Bug Fix Advisory coolkey bug fix and enhancement update

Advisory: RHBA-2013:1699-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-11-20
Last updated on: 2013-11-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated coolkey packages that fix several bugs and add one enhancement are now
available for Red Hat Enterprise Linux 6.

Coolkey is a smart card support library for the CoolKey, Common Access Card
(CAC), and Personal Identity Verification (PIV) smart cards.

This update fixes the following bugs:

* In previous versions, coolkey always created a bogus e-gate smart card reader
to avoid problems with Network Security Services (NSS) and the PC/SC Lite
framework when no smart card reader was available. However, e-gate smart cards
are no longer available for smart card authentication, and the NSS and pcsc-lite
packages have been updated to handle a situation with no e-gate reader attached.
Therefore, this bogus reader in coolkey became unnecessary and could cause
problems to some applications under certain circumstances. This update modifies
the respective code so that coolkey no longer creates a bogus e-gate smart card.
(BZ#806038)

* With a previous version of coolkey, some signature operations, such as PKINIT,
could fail on PIV endpoint cards that support both CAC and PIV interfaces. The
underlying coolkey code has been modified so these PIV endpoint cards now works
with coolkey as expected. (BZ#906537)

* The coolkey library registered only with the NSS DBM database, however, NSS
now uses also the SQLite database format, which is preferred. This update
modifies coolkey to register properly with both NSS databases. (BZ#991515)

In addition, this update adds the following enhancement:

* Support for tokens containing Elliptic Curve Cryptography (ECC) certificates
has been added to the coolkey packages so the coolkey library now works with ECC
provisioned cards. (BZ#951272)

Users of coolkey are advised to upgrade to these updated packages, which fix
these bugs and add this enhancement.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
coolkey-1.1.0-31.el6.src.rpm
File outdated by:  RHBA-2017:0776
    MD5: 28630ed8664126fa161e79825ffd337b
SHA-256: a90c0b781f4be39a1be3ab5d08e59130ffe709a239423df243ed0301bf1faaf3
 
IA-32:
coolkey-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: 5a0dfe57ba98f2e432293c927956d466
SHA-256: 65aa6644ba0173926dff023d144046d45393b442907b84f147a5b63398a2fabd
coolkey-debuginfo-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: df991a7b653efc65038b43a63c75cf14
SHA-256: 9ca73fe7a85c4d5262ea9d334d890aa7846d0566cd5f43b1588a7d92b71e3d7e
coolkey-devel-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: ca03862fa3c72485655ee55ba1b4f4d5
SHA-256: 1615c81cd214f2a23787c5b6517cca9162b3c9015c6f545b89821b382bcc01b5
 
x86_64:
coolkey-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: 5a0dfe57ba98f2e432293c927956d466
SHA-256: 65aa6644ba0173926dff023d144046d45393b442907b84f147a5b63398a2fabd
coolkey-1.1.0-31.el6.x86_64.rpm
File outdated by:  RHBA-2017:0776
    MD5: 0991bd18fb2a8cc88e37fe849d899432
SHA-256: 347adc24be74c52363f312b12b0bc44bc6dc6ea53545fb369958481bf2ed0aef
coolkey-debuginfo-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: df991a7b653efc65038b43a63c75cf14
SHA-256: 9ca73fe7a85c4d5262ea9d334d890aa7846d0566cd5f43b1588a7d92b71e3d7e
coolkey-debuginfo-1.1.0-31.el6.x86_64.rpm
File outdated by:  RHBA-2017:0776
    MD5: 4213b0e5b965c534317ee737a5a9f854
SHA-256: f7eab29d480826a71080f4e9b0422f63f89220bb48a76734f93b40f86606318a
coolkey-devel-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: ca03862fa3c72485655ee55ba1b4f4d5
SHA-256: 1615c81cd214f2a23787c5b6517cca9162b3c9015c6f545b89821b382bcc01b5
coolkey-devel-1.1.0-31.el6.x86_64.rpm
File outdated by:  RHBA-2017:0776
    MD5: 63a720b05e8419f42aeb9f1eaf4fc8f6
SHA-256: c874f8d81f91bff802b62106b20b168cfcd2826ae7f44f7801ffe751daa8da90
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
coolkey-1.1.0-31.el6.src.rpm
File outdated by:  RHBA-2017:0776
    MD5: 28630ed8664126fa161e79825ffd337b
SHA-256: a90c0b781f4be39a1be3ab5d08e59130ffe709a239423df243ed0301bf1faaf3
 
IA-32:
coolkey-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: 5a0dfe57ba98f2e432293c927956d466
SHA-256: 65aa6644ba0173926dff023d144046d45393b442907b84f147a5b63398a2fabd
coolkey-debuginfo-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: df991a7b653efc65038b43a63c75cf14
SHA-256: 9ca73fe7a85c4d5262ea9d334d890aa7846d0566cd5f43b1588a7d92b71e3d7e
coolkey-devel-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: ca03862fa3c72485655ee55ba1b4f4d5
SHA-256: 1615c81cd214f2a23787c5b6517cca9162b3c9015c6f545b89821b382bcc01b5
 
