검색

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

7.4. RHEA-2013:1626 — new packages: p11-kit

download PDF
New p11-kit packages are now available for Red Hat Enterprise Linux 6.
The p11-kit package provides a mechanism to manage PKCS#11 modules. The p11-kit-trust subpackage includes a PKCS#11 trust module that provides certificate anchors and black lists based on configuration files.
This enhancement update adds the p11-kit packages to Red Hat Enterprise Linux 6. (BZ#915798)
* Red Hat Enterprise Linux 6.5 provides the p11-kit package to implement the Shared System Certificates feature. If enabled by the administrator, it ensures system-wide trust store of static data that is used by crypto toolkits as input for certificate trust decisions. (BZ#977886)
These new packages had several bugs fixed during testing:
* Support for using the freebl3 library for the SHA1 and MD5 cryptographic hash functions has been added even though the hashing is done in a strictly non-cryptographic context. (BZ#983384)
* All file handles opened by p11-kit are created with the O_CLOEXEC flag, so that they are automatically closed on the execve() function and do not leak to subprocesses. (BZ#984986)
* When expanding the "$HOME" variable or the "~/" path for SUID and SGID programs, the expand_home() function returns NULL. This change allows for avoiding vulnerabilities that could occur if SUID or SGID programs accidentally trusted this environment. Also, documentation concerning the fact that user directories are not read for SUID/SGID programs has been added. (BZ#985014)
* Users need to use the standard environment $TMPDIR variable for locating the temp directory. (BZ#985017)
* If a critical module fails to initialize, module initialization stops and the user is informed about the failure. (BZ#985023)
* The p11_kit_space_strlen() function returns a "0" value for empty strings. (BZ#985416)
* Arguments of the size_t variable are correctly passed to the "p11_hash_xxx" functions. (BZ#985421)
* Changes in the code ensures that the memdup() function is not called with a zero length or NULL pointers. (BZ#985433)
All users who require the Shared System Certificates feature are advised to install these new packages.
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.