Enhancement Advisory new packages: p11-kit

Advisory: RHEA-2013:1626-1
Type: Product Enhancement Advisory
Severity: N/A
Issued on: 2013-11-20
Last updated on: 2013-11-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

New p11-kit packages are now available for Red Hat Enterprise Linux 6.

The p11-kit package provides a mechanism to manage PKCS#11 modules. The
p11-kit-trust subpackage includes a PKCS#11 trust module that provides
certificate anchors and black lists based on configuration files.

This enhancement update adds the p11-kit packages to Red Hat Enterprise Linux 6.
(BZ#915798)

* Red Hat Enterprise Linux 6.5 provides the p11-kit package to implement
the Shared System Certificates feature. If enabled by the administrator,
it ensures system-wide trust store of static data that is used by crypto
toolkits as input for certificate trust decisions. (BZ#977886)

These new packages had several bugs fixed during testing:

* Support for using the freebl3 library for the SHA1 and MD5 cryptographic hash
functions has been added even though the hashing is done in a strictly
non-cryptographic context. (BZ#983384)

* All file handles opened by p11-kit are created with the O_CLOEXEC
flag, so that they are automatically closed on the execve() function and
do not leak to subprocesses. (BZ#984986)

* When expanding the "$HOME" variable or the "~/" path for SUID and SGID
programs, the expand_home() function returns NULL. This change allows for
avoiding vulnerabilities that could occur if SUID or SGID programs accidentally
trusted this environment. Also, documentation concerning the fact that user
directories are not read for SUID/SGID programs has been added. (BZ#985014)

* Users need to use the standard environment $TMPDIR variable for locating the
temp directory. (BZ#985017)

* If a critical module fails to initialize, module initialization stops and the
user is informed about the failure. (BZ#985023)

* The p11_kit_space_strlen() function returns a "0" value for empty strings.
(BZ#985416)

* Arguments of the size_t variable are correctly passed to the "p11_hash_xxx"
functions. (BZ#985421)

* Changes in the code ensures that the memdup() function is not called with a
zero length or NULL pointers. (BZ#985433)

All users who require the Shared System Certificates feature are advised
to install these new packages.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
p11-kit-0.18.5-2.el6.src.rpm
File outdated by:  RHBA-2014:0098
    MD5: 4d5b5c2ef305f80acb4fc6ced6d795ed
SHA-256: 40043e3490219bd6fa4f318004397230fac753a7538903915588991c023b1200
 
IA-32:
p11-kit-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 2bce407750b7ce0677bf194bd232e19c
SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: ac1dc143d5130aedc8961dd5533986a3
SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-devel-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 1ad05e9d0db1ef8a9f2a44844b0199e0
SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-trust-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 0c2fb7fafe230f6fa6527b4ac0de1fe4
SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
 
x86_64:
p11-kit-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 2bce407750b7ce0677bf194bd232e19c
SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 9314bd763a80feb2b986e230649c11bd
SHA-256: a05d149d676963cdafe1f843dfee31e3d2df615671778c12071eaeaea8acbf39
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: ac1dc143d5130aedc8961dd5533986a3
SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: b0e669a7f853cf2e99e8638728671774
SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-devel-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 1ad05e9d0db1ef8a9f2a44844b0199e0
SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-devel-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 773f6bac71280c99d57604a30dc5c85a
SHA-256: 813fd1ce691e1d24e0b6fb132c0d1137b4f42aba6d79fe17781556b7c4ef8112
p11-kit-trust-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 0c2fb7fafe230f6fa6527b4ac0de1fe4
SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
p11-kit-trust-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 6ee35b23d756ee81b64ff9817f4296a3
SHA-256: ff17cfe9eadbd89bd70bdac9efb0825428c01e21299ad85e7f95e3687b888b2e
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
p11-kit-0.18.5-2.el6.src.rpm
File outdated by:  RHBA-2014:0098
    MD5: 4d5b5c2ef305f80acb4fc6ced6d795ed
SHA-256: 40043e3490219bd6fa4f318004397230fac753a7538903915588991c023b1200
 
