Este contenido no está disponible en el idioma seleccionado.

Chapter 33. Security


CardOS 5.3 smart cards with ECDSA support work correctly in OpenSC

Previously, OpenSC did not correctly parse the ECDSA algorithm in the TokenInfo information provided by CardOS 5.3 smart cards. As a consequence, OpenSC did not detect these cards. The TokenInfo parser has been updated and now complies with the PKCS #15 specification. As a result, CardOS 5.3 smart cards with ECDSA support work correctly in OpenSC. (BZ#1562277)

Non-CCID-compliant smart card readers work in OpenSC

Certain smart card readers implement PIN pad functionality that does not follow the chip card interface device (CCID) specification. Previously, OpenSC detected the PIN pad of such smart card readers, but the reader could not be used with OpenSC. With this update, the PIN pad detection has been disabled in OpenSC by default. As a result, non-CCID-compliant smart card readers can be used, but without the PIN pad feature. (BZ#1547117)

The pkcs11-tool utility now supports mechanism IDs and handles ECDSA keys correctly

Previously, the pkcs11-tool utility incorrectly handled EC_POINT values and support for certain vendor-specific mechanisms was missing. As a consequence, these mechanisms and certain ECDSA keys in hardware security modules (HSM) and smart cards were not supported by pkcs11-tool. With this update, the pkcs11-tool now handles EC_POINT values and vendor-specific mechanisms correctly. As a result, the utility now supports mechanism IDs and handles ECDSA keys correctly. (BZ#1562572)

OpenSCAP RPM verification rules no longer work incorrectly with VM and container file systems

Previously, the rpminfo, rpmverify, and rpmverifyfile probes did not fully support offline mode. As a consequence, OpenSCAP RPM verification rules did not work correctly when scanning virtual machine (VM) and container file systems in offline mode. With this update, support for offline mode has been fixed, and results of scanning VM and container file systems in offline mode no longer contain false negatives. (BZ#1556988)

sudo no longer blocks poll() for /dev/ptmx

Previously, when running a command through sudo that had the I/O logging enabled, a parent process of the command was occasionally blocked in the poll() function execution, waiting for an event on the /dev/ptmx file descriptor. Consequently, a deadlock occurred and sudo might leave the process of the command in an unresponsive state. This update adds a pseudoterminal cleanup logic, and sudo no longer causes a deadlock in the described scenario. (BZ#1560657)
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.