SupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

7.4. RHEA-2013:1626 — new packages: p11-kit

New p11-kit packages are now available for Red Hat Enterprise Linux 6.
The p11-kit package provides a mechanism to manage PKCS#11 modules. The p11-kit-trust subpackage includes a PKCS#11 trust module that provides certificate anchors and black lists based on configuration files.
This enhancement update adds the p11-kit packages to Red Hat Enterprise Linux 6. (BZ#915798)
* Red Hat Enterprise Linux 6.5 provides the p11-kit package to implement the Shared System Certificates feature. If enabled by the administrator, it ensures system-wide trust store of static data that is used by crypto toolkits as input for certificate trust decisions. (BZ#977886)
These new packages had several bugs fixed during testing:
* Support for using the freebl3 library for the SHA1 and MD5 cryptographic hash functions has been added even though the hashing is done in a strictly non-cryptographic context. (BZ#983384)
* All file handles opened by p11-kit are created with the O_CLOEXEC flag, so that they are automatically closed on the execve() function and do not leak to subprocesses. (BZ#984986)
* When expanding the "$HOME" variable or the "~/" path for SUID and SGID programs, the expand_home() function returns NULL. This change allows for avoiding vulnerabilities that could occur if SUID or SGID programs accidentally trusted this environment. Also, documentation concerning the fact that user directories are not read for SUID/SGID programs has been added. (BZ#985014)
* Users need to use the standard environment $TMPDIR variable for locating the temp directory. (BZ#985017)
* If a critical module fails to initialize, module initialization stops and the user is informed about the failure. (BZ#985023)
* The p11_kit_space_strlen() function returns a "0" value for empty strings. (BZ#985416)
* Arguments of the size_t variable are correctly passed to the "p11_hash_xxx" functions. (BZ#985421)
* Changes in the code ensures that the memdup() function is not called with a zero length or NULL pointers. (BZ#985433)
All users who require the Shared System Certificates feature are advised to install these new packages.
Red Hat logoGithubRedditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita ilBlog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

© 2024 Red Hat, Inc.