PPC:
coolkey-1.1.0-31.el6.ppc.rpm
File outdated by:  RHBA-2017:0776
    MD5: 6c71e55704c39928b4ee0b525bc81ff4
SHA-256: 0085d39661ae45933ab104ca781c653c37921409d84a6a5e5af7d2c58251e063
coolkey-1.1.0-31.el6.ppc64.rpm
File outdated by:  RHBA-2017:0776
    MD5: ab469161de09ca78bf29ee6798c11581
SHA-256: af7fe9a0215a9a718a4b21b99f6fadca0c03d5dfabb1bd86f7645ce1ee6f8cb2
coolkey-debuginfo-1.1.0-31.el6.ppc.rpm
File outdated by:  RHBA-2017:0776
    MD5: a153205822df5b3387d9afe1c6ad9114
SHA-256: 028aeb47fc61ee2fffa76324e44e226280ba270d5eede43c4e4b2c5fe965dd0a
coolkey-debuginfo-1.1.0-31.el6.ppc64.rpm
File outdated by:  RHBA-2017:0776
    MD5: 5146700a0c7c809180de905600bea900
SHA-256: f06d1146e003a4a82822ff324694390ad16ccb5b50a05815c77148593418bfe2
coolkey-devel-1.1.0-31.el6.ppc.rpm
File outdated by:  RHBA-2017:0776
    MD5: ae818cd98e4520304f132670ce2b7dfd
SHA-256: 8816713ffdf3ecfd60fb0213a68ab8e22d19332f605e51836de4bb1478c9e0bf
coolkey-devel-1.1.0-31.el6.ppc64.rpm
File outdated by:  RHBA-2017:0776
    MD5: 570eacbbb2ebd9f0de6db9357ec17df7
SHA-256: 9de171467d8e08ef81663a8a5597f90fb2208e52bb92031840126080d007cf4d
 
x86_64:
coolkey-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: 5a0dfe57ba98f2e432293c927956d466
SHA-256: 65aa6644ba0173926dff023d144046d45393b442907b84f147a5b63398a2fabd
coolkey-1.1.0-31.el6.x86_64.rpm
File outdated by:  RHBA-2017:0776
    MD5: 0991bd18fb2a8cc88e37fe849d899432
SHA-256: 347adc24be74c52363f312b12b0bc44bc6dc6ea53545fb369958481bf2ed0aef
coolkey-debuginfo-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: df991a7b653efc65038b43a63c75cf14
SHA-256: 9ca73fe7a85c4d5262ea9d334d890aa7846d0566cd5f43b1588a7d92b71e3d7e
coolkey-debuginfo-1.1.0-31.el6.x86_64.rpm
File outdated by:  RHBA-2017:0776
    MD5: 4213b0e5b965c534317ee737a5a9f854
SHA-256: f7eab29d480826a71080f4e9b0422f63f89220bb48a76734f93b40f86606318a
coolkey-devel-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: ca03862fa3c72485655ee55ba1b4f4d5
SHA-256: 1615c81cd214f2a23787c5b6517cca9162b3c9015c6f545b89821b382bcc01b5
coolkey-devel-1.1.0-31.el6.x86_64.rpm
File outdated by:  RHBA-2017:0776
    MD5: 63a720b05e8419f42aeb9f1eaf4fc8f6
SHA-256: c874f8d81f91bff802b62106b20b168cfcd2826ae7f44f7801ffe751daa8da90
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
coolkey-1.1.0-31.el6.src.rpm
File outdated by:  RHBA-2017:0776
    MD5: 28630ed8664126fa161e79825ffd337b
SHA-256: a90c0b781f4be39a1be3ab5d08e59130ffe709a239423df243ed0301bf1faaf3
 
IA-32:
coolkey-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: 5a0dfe57ba98f2e432293c927956d466
SHA-256: 65aa6644ba0173926dff023d144046d45393b442907b84f147a5b63398a2fabd
coolkey-debuginfo-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: df991a7b653efc65038b43a63c75cf14
SHA-256: 9ca73fe7a85c4d5262ea9d334d890aa7846d0566cd5f43b1588a7d92b71e3d7e
coolkey-devel-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: ca03862fa3c72485655ee55ba1b4f4d5
SHA-256: 1615c81cd214f2a23787c5b6517cca9162b3c9015c6f545b89821b382bcc01b5
 
x86_64:
coolkey-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: 5a0dfe57ba98f2e432293c927956d466
SHA-256: 65aa6644ba0173926dff023d144046d45393b442907b84f147a5b63398a2fabd
coolkey-1.1.0-31.el6.x86_64.rpm
File outdated by:  RHBA-2017:0776
    MD5: 0991bd18fb2a8cc88e37fe849d899432
SHA-256: 347adc24be74c52363f312b12b0bc44bc6dc6ea53545fb369958481bf2ed0aef
coolkey-debuginfo-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: df991a7b653efc65038b43a63c75cf14
SHA-256: 9ca73fe7a85c4d5262ea9d334d890aa7846d0566cd5f43b1588a7d92b71e3d7e
coolkey-debuginfo-1.1.0-31.el6.x86_64.rpm
File outdated by:  RHBA-2017:0776
    MD5: 4213b0e5b965c534317ee737a5a9f854
SHA-256: f7eab29d480826a71080f4e9b0422f63f89220bb48a76734f93b40f86606318a
coolkey-devel-1.1.0-31.el6.i686.rpm
File outdated by:  RHBA-2017:0776
    MD5: ca03862fa3c72485655ee55ba1b4f4d5
SHA-256: 1615c81cd214f2a23787c5b6517cca9162b3c9015c6f545b89821b382bcc01b5
coolkey-devel-1.1.0-31.el6.x86_64.rpm
File outdated by:  RHBA-2017:0776
    MD5: 63a720b05e8419f42aeb9f1eaf4fc8f6
SHA-256: c874f8d81f91bff802b62106b20b168cfcd2826ae7f44f7801ffe751daa8da90
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1002222 - Screen Lock when Smart Card is removed fails
1005334 - Unable to login using smart card after adding the coolkey module to /etc/pki/nssdb
1013658 - Brand new applet-less cards not recognized.
806038 - Coolkey always creates a phantom EGate reader even when no reader exists.
906537 - CAC card ( Gemalto GCX4 72k) shows invalid-signature message during pkinit
991515 - Coolkey not registered in /etc/pki/nssdb/pkcs11.txt



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/