manualshive.com logo in svg

Red Hat CERTIFICATE 7.3 RELEASE NOTES, Руководство по выпуску

Релизные заметки Red Hat Certificate 7.3 предоставляют пользователям подробное описание новых функций и улучшений. Скачайте бесплатное пользовательское руководство с manualshive.com и ознакомьтесь с последней версией продукта. Узнайте все возможности и обновления, чтобы эффективно использовать эту сертификацию в вашем бизнесе.

Поделиться
Скачать
background image

Release Notes

8

Bug

Description

Errata RHSA-2007-0829

1

Bug #239660

CVE-2007-2435 javaws vulnerabilities

Bug #250725

CVE-2007-2788 Integer overflow in the
embedded ICC profile image parser in Sun Java
Development Kit

Bug #250729

CVE-2007-2789 BMP image parser vulnerability

Bug #242595

CVE-2007-3004 Integer overflow in IBM JDK's
ICC profile parser

Bug #250733

CVE-2007-3005 Unspecified vulnerability in Sun
JRE

Bug #246765

CVE-2007-3503 HTML files generated with
Javadoc are vulnerable to a XSS

Bug #248864

CVE-2007-3655 A buffer overflow vulnerability in
Java Web Start URL parsing code

Bug #249533

CVE-2007-3922 Vulnerability in the Java
Runtime Environment May Allow an Untrusted
Applet to Circumvent Network Access
Restrictions

Errata RHSA-2010-0130

2

Bug #533125

CVE-2009-3555 TLS: MITM attacks via session
renegotiation

Table 2. CVEs Fixed in JRE/JDK Errata Updates

3.3.1.2. Installing the Required JRE and JDK on Red Hat Enterprise Linux 4

1. Download the 

java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4

 and 

java-1.5.0-ibm-

devel-1.5.0.11.1-1jpp.3.el4

 packages from the latest errata update, 

Errata

RHSA-2010-0130

3

.

2. Install the packages. For example, for the 32-bit packages:

rpm --Uvh java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-
devel-1.5.0.11.1-1jpp.3.el4.i386.rpm

3. Make sure that the IBM Java 1.5.0 is selected as the default JRE and the the IBM 5.0 JDK is

available:

/usr/sbin/alternatives ---config java

  

There are 2 programs which provide -'java'.

  Selection    Command
-----------------------------------------------
*+ 1           -/usr/lib/jvm/jre-1.5.0-ibm/bin/java
   2           -/usr/lib/jvm/jre-1.4.2-sun/bin/java

Enter to keep the current sel], or type selection number: 1

/usr/sbin/alternatives ---config javac

  

Содержание CERTIFICATE 7.3 RELEASE NOTES

Страница 1: ...e law Red Hat Red Hat Enterprise Linux the Shadowman logo JBoss MetaMatrix Fedora the Infinity Logo and RHCE are trademarks of Red Hat Inc registered in the United States and other countries Linux is the registered trademark of Linus Torvalds in the United States and other countries All other trademarks are the property of their respective owners 1801 Varsity Drive Raleigh NC 27606 2072 USA Phone ...

Страница 2: ...ed Hat Certificate System 1 New Features in Red Hat Certificate System 7 3 1 1 Registration Authority Red Hat Certificate System 7 3 supports a stand alone Registration Authority RA which supports the automatic issue of certificates to devices and servers The RA subsystem is a front end subsystem to the Certificate Authority CA and it performs local authentication requestor information gathering a...

Страница 3: ...Certificate Request is pending SCEP specifies two modes of operation RA mode CA mode In RA mode the enrollment request is encrypted with the RA signing certificate In CA mode the request is encrypted with the CA signing certificate The current Certificate System RA adn CA subsystems are implement so that SCEP is only supported in CA mode 1 3 Auto enrollment Proxy Red Hat Certificate System 7 3 sup...

Страница 4: ...S 4 for AMD64 and Intel EM64T Sun Solaris 9 for SPARC 64 bit 2 1 1 Server Requirements Component Details CPU Intel 2 0 GHz Pentium 4 or faster RAM 1 GB required Hard disk storage space Total is approximately 5 GB Total transient space required during installation 1 GB Hard disk storage space required for installation Space required to set up configure and run the server approximately 2 GB Addition...

Страница 5: ...oft Windows XP Professional i386 Red Hat Enterprise Linux AS 4 i386 Red Hat Enterprise Linux ES 4 i386 Red Hat Enterprise Linux AS 4 for AMD64 and Intel EM64T Red Hat Enterprise Linux ES 4 for AMD64 and Intel EM64T 2 3 Other Required Software Red Hat Directory Server 7 1 The source code and binaries for this component are available at https rhn redhat com through the Red Hat Directory Server 7 1 c...