x86_64:
p11-kit-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 2bce407750b7ce0677bf194bd232e19c
SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 9314bd763a80feb2b986e230649c11bd
SHA-256: a05d149d676963cdafe1f843dfee31e3d2df615671778c12071eaeaea8acbf39
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: ac1dc143d5130aedc8961dd5533986a3
SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: b0e669a7f853cf2e99e8638728671774
SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-devel-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 1ad05e9d0db1ef8a9f2a44844b0199e0
SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-devel-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 773f6bac71280c99d57604a30dc5c85a
SHA-256: 813fd1ce691e1d24e0b6fb132c0d1137b4f42aba6d79fe17781556b7c4ef8112
p11-kit-trust-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 0c2fb7fafe230f6fa6527b4ac0de1fe4
SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
p11-kit-trust-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 6ee35b23d756ee81b64ff9817f4296a3
SHA-256: ff17cfe9eadbd89bd70bdac9efb0825428c01e21299ad85e7f95e3687b888b2e
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
p11-kit-0.18.5-2.el6.src.rpm
File outdated by:  RHBA-2014:0098
    MD5: 4d5b5c2ef305f80acb4fc6ced6d795ed
SHA-256: 40043e3490219bd6fa4f318004397230fac753a7538903915588991c023b1200
 
IA-32:
p11-kit-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 2bce407750b7ce0677bf194bd232e19c
SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: ac1dc143d5130aedc8961dd5533986a3
SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-devel-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 1ad05e9d0db1ef8a9f2a44844b0199e0
SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-trust-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 0c2fb7fafe230f6fa6527b4ac0de1fe4
SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
 
PPC:
p11-kit-0.18.5-2.el6.ppc.rpm
File outdated by:  RHBA-2014:0098
    MD5: 6c26aa0adbdf5d93da97b411adbd2c67
SHA-256: c8b15e21513388ee4952f544a38e0090a790b7e89b71ac52832f12a053ab2076
p11-kit-0.18.5-2.el6.ppc64.rpm
File outdated by:  RHBA-2014:0098
    MD5: fd23c7ecc61ecf62fa363bd68d33aee8
SHA-256: 2228fe003f8531e23ae44c1a97733507763617f87b017684bc3b10157c27d595
p11-kit-debuginfo-0.18.5-2.el6.ppc.rpm
File outdated by:  RHBA-2014:0098
    MD5: 91840cfa992d2c2d3a85b2d27820785d
SHA-256: 3f1c2fc1d7a15139a0c3e6764df503cc68f7228aefceb62926d576d62c49dfb7
p11-kit-debuginfo-0.18.5-2.el6.ppc64.rpm
File outdated by:  RHBA-2014:0098
    MD5: e5b51c957887c84cab4ac03be785eb78
SHA-256: 6fadb8f42e964dc76fc614bae1411dc6157f3a8779c104837830d59c753232ff
p11-kit-devel-0.18.5-2.el6.ppc.rpm
File outdated by:  RHBA-2014:0098
    MD5: 6a2253e01d3f1316c7700188f9254a35
SHA-256: 1a20d33fcbfcfdffe1a8bda00f28da228368487a6d74a01f70af7ccc1046894a
p11-kit-devel-0.18.5-2.el6.ppc64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 8d095c4e526292868f2359f32d922a04
SHA-256: c7dbf2fbb0e0b52b6b5460cde2d4ba577c4df80e75d407c68793aa76c924b785
p11-kit-trust-0.18.5-2.el6.ppc64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 7f8d6917495d8f78dd0c1b551c4c8d2d
SHA-256: ded238ffac6987fda43d1478621b6f11cfa6cf3651972014d80c78e41c87f9e8
 
s390x:
p11-kit-0.18.5-2.el6.s390.rpm
File outdated by:  RHBA-2014:0098
    MD5: 0f04297e6efabc8ca4cd67ad63467dd5
SHA-256: 79fffe2a84da8f7b526d77244b5d5a1fe6a206260de66665ef1924b68fc4571f
p11-kit-0.18.5-2.el6.s390x.rpm
File outdated by:  RHBA-2014:0098
    MD5: 6f462d15310cc5b0e2d2e8a59d653a31
SHA-256: 846f76b8cfa1e039e11b5660de4684032286f8a49d5d5576cdf4423fadf98cd2
p11-kit-debuginfo-0.18.5-2.el6.s390.rpm
File outdated by:  RHBA-2014:0098
    MD5: 4babf16d6eee001c1d50f9ed19205ce3
SHA-256: 66b45b33e88c1edfcd71d30ab44baffac86fe2b8f33d8063d1ff9b3dfbf4778c
p11-kit-debuginfo-0.18.5-2.el6.s390x.rpm
File outdated by:  RHBA-2014:0098
    MD5: 77fd9569e4840172267f427fc8960cf8
SHA-256: a4f9d9fad5c69263f2565768b1267ad07665825d1319ae1399791df3f8e30800
p11-kit-devel-0.18.5-2.el6.s390.rpm
File outdated by:  RHBA-2014:0098
    MD5: 5c59d1017574bb3905a1dff4869bab7a
SHA-256: bc7bc3c388811190ccff61018e441e4bc31927c843c3c36d8e94dc2f4c53967b
p11-kit-devel-0.18.5-2.el6.s390x.rpm
File outdated by:  RHBA-2014:0098
    MD5: 530b3cde98fbebf389273c5c2a79cf04
SHA-256: cfdafababca364be6db8b688d6e68a18ffb98cca7464e2333eaac3c4a9e8a436
p11-kit-trust-0.18.5-2.el6.s390x.rpm
File outdated by:  RHBA-2014:0098
    MD5: 033bb19cb6bb41de3c60bcbf010a26e7
SHA-256: 2abd6ef4220cde52176b0cbbdfced4e7a044b3f1f8b095c8875707f6082d66db
 
