Skip to navigation

Bug Fix Advisory certmonger bug fix update

Advisory: RHBA-2011:1238-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-08-31
Last updated on: 2011-08-31
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

An updated certmonger package is now available for Red Hat Enterprise Linux 6.

The certmonger service monitors certificates, warning of their impending
expiration, and optionally attempting to re-enroll with supported CAs
(Certificate Authorities).

This update fixes the following bug:

* When submitting a signing request to a Red Hat IPA (Identity, Policy, Audit)
CA, certmonger is expected to authenticate using the client's host credentials,
and to delegate the client's credentials to the server. Recent updates to
libraries on which certmonger depends changed delegation of client credentials
from a mandatory operation to an optional operation that is no longer enabled by
default, which effectively broke certmonger's support for IPA CAs.

This update gives certmonger the ability to explicitly request credential
delegation when used with newer versions of these libraries, which introduce an
API that allows certmonger to explicitly request that credential delegation be
performed. (BZ#729803)

All certmonger users should upgrade to this updated package, which fixes this
bug.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
certmonger-0.42-1.el5_7.1.src.rpm
File outdated by:  RHBA-2012:0245
    MD5: a77455e66dab3070daf47d06828f977c
SHA-256: 63658a0d6051da8de5c9f494a571117de0cbfb774f15604de6f823af9718777a
 
IA-32:
certmonger-0.42-1.el5_7.1.i386.rpm
File outdated by:  RHBA-2012:0245
    MD5: 5ebc02455610404df60938e210f23dec
SHA-256: 09cf02efa6eef89bb88e48d04f3fb2fd3cda7f888ee6d4472a9571befaaf54a5
 
IA-64:
certmonger-0.42-1.el5_7.1.ia64.rpm
File outdated by:  RHBA-2012:0245
    MD5: 3e1b22d7bc52a60528f3a310db61cd6d
SHA-256: c23cfcd3558046d09325cb9382411c17017241441a02b7ebd3364d47834fd0bb
 
PPC:
certmonger-0.42-1.el5_7.1.ppc.rpm
File outdated by:  RHBA-2012:0245
    MD5: 3df5ca8645fe74882f7a92f0d557688d
SHA-256: 741d06d529cb9d7d9be73f6921916f6648af2f759098e1e9552d42e5c96476dc
 
s390x:
certmonger-0.42-1.el5_7.1.s390x.rpm
File outdated by:  RHBA-2012:0245
    MD5: 2c4365957b07491b5dda01b0935d1e30
SHA-256: 99643c879efad322a453c9235ff3332ecaf4c185f16abf68c71b259b019483aa
 
x86_64:
certmonger-0.42-1.el5_7.1.x86_64.rpm
File outdated by:  RHBA-2012:0245
    MD5: 0cb876e4335cfc76feffc80f1b08aa01
SHA-256: e78d3badea62b04cd88001274a2374cd6dc88e37c692257ae5afee8719ed8c1e
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
certmonger-0.42-1.el5_7.1.src.rpm
File outdated by:  RHBA-2012:0245
    MD5: a77455e66dab3070daf47d06828f977c
SHA-256: 63658a0d6051da8de5c9f494a571117de0cbfb774f15604de6f823af9718777a
 
IA-32:
certmonger-0.42-1.el5_7.1.i386.rpm
File outdated by:  RHBA-2012:0245
    MD5: 5ebc02455610404df60938e210f23dec
SHA-256: 09cf02efa6eef89bb88e48d04f3fb2fd3cda7f888ee6d4472a9571befaaf54a5
 
x86_64:
certmonger-0.42-1.el5_7.1.x86_64.rpm
File outdated by:  RHBA-2012:0245
    MD5: 0cb876e4335cfc76feffc80f1b08aa01
SHA-256: e78d3badea62b04cd88001274a2374cd6dc88e37c692257ae5afee8719ed8c1e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

729803 - Add support for new xmlrpc-c API to do GSSAPI delegation


Keywords

delegation, gssapi


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/