Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Linux Patch Notes for CTE v7.8.0

Linux Patch Notes for CTE v7.8.0.101

search

Please Note:

Linux Patch Notes for CTE v7.8.0.101

Patch Information
Release v7.8.0.101
Date 2025-08-12
Document version 1

New Features and Enhancements

New Platform Supported

Resolved Issues

  • AGT-65138: LDT versioned key files get corrupted after a key rotation after restoring from backup

    AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.88

    After restoring a file from a backup, into a directory that contained an LDT Exclusion key rule with clear_key, the files in the directory were corrupted after a key rotation. The solution was to rekey the encrypted files with clear_key.

  • AGT-66297: No error message reported when accessing automount GuardPoint that is in "need LDT recovery" state

    AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.88

    After system crashed while an LDT protected GuardPoint was automounted and undergoing rekey, accessing the GuardPoint to trigger automount failed without providing any reason for the failed mount/guard operation. The solution was to print an error message when accessing the failed GuardPoint. In such case, the GuardPoint requires LDT recovery before it can be guarded. Run the command, voradmin ldt recover to check and perform LDT recovery.

  • AGT-66365: Files marked with lazy_rekey from renaming, during initial rekey, go into rekey_error upon next key rotation

    AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.88

    Unencrypted files with lazy rekey status, resulting from renaming a directory, fail to be rekeyed and flagged as in error during the next subsequent rekey at the GuardPoint level. This issue has been fixed.

  • AGT-66367: Secondary host does not trigger a single file rekey when accessing clear_key files marked with lazy_rekey

    AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.88

    Accessing files that are in lazy rekey status, on a secondary client, does not trigger a lazy rekey. The issue has been fixed to trigger the client accessing the file to initiate a lazy rekey on the primary client.

  • AGT-66384: RH9 system crashed randomly

    AFFECTED VERSIONS: 7.6.0.xx — 7.8.0.88

    A system crash occurred when passing an incorrect alignment parameter. The solution was to pass the correct alignment parameter value, 0, during the creation of the secfs_process_info cache.

  • AGT-66442: Unguarded subdirectory logs from the getfacl -R command are not logged in FAM logs

    AFFECTED VERSIONS: 7.8.0.88

    New kernels for RHEL 9, Ubuntu 22, and Ubuntu 24, use a different system call than previous versions. The solution was to add the new system call interception to CTE. After this change, the logs record the appropriate information.

  • AGT-66462: Ransomware attacks not blocked if agent loses connection with CipherTrust Manager and subsequently the system is rebooted

    AFFECTED VERSIONS: 7.7.0.xx — 7.8.0.88

    Previously, CipherTrust Transparent Encryption relied on CipherTrust Manager to inform it if Ransomware Protection was enabled each time it rebooted. Now, CTE agent stores this information upon receipt, and restores it automatically after restarting, eliminating the need to wait for CipherTrust Manager.

  • AGT-66816: In LDT, secfsd is crashing when multiple secondary nodes are reading all of the files inside a GuardPoint during initial rekey

    AFFECTED VERSIONS: 7.8.0.88

    The issue occurred because secfsd was restarting during the initial rekey. This has been fixed.

  • AGT-66823: Residue node information is still present in sentinel for the LDT Communication Group nodes after removal from the LDT Communication Group

    AFFECTED VERSIONS: 7.8.0.88

    Removal of a failed client, that is a triad member of an LDT Communication Group failed to add the next client from the LDT Communication Group as a triad node. This issue has been fixed.

  • AGT-66860: Set permission mode of vorm-prs file to 0664

    AFFECTED VERSIONS: 7.8.0.88

    The permissions for this file were wide open. It's now been changed to 0664, which grants read and write access to the file owner and group, and read-only access to others.

  • AGT-66978: Files show corruption on secondary host during rekeying/relaunch state on primary host

    AFFECTED VERSIONS: 7.8.0.88

    Rotating an LDT key, while rekey is in-progress, may result in some read operations on LDT secondary nodes applying the wrong key for decrypting data. This issue has been fixed.

Known Issues

  • AGT-28604: Linux GlusterFS Trash Translate does not work if .trashcan directory is outside of GuardPoint

    AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106

    CTE has an issue with subdirectories in Gluster FS. If a file deleted from a GuardPoint is moved to a subdirectory that is outside of the GuardPoint, then it shows only the garbage values because it is encrypted.

    Currently, CipherTrust Transparent Encryption does not support the GlusterFS Trash Translator.

  • AGT-62836: The command to get the vm process logs dumped the logs into vorvmd during the first association of a FAM policy with CTE

    AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106

    These logs are generated when a FAM policy is pushed for the first time. They do not affect the functioning of FAM, or any other feature, and can be ignored.

  • AGT-65002: LDT-AutoFS: Not Removing Shadow directory after auto unmount of NAS mount point

    AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106

    Unmounting automount directories, configured as a CTE AutoGuard GuardPoint under an LDT policy protection, does not remove the mount point subdirectories that are dynamically created when mount points are auto-mounted.

  • AGT-65631: COS | Internal server error observed if awscli is higher 2.23.0

    AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106

    Starting with AWS CLI v2.23.0 and continuing with subsequent versions, AWS implemented enhanced and more efficient checksum algorithms. Therefore, customers needs to utilize an earlier version of the AWS CLI to accommodate this change. Use a version of awscli that is a previous version to v2.23.0.

  • AGT-66914 | 67160 : Warning trace while loading seccrypto module in RHEL10

    AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106

    The warning message Unpatched return thunk in use displayed in the system log during system boot. It is harmless and can be ignored. The message type will be changed to: information.

  • AGT-68212: Unable to guard the raw device in RHEL 10 after restarting SecFS

    AFFECTED VERSIONS: 7.8.0.106

    Workaround

    • When creating a GuardPoint on a raw/block device, ensure that the policy contains a signature set for the following system processes that require access to the guarded devices:
      /usr/bin/udevadm
/usr/sbin/dmsetup

    Failure to include the above processes in the policy might cause the GuardPoint creation to fail with the error Busy, will continue to retry.

Support Advisory

End of Life Notices

Platform EOL Notes
Red Hat Enterprise Linux (RHEL) 8 post CTE v7.9.0 CTE v7.9.0 will be the final release to support RHEL 8.
SUSE Linux Enterprise Server (SLES) 12 CTE v7.9.0 The Ransomware Protection feature will no longer be supported on SLES 12.

Linux Kernels End of Life Notices

Linux Kernels Operating System Last Supported CTE Release
Ubuntu 22.04 5.15 series generic kernels released before 5.15.0-124-generic 7.8.0.xx
5.19 series generic kernels
6.2 series generic kernels
6.5 series generic kernels
6.8 series generic kernels released before 6.8.0-45-generic
Ubuntu 24.04 6.8 series generic kernels released before 6.8.0-60-generic 7.8.0.xx

On this page