content. The entered and re-entered PINs are now
compared correctly. (BZ#415971)
- Previously, the file descriptor for spinlock files was not closed correctly
which led to exhaustion during runtime. Due to this behavior, lock files did not
close and a session could run out of file handles. This update closes the file
descriptor. Lock files are now correctly closed, and no more descriptor
exhaustion occurs. (BZ#430594)
- Previously, the pkcs11_startup script failed to start when there was no
hardware crypto device in the system. Due to this behavior, the use of software
crypto devices was not allowed. This update removes the explicit check for the
presence of hardware devices. (BZ#430643)
All users of openCryptoki are advised to upgrade to these updated packages,
which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
Fixes
(none)CVEs
(none)
References
(none)
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
openCryptoki-2.1.6-0.40.6.src.rpm | SHA-256: fb41b70e11229304c0d1b112a8d55684dcd0366c3d0abb3dd282854066e6af08 |
s390x | |
openCryptoki-2.1.6-0.40.6.s390.rpm | SHA-256: 059828de80358d305402948f35ce2b1c87d577458612dbc21a5c14ce0c95f674 |
openCryptoki-2.1.6-0.40.6.s390x.rpm | SHA-256: 0569143c689c93c8a4e9d20f1e08361280c744ad7dac5da93169e61df752722f |
s390 | |
openCryptoki-2.1.6-0.40.6.s390.rpm | SHA-256: 059828de80358d305402948f35ce2b1c87d577458612dbc21a5c14ce0c95f674 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.