- Issued:
- 2009-09-02
- Updated:
- 2009-09-02
RHBA-2009:1365 - Bug Fix Advisory
Synopsis
mod_nss bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update mod_nss package that fixes a bug in proxy handling is now
available.
Description
mod_nss provides strong cryptography for the Apache Web server via the
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols,
using the Network Security Services (NSS) security library.
This update addresses a proxy handling bug in mod_nss. mod_nss was not
handling blocked reads properly. Rather than attempting the read again,
it failed with an "End of File" message. When used with mod_proxy in a
reverse proxy configuration, this would sometimes result in returning only
part of the remote content. (Bugzilla #484380)
mod_proxy has a single API for SSL handling, and mod_nss doesn't
register to handle SSL proxy requests if mod_ssl is loaded. In order for
mod_nss to work with mod_proxy, mod_ssl must be removed or disabled. It can
be disabled in one of two ways:
- By removing the mod_ssl package
- By removing or renaming /etc/httpd/conf.d/ssl.conf
Apache users requiring SSL and TLS cryptography are advised to install this
updated package.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 484380 - SSL (reverse) proxy flaky
- BZ - 489013 - mod_nss does not work with NSS 3.12 for pki-ra or pki-tps
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
| SRPM | |
|---|---|
| mod_nss-1.0.3-8.el5.src.rpm | SHA-256: e236e7092dfb5c9b5120e33d2e316c28d4a80a58ca9d73565bfb525db5ba4f98 |
| x86_64 | |
| mod_nss-1.0.3-8.el5.x86_64.rpm | SHA-256: 414f5541f59c2ca24db8225a2f3f3174b549fada493a6d4bc5911e397c098ece |
| ia64 | |
| mod_nss-1.0.3-8.el5.ia64.rpm | SHA-256: 770be893dc2c590b796408d3bce6863b7d847e677df47892bb9dc9caddd2a0b4 |
| i386 | |
| mod_nss-1.0.3-8.el5.i386.rpm | SHA-256: cb01066689628dfa1c7d1fecb5b6f98ddb9db85e91a666004ec40c60cb09d278 |
Red Hat Enterprise Linux Workstation 5
| SRPM | |
|---|---|
| mod_nss-1.0.3-8.el5.src.rpm | SHA-256: e236e7092dfb5c9b5120e33d2e316c28d4a80a58ca9d73565bfb525db5ba4f98 |
| x86_64 | |
| mod_nss-1.0.3-8.el5.x86_64.rpm | SHA-256: 414f5541f59c2ca24db8225a2f3f3174b549fada493a6d4bc5911e397c098ece |
| i386 | |
| mod_nss-1.0.3-8.el5.i386.rpm | SHA-256: cb01066689628dfa1c7d1fecb5b6f98ddb9db85e91a666004ec40c60cb09d278 |
Red Hat Enterprise Linux Desktop 5
| SRPM | |
|---|---|
| mod_nss-1.0.3-8.el5.src.rpm | SHA-256: e236e7092dfb5c9b5120e33d2e316c28d4a80a58ca9d73565bfb525db5ba4f98 |
| x86_64 | |
| mod_nss-1.0.3-8.el5.x86_64.rpm | SHA-256: 414f5541f59c2ca24db8225a2f3f3174b549fada493a6d4bc5911e397c098ece |
| i386 | |
| mod_nss-1.0.3-8.el5.i386.rpm | SHA-256: cb01066689628dfa1c7d1fecb5b6f98ddb9db85e91a666004ec40c60cb09d278 |
Red Hat Enterprise Linux for IBM z Systems 5
| SRPM | |
|---|---|
| mod_nss-1.0.3-8.el5.src.rpm | SHA-256: e236e7092dfb5c9b5120e33d2e316c28d4a80a58ca9d73565bfb525db5ba4f98 |
| s390x | |
| mod_nss-1.0.3-8.el5.s390x.rpm | SHA-256: 59e6bbfc28494dfd9e2363c358e8873fcd64f077c4f56a8281dfd603975e1ad5 |
Red Hat Enterprise Linux for Power, big endian 5
| SRPM | |
|---|---|
| mod_nss-1.0.3-8.el5.src.rpm | SHA-256: e236e7092dfb5c9b5120e33d2e316c28d4a80a58ca9d73565bfb525db5ba4f98 |
| ppc | |
| mod_nss-1.0.3-8.el5.ppc.rpm | SHA-256: 66d5efe5757091ec57878b7185a2f9732a718a0871f4061d17c2db759e3a4b59 |
Red Hat Enterprise Linux Server from RHUI 5
| SRPM | |
|---|---|
| mod_nss-1.0.3-8.el5.src.rpm | SHA-256: e236e7092dfb5c9b5120e33d2e316c28d4a80a58ca9d73565bfb525db5ba4f98 |
| x86_64 | |
| mod_nss-1.0.3-8.el5.x86_64.rpm | SHA-256: 414f5541f59c2ca24db8225a2f3f3174b549fada493a6d4bc5911e397c098ece |
| i386 | |
| mod_nss-1.0.3-8.el5.i386.rpm | SHA-256: cb01066689628dfa1c7d1fecb5b6f98ddb9db85e91a666004ec40c60cb09d278 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.