Linux Patch Notes for CTE v7.8.0
Patch Information | |
---|---|
Release | v7.8.0.101 |
Date | 2025-08-12 |
Document version | 1 |
New Features and Enhancements
New Platform Supported
-
RHEL 10
See Upgrading CTE from RHEL 9 to RHEL 10 for more information.
Resolved Issues
-
AGT-65138: LDT versioned key files get corrupted after a key rotation after restoring from backup
AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.88
After restoring a file from a backup, into a directory that contained an LDT Exclusion key rule with clear_key, the files in the directory were corrupted after a key rotation. The solution was to rekey the encrypted files with clear_key.
-
AGT-66297: No error message reported when accessing automount GuardPoint that is in "need LDT recovery" state
AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.88
After system crashed while an LDT protected GuardPoint was automounted and undergoing rekey, accessing the GuardPoint to trigger automount failed without providing any reason for the failed mount/guard operation. The solution was to print an error message when accessing the failed GuardPoint. In such case, the GuardPoint requires LDT recovery before it can be guarded. Run the command,
voradmin ldt recover
to check and perform LDT recovery. -
AGT-66365: Files marked with lazy_rekey from renaming, during initial rekey, go into
rekey_error
upon next key rotationAFFECTED VERSIONS: 7.8.0.79 — 7.8.0.88
Unencrypted files with lazy rekey status, resulting from renaming a directory, fail to be rekeyed and flagged as in error during the next subsequent rekey at the GuardPoint level. This issue has been fixed.
-
AGT-66367: Secondary host does not trigger a single file rekey when accessing clear_key files marked with lazy_rekey
AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.88
Accessing files that are in lazy rekey status, on a secondary client, does not trigger a lazy rekey. The issue has been fixed to trigger the client accessing the file to initiate a lazy rekey on the primary client.
-
AGT-66384: RH9 system crashed randomly
AFFECTED VERSIONS: 7.6.0.xx — 7.8.0.88
A system crash occurred when passing an incorrect alignment parameter. The solution was to pass the correct alignment parameter value, 0, during the creation of the
secfs_process_info cache
. -
AGT-66442: Unguarded subdirectory logs from the
getfacl -R
command are not logged in FAM logsAFFECTED VERSIONS: 7.8.0.88
New kernels for RHEL 9, Ubuntu 22, and Ubuntu 24, use a different system call than previous versions. The solution was to add the new system call interception to CTE. After this change, the logs record the appropriate information.
-
AGT-66462: Ransomware attacks not blocked if agent loses connection with CipherTrust Manager and subsequently the system is rebooted
AFFECTED VERSIONS: 7.7.0.xx — 7.8.0.88
Previously, CipherTrust Transparent Encryption relied on CipherTrust Manager to inform it if Ransomware Protection was enabled each time it rebooted. Now, CTE agent stores this information upon receipt, and restores it automatically after restarting, eliminating the need to wait for CipherTrust Manager.
-
AGT-66816: In LDT,
secfsd
is crashing when multiple secondary nodes are reading all of the files inside a GuardPoint during initial rekeyAFFECTED VERSIONS: 7.8.0.88
The issue occurred because
secfsd
was restarting during the initial rekey. This has been fixed. -
AGT-66823: Residue node information is still present in sentinel for the LDT Communication Group nodes after removal from the LDT Communication Group
AFFECTED VERSIONS: 7.8.0.88
Removal of a failed client, that is a triad member of an LDT Communication Group failed to add the next client from the LDT Communication Group as a triad node. This issue has been fixed.
-
AGT-66860: Set permission mode of
vorm-prs
file to 0664AFFECTED VERSIONS: 7.8.0.88
The permissions for this file were wide open. It's now been changed to 0664, which grants read and write access to the file owner and group, and read-only access to others.
-
AGT-66978: Files show corruption on secondary host during rekeying/relaunch state on primary host
AFFECTED VERSIONS: 7.8.0.88
Rotating an LDT key, while rekey is in-progress, may result in some read operations on LDT secondary nodes applying the wrong key for decrypting data. This issue has been fixed.
Known Issues
-
AGT-28604: Linux GlusterFS Trash Translate does not work if
.trashcan
directory is outside of GuardPointAFFECTED VERSIONS: 7.8.0.79 — 7.8.0.101
CTE has an issue with subdirectories in Gluster FS. If a file deleted from a GuardPoint is moved to a subdirectory that is outside of the GuardPoint, then it shows only the garbage values because it is encrypted.
Currently, CipherTrust Transparent Encryption does not support the GlusterFS Trash Translator.
-
AGT-62836: The command to get the vm process logs dumped the logs into
vorvmd
during the first association of a FAM policy with CTEAFFECTED VERSIONS: 7.8.0.79 — 7.8.0.101
These logs are generated when a FAM policy is pushed for the first time. They do not affect the functioning of FAM, or any other feature, and can be ignored.
-
AGT-65002: LDT-AutoFS: Not Removing Shadow directory after auto unmount of NAS mount point
AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.101
Unmounting automount directories, configured as a CTE AutoGuard GuardPoint under an LDT policy protection, does not remove the mount point subdirectories that are dynamically created when mount points are auto-mounted.
-
AGT-65631: COS | Internal server error observed if
awscli
is higher 2.23.0AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.101
Starting with AWS CLI v2.23.0 and continuing with subsequent versions, AWS implemented enhanced and more efficient checksum algorithms. Therefore, customers needs to utilize an earlier version of the AWS CLI to accommodate this change. Use a version of
awscli
that is a previous version to v2.23.0. -
AGT-66914 | 67160 : Warning trace while loading
seccrypto
module in RHEL10AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.101
The warning message
Unpatched return thunk in use
displayed in the system log during system boot. It is harmless and can be ignored. The message type will be changed to: information.
Support Advisory
End of Life Notices
Platform | EOL | Notes |
---|---|---|
Red Hat Enterprise Linux (RHEL) 8 | post CTE v7.9.0 | CTE v7.9.0 will be the final release to support RHEL 8. |
SUSE Linux Enterprise Server (SLES) 12 | CTE v7.9.0 | The Ransomware Protection feature will no longer be supported on SLES 12. |
Linux Kernels End of Life Notices
Linux Kernels | Operating System | Last Supported CTE Release |
---|---|---|
Ubuntu 22.04 | 5.15 series generic kernels released before 5.15.0-124-generic | 7.8.0.xx |
5.19 series generic kernels | ||
6.2 series generic kernels | ||
6.5 series generic kernels | ||
6.8 series generic kernels released before 6.8.0-45-generic | ||
Ubuntu 24.04 | 6.8 series generic kernels released before 6.8.0-60-generic | 7.8.0.xx |