- Issued:
- 2011-01-13
- Updated:
- 2011-01-13
RHBA-2011:0049 - Bug Fix Advisory
Synopsis
mod_nss bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated mod_nss package that fixes various bugs is now available.
Description
This updated mod_nss package includes fixes for the following bugs:
- Some hardware readers did not work because mod_nss initialized NSS and only
then forked its child listeners. This process was not compliant with the PKCS#11
specification of public-key cryptography standards (PKCS). With this update,
mod_nss initializes NSS after Apache HTTP Server forks as it is defined in the
PKCS specification. (BZ#498542)
- The httpd daemon failed to start if Apache HTTP Server loaded the mod_nss
module without the mod_nss configuration. With this update, the httpd daemon
starts as expected. (BZ#513367)
- During mod_nss installation the following message appeared:
mod_nss certificate database generated.
With this update, the message no longer appears. (BZ#529164)
- The httpd daemon terminated unexpectedly if the stored token password did not
match the database password. With this update, the problem no longer occurs.
(BZ#588858)
- Large POST request caused the mod_nss module to get into an infinite loop.
This update fixes the problem and the loop no longer occurs. (BZ#634685)
- Server experienced performance issues when starting up. The server searched
for the certificates for every configured virtual server. With this update, a
server pulls the list of certificates and caches the list. (BZ#635324)
All users of mod_nss are advised to upgrade to this updated package, which
resolves these issues.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 498542 - need mod_nss "forking model" code in the RHEL version
- BZ - 529164 - mod_nss certificate database generated.
- BZ - 634685 - Large POST may cause loop in mod_nss
- BZ - 635324 - PK11_ListCerts called to retrieve all user certificates for every server
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
| SRPM | |
|---|---|
| mod_nss-1.0.8-3.el5.src.rpm | SHA-256: 19a2b94c1dab5b6d05d130f33963ac39faab6ad929c4f9846fefe9bb0678da9d |
| x86_64 | |
| mod_nss-1.0.8-3.el5.x86_64.rpm | SHA-256: fa97529ccbd94b3ce111de58d2d6783c4d768f08739252abda80921a9ccf588e |
| ia64 | |
| mod_nss-1.0.8-3.el5.ia64.rpm | SHA-256: 21c8819bbba235362136df2b66c31004b30ac183f7110eed6613a9c53fb509bb |
| i386 | |
| mod_nss-1.0.8-3.el5.i386.rpm | SHA-256: 35ac28b515978ab24be217511272cbecdfe080613724b354ce42da7abab0f850 |
Red Hat Enterprise Linux Workstation 5
| SRPM | |
|---|---|
| mod_nss-1.0.8-3.el5.src.rpm | SHA-256: 19a2b94c1dab5b6d05d130f33963ac39faab6ad929c4f9846fefe9bb0678da9d |
| x86_64 | |
| mod_nss-1.0.8-3.el5.x86_64.rpm | SHA-256: fa97529ccbd94b3ce111de58d2d6783c4d768f08739252abda80921a9ccf588e |
| i386 | |
| mod_nss-1.0.8-3.el5.i386.rpm | SHA-256: 35ac28b515978ab24be217511272cbecdfe080613724b354ce42da7abab0f850 |
Red Hat Enterprise Linux Desktop 5
| SRPM | |
|---|---|
| mod_nss-1.0.8-3.el5.src.rpm | SHA-256: 19a2b94c1dab5b6d05d130f33963ac39faab6ad929c4f9846fefe9bb0678da9d |
| x86_64 | |
| mod_nss-1.0.8-3.el5.x86_64.rpm | SHA-256: fa97529ccbd94b3ce111de58d2d6783c4d768f08739252abda80921a9ccf588e |
| i386 | |
| mod_nss-1.0.8-3.el5.i386.rpm | SHA-256: 35ac28b515978ab24be217511272cbecdfe080613724b354ce42da7abab0f850 |
Red Hat Enterprise Linux for IBM z Systems 5
| SRPM | |
|---|---|
| mod_nss-1.0.8-3.el5.src.rpm | SHA-256: 19a2b94c1dab5b6d05d130f33963ac39faab6ad929c4f9846fefe9bb0678da9d |
| s390x | |
| mod_nss-1.0.8-3.el5.s390x.rpm | SHA-256: 887a0ccaebfb0cc2c0c7f4a2b65ea8595ede478e29182f5b992799831783cb89 |
Red Hat Enterprise Linux for Power, big endian 5
| SRPM | |
|---|---|
| mod_nss-1.0.8-3.el5.src.rpm | SHA-256: 19a2b94c1dab5b6d05d130f33963ac39faab6ad929c4f9846fefe9bb0678da9d |
| ppc | |
| mod_nss-1.0.8-3.el5.ppc.rpm | SHA-256: edfcc69366383fc7e1f7ef842a14a69636436867ece96cb1f1fc202c96bad4a5 |
Red Hat Enterprise Linux Server from RHUI 5
| SRPM | |
|---|---|
| mod_nss-1.0.8-3.el5.src.rpm | SHA-256: 19a2b94c1dab5b6d05d130f33963ac39faab6ad929c4f9846fefe9bb0678da9d |
| x86_64 | |
| mod_nss-1.0.8-3.el5.x86_64.rpm | SHA-256: fa97529ccbd94b3ce111de58d2d6783c4d768f08739252abda80921a9ccf588e |
| i386 | |
| mod_nss-1.0.8-3.el5.i386.rpm | SHA-256: 35ac28b515978ab24be217511272cbecdfe080613724b354ce42da7abab0f850 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.