Skip to navigation

Bug Fix Advisory certmonger bug fix and enhancement update

Advisory: RHBA-2011:1002-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-07-21
Last updated on: 2011-07-21
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

An updated certmonger package that fixes multiple bugs and adds several
enhancements is now available for Red Hat Enterprise Linux 5.

The certmonger package contains a service which is primarily concerned with
getting your system enrolled with a certificate authority (CA) and keeping it
enrolled.

The certmonger package has been upgraded to upstream version 0.42, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#688610)

Additionally, this update fixes the following bugs:

* Previously, when issuing a request for a certificate to an IPA server, if the
IPA server returned an error, the ipa-submit helper process terminated
unexpectedly while attempting to parse the error in order to report it. The bug
has been fixed in this update, and the error is now recorded properly.
(BZ#690892)

* Previously, if certmonger did not track any certificates, the output of the
"ipa-getcert list" command was empty. This undesired behavior has been fixed so
that after running the command, the number of the certificates tracked is now
displayed as well as any certificate entries, if they exist. (BZ#681642)

* Previously, when the service attempted to save a certificate to a certificate
database, if there was already a certificate in the database with the desired
nickname assigned to it but which had a different value in its "subject name"
field, the attempt to save the new certificate to the database failed. This bug
has been fixed in this update so that any certificates that are already in the
certificate database which have the desired nickname are now cleared out before
attempting to store a new certificate, and storing the new certificate no longer
fails. (BZ#695717)

* Previously, when a non-root user ran the "ipa-getcert" command, an unclear and
ambiguous error message about insufficient user rights to run the command was
displayed. This update improves the error message text so that it is now clear
and straightforward. (BZ#681641)

* Previously, building the certmonger package failed due to a problem with
self-tests. This problem has been resolved and does not occur anymore.
(BZ#670322)

All users requiring certmonger should upgrade to this updated package, which
fixes these bugs and adds several enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
certmonger-0.42-1.el5.src.rpm
File outdated by:  RHBA-2012:0245
    MD5: 48ac6eab76a58a85622dc7e312aeb438
SHA-256: c32ad813c169afb97d86f831b8ee773aa5f53fb1f7cfce95aafb8355204becc8
 
IA-32:
certmonger-0.42-1.el5.i386.rpm
File outdated by:  RHBA-2012:0245
    MD5: a383809163318b15d0f7411c080aa9c3
SHA-256: 4e258e186a67e1dd63b0a9075467de0d143a9b23bda0be9e0cf26b469e41af97
 
IA-64:
certmonger-0.42-1.el5.ia64.rpm
File outdated by:  RHBA-2012:0245
    MD5: c5f71a9f4c33bb902f0b793838de58af
SHA-256: fee0e5c154ab03752e88c39e6351e63de8487e45d1f481837a9ebe765b2f6eb7
 
PPC:
certmonger-0.42-1.el5.ppc.rpm
File outdated by:  RHBA-2012:0245
    MD5: 6132d9a215fb3e4900c01e53ddde172f
SHA-256: 6df235d9816dcdfb43f3ba92a0c9aaaa68ec488689c57a1934d9cc4a7cb49fd4
 
s390x:
certmonger-0.42-1.el5.s390x.rpm
File outdated by:  RHBA-2012:0245
    MD5: 563f40d1d889e09563372b0a7d83246d
SHA-256: 0e0c260e86208873350e2f45f0c567ca46ded7e50398c27ea91e183e400dfa23
 
x86_64:
certmonger-0.42-1.el5.x86_64.rpm
File outdated by:  RHBA-2012:0245
    MD5: 3f6d5f4f669dfafec3a6f53369e32ec4
SHA-256: a230eabd07f7a3f8846ebf67f9631c4098db73d10f773ab167b86847679299b5
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
certmonger-0.42-1.el5.src.rpm
File outdated by:  RHBA-2012:0245
    MD5: 48ac6eab76a58a85622dc7e312aeb438
SHA-256: c32ad813c169afb97d86f831b8ee773aa5f53fb1f7cfce95aafb8355204becc8
 
IA-32:
certmonger-0.42-1.el5.i386.rpm
File outdated by:  RHBA-2012:0245
    MD5: a383809163318b15d0f7411c080aa9c3
SHA-256: 4e258e186a67e1dd63b0a9075467de0d143a9b23bda0be9e0cf26b469e41af97
 
x86_64:
certmonger-0.42-1.el5.x86_64.rpm
File outdated by:  RHBA-2012:0245
    MD5: 3f6d5f4f669dfafec3a6f53369e32ec4
SHA-256: a230eabd07f7a3f8846ebf67f9631c4098db73d10f773ab167b86847679299b5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

670322 - certmonger can't be rebuild in mock
681641 - Unhelpful message from ipa-getcert
681642 - No output from ipa-getcert list



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/