このコンテンツは選択した言語では利用できません。

7.4. RHEA-2013:1626 — new packages: p11-kit


New p11-kit packages are now available for Red Hat Enterprise Linux 6.
The p11-kit package provides a mechanism to manage PKCS#11 modules. The p11-kit-trust subpackage includes a PKCS#11 trust module that provides certificate anchors and black lists based on configuration files.
This enhancement update adds the p11-kit packages to Red Hat Enterprise Linux 6. (BZ#915798)
* Red Hat Enterprise Linux 6.5 provides the p11-kit package to implement the Shared System Certificates feature. If enabled by the administrator, it ensures system-wide trust store of static data that is used by crypto toolkits as input for certificate trust decisions. (BZ#977886)
These new packages had several bugs fixed during testing:
* Support for using the freebl3 library for the SHA1 and MD5 cryptographic hash functions has been added even though the hashing is done in a strictly non-cryptographic context. (BZ#983384)
* All file handles opened by p11-kit are created with the O_CLOEXEC flag, so that they are automatically closed on the execve() function and do not leak to subprocesses. (BZ#984986)
* When expanding the "$HOME" variable or the "~/" path for SUID and SGID programs, the expand_home() function returns NULL. This change allows for avoiding vulnerabilities that could occur if SUID or SGID programs accidentally trusted this environment. Also, documentation concerning the fact that user directories are not read for SUID/SGID programs has been added. (BZ#985014)
* Users need to use the standard environment $TMPDIR variable for locating the temp directory. (BZ#985017)
* If a critical module fails to initialize, module initialization stops and the user is informed about the failure. (BZ#985023)
* The p11_kit_space_strlen() function returns a "0" value for empty strings. (BZ#985416)
* Arguments of the size_t variable are correctly passed to the "p11_hash_xxx" functions. (BZ#985421)
* Changes in the code ensures that the memdup() function is not called with a zero length or NULL pointers. (BZ#985433)
All users who require the Shared System Certificates feature are advised to install these new packages.
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.