x86_64:
p11-kit-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 2bce407750b7ce0677bf194bd232e19c
SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 9314bd763a80feb2b986e230649c11bd
SHA-256: a05d149d676963cdafe1f843dfee31e3d2df615671778c12071eaeaea8acbf39
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: ac1dc143d5130aedc8961dd5533986a3
SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: b0e669a7f853cf2e99e8638728671774
SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-devel-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 1ad05e9d0db1ef8a9f2a44844b0199e0
SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-devel-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 773f6bac71280c99d57604a30dc5c85a
SHA-256: 813fd1ce691e1d24e0b6fb132c0d1137b4f42aba6d79fe17781556b7c4ef8112
p11-kit-trust-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 0c2fb7fafe230f6fa6527b4ac0de1fe4
SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
p11-kit-trust-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 6ee35b23d756ee81b64ff9817f4296a3
SHA-256: ff17cfe9eadbd89bd70bdac9efb0825428c01e21299ad85e7f95e3687b888b2e
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
p11-kit-0.18.5-2.el6.src.rpm
File outdated by:  RHBA-2014:0098
    MD5: 4d5b5c2ef305f80acb4fc6ced6d795ed
SHA-256: 40043e3490219bd6fa4f318004397230fac753a7538903915588991c023b1200
 
IA-32:
p11-kit-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 2bce407750b7ce0677bf194bd232e19c
SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: ac1dc143d5130aedc8961dd5533986a3
SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-devel-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 1ad05e9d0db1ef8a9f2a44844b0199e0
SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-trust-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 0c2fb7fafe230f6fa6527b4ac0de1fe4
SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
 
x86_64:
p11-kit-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 2bce407750b7ce0677bf194bd232e19c
SHA-256: 468aeb766bf2b291175e750a48031ca62d6745fd8c1276ba07b8dbad20d1d249
p11-kit-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 9314bd763a80feb2b986e230649c11bd
SHA-256: a05d149d676963cdafe1f843dfee31e3d2df615671778c12071eaeaea8acbf39
p11-kit-debuginfo-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: ac1dc143d5130aedc8961dd5533986a3
SHA-256: 3376af72fa95ccca7c043a7ab97b6ae24497dafbe93358d09ee6d19dc8c8b1d2
p11-kit-debuginfo-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: b0e669a7f853cf2e99e8638728671774
SHA-256: 3dd337854352b92ca70784fc58df01f0d421bca1c421fbeff4b9e2c42bc90bd6
p11-kit-devel-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 1ad05e9d0db1ef8a9f2a44844b0199e0
SHA-256: 44a1e1c0b35cc3a5bc41fca55456a92d9eab906c48867adec7a30c1aaa8bbd7a
p11-kit-devel-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 773f6bac71280c99d57604a30dc5c85a
SHA-256: 813fd1ce691e1d24e0b6fb132c0d1137b4f42aba6d79fe17781556b7c4ef8112
p11-kit-trust-0.18.5-2.el6.i686.rpm
File outdated by:  RHBA-2014:0098
    MD5: 0c2fb7fafe230f6fa6527b4ac0de1fe4
SHA-256: c65359338ace36865bdab77123ac559dd2004cdabe4514334a10aef1d0f4b7c8
p11-kit-trust-0.18.5-2.el6.x86_64.rpm
File outdated by:  RHBA-2014:0098
    MD5: 6ee35b23d756ee81b64ff9817f4296a3
SHA-256: ff17cfe9eadbd89bd70bdac9efb0825428c01e21299ad85e7f95e3687b888b2e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

985017 - p11-kit: TEMP environment variable
985023 - p11-kit: _p11_kit_initialize_registered_unlocked_reentrant and module load failure
985416 - p11-kit: p11_kit_space_strlen returns wrong value for empty string
985421 - p11-kit: type mismatch in varargs
985433 - p11-kit: memdup inconsistent



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/