Linux Patch Notes for CTE v7.8.0.106
| Patch Information | |
|---|---|
| Release | v7.8.0.106 |
| Date | 2025-10-22 |
| Document version | 2 |
Resolved Issues
-
AGT-63404: LDT-NFS: Secondary client producing error messages on the truncate call for files, restored from backup, going through single file rekey
AFFECTED VERSIONS: 7.7.0.100 — 7.8.0.101
The issue occurred because a truncate operation failed on a secondary LDT client when the target file was restored from backup. This issue has been fixed.
-
AGT-64852: LDT-NFS: dt-based memory mapping failing on LDT GuardPoint policy with a ResourceSet
AFFECTED VERSIONS: 7.7.0.121 — 7.8.0.101
Issue occurred because of an incorrect file size setting, in a truncate operation, on a file associated with a clear-key rule. This has been fixed.
-
AGT-66782: Ransomware Protection operation mode changes to block if agent loses connection with CipherTrust Manager and system is rebooted
AFFECTED VERSIONS: 7.7.0.134 — 7.8.0.101
The issue occurred because the RWP operation mode did not persist across reboot, so the system defaulted back to Block. Now, RWP operation mode is stored to a file and recovered from the file after reboot.
-
AGT-66984 [CS2183867]: Need dump analysis for system crashing upon restart of CTE agent
AFFECTED VERSIONS: 7.8.0.88 — 7.8.0.101
Added fix that prevents the system from crashing when CTE stops.
-
AGT-67160: Fix Warning trace while loading
seccryptomodule in RHEL10AFFECTED VERSIONS: 7.8.0.101
The warning message
Unpatched return thunk in usedisplayed in the system log during system boot when the CTE module loaded. The cause of the warning message has been fixed. -
AGT-67220: Standard Policy: NFS Builds: Build failure due to corrupted config files under NFS-mounted directory
AFFECTED VERSIONS: 7.8.0.101
Write operations on files opened in Append mode on Ubuntu 24 (6.11 kernels) resulted in file corruption. This has been fixed.
-
AGT-67969: Unexpected
voradmin group repairbehavior on LDT-NFS automount GuardPoint after primary client crashesAFFECTED VERSIONS: 7.8.0.101
This issue occurred when a function intermittently produced failures when accessing an AutoMount GuardPoint on a NAS share under LDT protection. This has been fixed.
-
AGT-67994: LDT-NFS: Primary client crashing when Secondary client renames all of the files in parallel twice
AFFECTED VERSIONS: 7.8.0.101
A few issues with directory rename operations, during active rekey periods, were resolved and improved. The improvements are included in this patch release.
Known Issues
-
AGT-28604: Linux GlusterFS Trash Translate does not work if
.trashcandirectory is outside of GuardPointAFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106
CTE has an issue with subdirectories in Gluster FS. If a file deleted from a GuardPoint is moved to a subdirectory that is outside of the GuardPoint, then it shows only the garbage values because it is encrypted.
Currently, CipherTrust Transparent Encryption does not support the GlusterFS Trash Translator.
-
AGT-62836: The command to get the vm process logs dumped the logs into
vorvmdduring the first association of a FAM policy with CTEAFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106
These logs are generated when a FAM policy is pushed for the first time. They do not affect the functioning of FAM, or any other feature, and can be ignored.
-
AGT-65002: LDT-AutoFS: Not Removing Shadow directory after auto unmount of NAS mount point
AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106
Unmounting automount directories, configured as a CTE AutoGuard GuardPoint under an LDT policy protection, does not remove the mount point subdirectories that are dynamically created when mount points are auto-mounted.
-
AGT-65631: COS | File upload/download fails with "Internal server error" when using awscli version 2.23.0 or subsequent versions
AFFECTED VERSIONS: 10.5.0.49
Beginning with AWS CLI version 2.23.0 and subsequent versions, AWS implemented enhanced and more efficient checksum algorithms, including CRC-64/NVME, CRC32, CRC32C, SHA1, and SHA256, with CRC64-NVME set as the new default for the CLI. This results in file upload/download failing.
There are two work-arounds for this issue. Choose one:
-
Use an older version of AWS CLI.
-
Add the following lines to the
~/aws/configfile:response_checksum_validation = when_required request_checksum_calculation = when_required
-
-
AGT-66914 | 67160 : Warning trace while loading
seccryptomodule in RHEL10AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.106
The warning message
Unpatched return thunk in usedisplayed in the system log during system boot. It is harmless and can be ignored. The message type will be changed to: information. -
AGT-68212: Unable to guard the raw device in RHEL 10 after restarting SecFS
AFFECTED VERSIONS: 7.8.0.106
Workaround
- When creating a GuardPoint on a raw/block device, ensure that the policy contains a signature set for the following system processes that require access to the guarded devices:
/usr/bin/udevadm /usr/sbin/dmsetup
Failure to include the above processes in the policy might cause the GuardPoint creation to fail with the error
Busy, will continue to retry. - When creating a GuardPoint on a raw/block device, ensure that the policy contains a signature set for the following system processes that require access to the guarded devices:
Support Advisory
End of Life Notices
| Platform | EOL | Notes |
|---|---|---|
| Red Hat Enterprise Linux (RHEL) 8 | post CTE v7.9.0 | CTE v7.9.0 will be the final release to support RHEL 8. |
| SUSE Linux Enterprise Server (SLES) 12 | CTE v7.9.0 | The Ransomware Protection feature will no longer be supported on SLES 12. |
Linux Kernels End of Life Notices
| Linux Kernels | Operating System | Last Supported CTE Release |
|---|---|---|
| Ubuntu 22.04 | 5.15 series generic kernels released before 5.15.0-124-generic | 7.8.0.xx |
| 5.19 series generic kernels | ||
| 6.2 series generic kernels | ||
| 6.5 series generic kernels | ||
| 6.8 series generic kernels released before 6.8.0-45-generic | ||
| Ubuntu 24.04 | 6.8 series generic kernels released before 6.8.0-60-generic | 7.8.0.xx |
