Linux Patch Notes for CTE v7.8.0.106
| Patch Information | |
|---|---|
| Release | v7.8.0.106 |
| Date | 2025-09-18 |
| Document version | 1 |
Resolved Issues
-
AGT-63404: LDT-NFS: Secondary client producing error messages on the truncate call for files, restored from backup, going through single file rekey
AFFECTED VERSIONS: 7.7.0.100 — 7.8.0.101
The issue occurred because a truncate operation failed on a secondary LDT client when the target file was restored from backup. This issue has been fixed.
-
AGT-64852: LDT-NFS: dt-based memory mapping failing on LDT GuardPoint policy with a ResourceSet
AFFECTED VERSIONS: 7.7.0.121 — 7.8.0.101
Issue occurred because of an incorrect file size setting, in a truncate operation, on a file associated with a clear-key rule. This has been fixed.
-
AGT-66782: Ransomware Protection operation mode changes to block if agent loses connection with CipherTrust Manager and system is rebooted
AFFECTED VERSIONS: 7.7.0.134 — 7.8.0.101
The issue occurred because the RWP operation mode did not persist across reboot, so the system defaulted back to Block. Now, RWP operation mode is stored to a file and recovered from the file after reboot.
-
AGT-66984 [CS2183867]: Need dump analysis for system crashing upon restart of CTE agent
AFFECTED VERSIONS: 7.8.0.88 — 7.8.0.101
Added fix that prevents the system from crashing when CTE stops.
-
AGT-67160: Fix Warning trace while loading
seccryptomodule in RHEL10AFFECTED VERSIONS: 7.8.0.101
The warning message
Unpatched return thunk in usedisplayed in the system log during system boot when the CTE module loaded. The cause of the warning message has been fixed. -
AGT-67220: Standard Policy: NFS Builds: Build failure due to corrupted config files under NFS-mounted directory
AFFECTED VERSIONS: 7.8.0.101
Write operations on files opened in Append mode on Ubuntu 24 (6.11 kernels) resulted in file corruption. This has been fixed.
-
AGT-67969: Unexpected
voradmin group repairbehavior on LDT-NFS automount GuardPoint after primary client crashesAFFECTED VERSIONS: 7.8.0.101
This issue occurred when a function intermittently produced failures when accessing an AutoMount GuardPoint on a NAS share under LDT protection. This has been fixed.
-
AGT-67994: LDT-NFS: Primary client crashing when Secondary client renames all of the files in parallel twice
AFFECTED VERSIONS: 7.8.0.101
A few issues with directory rename operations, during active rekey periods, were resolved and improved. The improvements are included in this patch release.
Known Issues
-
AGT-28604: Linux GlusterFS Trash Translate does not work if
.trashcandirectory is outside of GuardPointAFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106
CTE has an issue with subdirectories in Gluster FS. If a file deleted from a GuardPoint is moved to a subdirectory that is outside of the GuardPoint, then it shows only the garbage values because it is encrypted.
Currently, CipherTrust Transparent Encryption does not support the GlusterFS Trash Translator.
-
AGT-62836: The command to get the vm process logs dumped the logs into
vorvmdduring the first association of a FAM policy with CTEAFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106
These logs are generated when a FAM policy is pushed for the first time. They do not affect the functioning of FAM, or any other feature, and can be ignored.
-
AGT-65002: LDT-AutoFS: Not Removing Shadow directory after auto unmount of NAS mount point
AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106
Unmounting automount directories, configured as a CTE AutoGuard GuardPoint under an LDT policy protection, does not remove the mount point subdirectories that are dynamically created when mount points are auto-mounted.
-
AGT-65631: COS | Internal server error observed if
awscliis higher 2.23.0AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106
Starting with AWS CLI v2.23.0 and continuing with subsequent versions, AWS implemented enhanced and more efficient checksum algorithms. Therefore, customers needs to utilize an earlier version of the AWS CLI to accommodate this change. Use a version of
awsclithat is a previous version to v2.23.0. -
AGT-66914 | 67160 : Warning trace while loading
seccryptomodule in RHEL10AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106
The warning message
Unpatched return thunk in usedisplayed in the system log during system boot. It is harmless and can be ignored. The message type will be changed to: information. -
AGT-68212: Unable to guard the raw device in RHEL 10 after restarting SecFS
AFFECTED VERSIONS: 7.8.0.106
Workaround
- When creating a GuardPoint on a raw/block device, ensure that the policy contains a signature set for the following system processes that require access to the guarded devices:
/usr/bin/udevadm /usr/sbin/dmsetup
Failure to include the above processes in the policy might cause the GuardPoint creation to fail with the error
Busy, will continue to retry. - When creating a GuardPoint on a raw/block device, ensure that the policy contains a signature set for the following system processes that require access to the guarded devices:
Support Advisory
End of Life Notices
| Platform | EOL | Notes |
|---|---|---|
| Red Hat Enterprise Linux (RHEL) 8 | post CTE v7.9.0 | CTE v7.9.0 will be the final release to support RHEL 8. |
| SUSE Linux Enterprise Server (SLES) 12 | CTE v7.9.0 | The Ransomware Protection feature will no longer be supported on SLES 12. |
Linux Kernels End of Life Notices
| Linux Kernels | Operating System | Last Supported CTE Release |
|---|---|---|
| Ubuntu 22.04 | 5.15 series generic kernels released before 5.15.0-124-generic | 7.8.0.xx |
| 5.19 series generic kernels | ||
| 6.2 series generic kernels | ||
| 6.5 series generic kernels | ||
| 6.8 series generic kernels released before 6.8.0-45-generic | ||
| Ubuntu 24.04 | 6.8 series generic kernels released before 6.8.0-60-generic | 7.8.0.xx |
