Last Modified: May 23, 2019
See more info
Known Affected Versions:
14.1.0, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 15.0.0
Opened: Mar 28, 2018
DNSSEC keys that use an external FIPS device are not generated, and an SELinux denial is reported in /var/log/auditd/audit.log. The logged permission denial should indicate that a process running under the 'mcpd_t' SELinux context was denied the 'execmem' permission.
DNSSEC keys will not be generated when configured to use the external FIPS device.
-- A device is configured with one or more DNSSEC keys that are configured to be generated by an external FIPS device (indicated by the 'use-fips' option being set to 'external'). -- An unpatched version of the Thales client software be in use on the device.
Update the version of the Thales client software that is in use on the device.