Страница 6: ...e code for Red Hat Directory Server 7 1 is included with the ISO image downloaded for the 32 bit Red Hat Enterprise Linux version Red Hat Certificate System itself is not yet open source Red Hat Enterprise Linux systems can upgrade or download Red Hat Certificate System using up2date 3 2 Installation Notes Packages are non relocatable The Red Hat Certificate System base packages can not be install...

Страница 7: ...386 rpm JRE java 1 5 0 ibm devel 1 5 0 11 1 1jpp 3 el4 i386 rpm JDK These packages are recommended for 64 bit Red Hat Enterprise Linux systems java 1 5 0 ibm 1 5 0 11 1 1jpp 3 el4 1 x86_64 rpm JRE java 1 5 0 ibm devel 1 5 0 11 1 1jpp 3 el4 1 x86_64 rpm JDK WARNING Both the 32 bit xSeries Intel compatible and 64 bit AMD Opteron EM64T versions of the IBM J2SE JRE 5 0 RPM packages available through t...

Страница 8: ...strictions Errata RHSA 2010 0130 2 Bug 533125 CVE 2009 3555 TLS MITM attacks via session renegotiation Table 2 CVEs Fixed in JRE JDK Errata Updates 3 3 1 2 Installing the Required JRE and JDK on Red Hat Enterprise Linux 4 1 Download the java 1 5 0 ibm 1 5 0 11 1 1jpp 3 el4 and java 1 5 0 ibm devel 1 5 0 11 1 1jpp 3 el4 packages from the latest errata update Errata RHSA 2010 0130 3 2 Install the pa...

Страница 9: ...at Advance notification of Security Updates for Java SE 4 page from Sun Microsystems Bug Description Errata RHSA 2007 0963 5 Bug 321951 CVE 2007 5232 Security Vulnerability in Java Runtime Environment With Applet Caching Bug 321961 CVE 2007 5238 Vulnerabilities in Java Web Start allow to determine the location of the Java Web Start cache Bug 321981 CVE 2007 5239 Untrusted Application or Applet May...

Страница 10: ...empts to access some protected resource server initiated renegotiation asks client to authenticate with a certificate However the TLS SSL protocols did not use any mechanism to verify that session peers do not change during the session renegotiation Therefore a man in the middle attacker could use this flaw to open TLS SSL connections to the server send attacker chosen request to the server trigge...

Страница 11: ...t for information on what needs to be done for those clients It is unclear on when browser clients will have updates available and applied to use the new session renegotiation protocol If these clients aren t updated but the server is then the connections to the subsystem server may fail NOTE These changes are not required if all clients accessing Certificate Systems are upgraded to support RFC 57...

Страница 12: ...e in the uri line with the URL to the agent port The original line is uri profileSubmitSSLClient The updated line will look like the following uri https server example com 9444 ca ee ca profileSubmitSSLClient 7 Create a new end entities web services directory to contain the files for the new URL referenced in the ProfileSelect template file mkdir p var lib instance_name webapps ca ee ca cp var lib...

Страница 13: ...nt 100 scheme https secure true clientAuth true sslProtocol SSL 5 Restart the subsystem For example etc init d rhpki kra restart Procedure 3 For the OCSP and TKS 1 Update the NSS packages by installing the system nss packages up2date nss 2 Open the server xml file vim var lib instance_name conf server xml 3 Change the clientAuth directive in the agent connector to true For example Connector name A...

Страница 14: ...For example etc init d rhpki tps restart Procedure 5 For the RA 1 Update the NSS packages by installing the system nss packages and install the new RA packages up2date nss pki ra 2 On Linux systems only For an existing subsystem edit the init script to preload the system NSS library rather than dirsec nss vim etc init d instance_name 3 Remove the line LD_PRELOAD usr lib64 dirsec libssl3 so LD_PREL...

Страница 15: ... certificate to be renewed the first time they are asked to authenticate This is awkward To avoid this provide a second port to handle only end entity operations 1 Open the configuration directory cd var lib rhpki ra conf 2 Edit the nss conf file a At the top add another Listen line with a different port For example Listen 0 0 0 0 12889 b Search for an existing VirtualHost VirtualHost container co...

Страница 16: ...ure the logs manually so tha they can be viewed in the diagnostics window or with a text editor On Mac 1 Go to Applications ESC app Contents MacOS 2 Create an esc sh file as follows bin sh NSPR_LOG_FILE Library Application Support ESC Profiles esc log NSPR_LOG_MODULES tray 2 coolKeyLib 2 coolKey 2 coolKeyNSS 2 coolKeySmart 2 coolKeyHandler 2 BASE_DIR dirname 0 BASE_DIR xulrunner 3 Go to Applicatio...

