|Summary:||[FIPS140][RHEL6] kernel module should failed to load if DSA signature check fails when FIPS mode is on [rhel-6.0.z]|
|Product:||Red Hat Enterprise Linux 6||Reporter:||RHEL Program Management <pm-rhel>|
|Component:||kernel||Assignee:||Frantisek Hrbata <fhrbata>|
|Status:||CLOSED ERRATA||QA Contact:||yanfu,wang <yanwang>|
|Version:||6.1||CC:||dhoward, dhowells, dzickus, emcnabb, jcm, jpirko, jrieden, jwest, lwang, plyons, pm-eus, qcai, sgrubb, smueller, syeghiay, yanwang|
|Fixed In Version:||kernel-2.6.32-71.1.1.el6||Doc Type:||Bug Fix|
Previously, a kernel module not shipped by Red Hat was successfully loaded when the FIPS boot option was enabled. With this update, kernel self-integrity is improved by rejecting to load kernel modules which are not shipped by Red Hat when the FIPS boot option is enabled.
|Last Closed:||2010-11-10 19:09:59 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||625914|
Description RHEL Program Management 2010-09-14 14:49:44 UTC
This bug has been copied from bug #625914 and has been proposed to be backported to 6.0 z-stream (EUS).
Comment 3 Frantisek Hrbata 2010-09-16 10:53:17 UTC
Comment 6 errata-xmlrpc 2010-11-10 19:09:59 UTC
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2010-0842.html
Comment 7 Martin Prpič 2010-11-11 11:47:59 UTC
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Previously, a kernel module not shipped by Red Hat was successfully loaded when the FIPS boot option was enabled. With this update, kernel self-integrity is improved by rejecting to load kernel modules which are not shipped by Red Hat when the FIPS boot option is enabled.