Страница 17: ...ing the AEP proxy on Windows child domains where the local administrator does not have permission to modify the cn configuration tree in Active Directory The simplest workaround is to use the Run as option to authenticate as the primary domain controller administrator and to then try to modify the cn configuration This relates to the Populate AD option in AEP 234884 The Phone Home UI pops up for b...

Страница 18: ...sage similar to the following 1706 http 9080 Processor24 20 Apr 2007 05 47 23 PDT 20 3 CEP Enrollment Enrollment failed user used duplicate transaction ID To avoid this situation ensure that the Cisco router generates fresh sets of keys for SCEP enrollments 237353 If the user clicks a link in the agent interface too fast and too many times the server may return Broken pipe core_output_filter writi...

Страница 19: ...d as part of the operating system with its corresponding license located in usr share doc httpd version LICENSE the latest version of this server is available at the following URL http httpd apache org Red Hat Certificate System CA DRM OCSP and TKS subsystems use a locally installed Tomcat 5 5 web server Although an appropriate server is installed when any of these subsystems are installed the lat...

Страница 20: ...hino JavaScript for Java If any problems are found in this specific distribution the source code and build instructions for the latest version and potentially a binary image are available at the following URL http www mozilla org rhino index html 16 Red Hat Red Hat Certificate System requires a complete Red Hat Directory Server 7 1 binary and the open source portion of Certificate System is availa...

Страница 21: ...opyright 2002 by Olaf Kirch See license terms below for rights on both parts Some header files are from the pcsclite distribution Copyright 1999 David Corcoran MUSCLE smart card middleware and applets Copyright 1999 2002 David Corcoran Copyright 2002 Schlumberger Network Solution All rights reserved The following license terms govern the identified modules and libraries e gate Smart Card Drivers f...

Страница 22: ...r for Mac OS X Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclai...

Страница 23: ...OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 7 Document History Revision 7 3 4 April 10 2010 Ella Deon Lackey dlackey redhat com Revising JRE JDK section ...

Страница 24: ...24 ...

Отзывы:

Нет отзывов

Похожие инструкции для CERTIFICATE 7.3 RELEASE NOTES

Xerox C8 - DocuPrint Color Inkjet Printer User Manual preview
C8 - DocuPrint Color Inkjet Printer
Бренд: Xerox Страницы: 458
Xerox FreeFlow Important Installation Information preview
FreeFlow
Бренд: Xerox Страницы: 2
Xerox C8 - DocuPrint Color Inkjet Printer Manual preview
C8 - DocuPrint Color Inkjet Printer
Бренд: Xerox Страницы: 51
Novell IFOLDER 3 - ADMINISTRATION Manual preview
IFOLDER 3 - ADMINISTRATION
Бренд: Novell Страницы: 148
FARONICS DEEP FREEZER PROFESSIONAL Manual preview
DEEP FREEZER PROFESSIONAL
Бренд: FARONICS Страницы: 31
Novell EVOLUTION 2.6 Manual preview
EVOLUTION 2.6
Бренд: Novell Страницы: 126
Altigen AltiContact Manager Version 5.0 Administration Manual preview
AltiContact Manager Version 5.0
Бренд: Altigen Страницы: 542
Arturia Minimoog V Quick Start Manual preview
Minimoog V
Бренд: Arturia Страницы: 10
Nokia PC Suite 6.7 User Manual preview
PC Suite 6.7
Бренд: Nokia Страницы: 29
Nokia NetMonitor Manual preview
NetMonitor
Бренд: Nokia Страницы: 29
Nokia N71 Service Manual preview
N71
Бренд: Nokia Страницы: 35
Nokia NPS6113000 - Secure Access System Getting Started Manual preview
NPS6113000 - Secure Access System
Бренд: Nokia Страницы: 48
Nokia N73 - Smartphone 42 MB Service Manual & Parts Manual preview
N73 - Smartphone 42 MB
Бренд: Nokia Страницы: 354
Nokia N73 - Smartphone 42 MB User Manual preview
N73 - Smartphone 42 MB
Бренд: Nokia Страницы: 265
Nokia Network Voyager Reference Manual preview
Network Voyager
Бренд: Nokia Страницы: 700
Cabletron Systems 802.1Q VLAN User Manual preview
802.1Q VLAN
Бренд: Cabletron Systems Страницы: 92
FarmerGPS FarmerGPS User Manual preview
FarmerGPS
Бренд: FarmerGPS Страницы: 60
VBrick Systems VB Directory System User Manual preview
VB Directory System
Бренд: VBrick Systems Страницы: 21

Бренды по названию

Популярные бренды

Загрузить еще бренды