- Issued:
- 2011-12-06
- Updated:
- 2011-12-06
RHBA-2011:1656 - Bug Fix Advisory
Synopsis
mod_nss bug fix update
Type/Severity
Bug Fix Advisory
Topic
An updated mod_nss package that fixes several bugs is now available for Red Hat
Enterprise Linux 6.
Description
The mod_nss module provides strong cryptography for the Apache HTTP Server via
the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols,
using the Network Security Services (NSS) security library.
This update fixes the following bugs:
- When the NSS library was not initialized and mod_nss tried to clear its SSL
cache on start-up, mod_nss terminated unexpectedly when the NSS library was
built with debugging enabled. With this update, mod_nss does not try to clear
the SSL cache in the described scenario, thus preventing this bug. (BZ#691502) - Previously, a static array containing the arguments for launching the
nss_pcache command was overflowing the size by one. This could lead to a variety
of issues including unexpected termination. This bug has been fixed, and mod_nss
now uses properly sized static array when launching nss_pcache. (BZ#714154) - Prior to this update, client certificates were only retrieved during the
initial SSL handshake if the NSSVerifyClient option was set to "require" or
"optional". Also, the FakeBasicAuth option only retrieved Common Name rather
than the entire certificate subject. Consequently, it was possible to spoof an
identity using that option. This bug has been fixed, the FakeBasicAuth option is
now prefixed with "/" and is thus compatible with OpenSSL, and certificates are
now retrieved on all subsequent requests beyond the first one. (BZ#702437)
Users of mod_nss are advised to upgrade to this updated package, which fixes
these bugs.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
Fixes
- BZ - 702437 - may be possible to spoof mod_nss FakeBasicAuth
- BZ - 714154 - overrunning array when executing nss_pcache
CVEs
References
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| mod_nss-1.0.8-13.el6.src.rpm | SHA-256: dc3658f6ea40a6cd109f82d97fa5a6a5db80eaf017e145bc1b117f7d0407b1ae |
| x86_64 | |
| mod_nss-1.0.8-13.el6.x86_64.rpm | SHA-256: 01c0947adbdb85818956f66cc1d7f132a5b6adcfdfc7f7dada46263be1c97ed3 |
| mod_nss-debuginfo-1.0.8-13.el6.x86_64.rpm | SHA-256: 19d020e82af0f803a56d3939e586c53351adf8cfe2bd5783ee5aedfde9719cf1 |
| i386 | |
| mod_nss-1.0.8-13.el6.i686.rpm | SHA-256: bf03c6b40feffcc178256d1bf976595763c29f0dc9f657440789f53e1f25e15a |
| mod_nss-debuginfo-1.0.8-13.el6.i686.rpm | SHA-256: 0899ed0624da5b1a52cff5cce76c7a07b62a3dd20d8ae7cb5b90cdffa70858dc |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| mod_nss-1.0.8-13.el6.src.rpm | SHA-256: dc3658f6ea40a6cd109f82d97fa5a6a5db80eaf017e145bc1b117f7d0407b1ae |
| x86_64 | |
| mod_nss-1.0.8-13.el6.x86_64.rpm | SHA-256: 01c0947adbdb85818956f66cc1d7f132a5b6adcfdfc7f7dada46263be1c97ed3 |
| mod_nss-debuginfo-1.0.8-13.el6.x86_64.rpm | SHA-256: 19d020e82af0f803a56d3939e586c53351adf8cfe2bd5783ee5aedfde9719cf1 |
| i386 | |
| mod_nss-1.0.8-13.el6.i686.rpm | SHA-256: bf03c6b40feffcc178256d1bf976595763c29f0dc9f657440789f53e1f25e15a |
| mod_nss-debuginfo-1.0.8-13.el6.i686.rpm | SHA-256: 0899ed0624da5b1a52cff5cce76c7a07b62a3dd20d8ae7cb5b90cdffa70858dc |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| mod_nss-1.0.8-13.el6.src.rpm | SHA-256: dc3658f6ea40a6cd109f82d97fa5a6a5db80eaf017e145bc1b117f7d0407b1ae |
| x86_64 | |
| mod_nss-1.0.8-13.el6.x86_64.rpm | SHA-256: 01c0947adbdb85818956f66cc1d7f132a5b6adcfdfc7f7dada46263be1c97ed3 |
| mod_nss-debuginfo-1.0.8-13.el6.x86_64.rpm | SHA-256: 19d020e82af0f803a56d3939e586c53351adf8cfe2bd5783ee5aedfde9719cf1 |
| i386 | |
| mod_nss-1.0.8-13.el6.i686.rpm | SHA-256: bf03c6b40feffcc178256d1bf976595763c29f0dc9f657440789f53e1f25e15a |
| mod_nss-debuginfo-1.0.8-13.el6.i686.rpm | SHA-256: 0899ed0624da5b1a52cff5cce76c7a07b62a3dd20d8ae7cb5b90cdffa70858dc |
Red Hat Enterprise Linux for IBM z Systems 6
| SRPM | |
|---|---|
| mod_nss-1.0.8-13.el6.src.rpm | SHA-256: dc3658f6ea40a6cd109f82d97fa5a6a5db80eaf017e145bc1b117f7d0407b1ae |
| s390x | |
| mod_nss-1.0.8-13.el6.s390x.rpm | SHA-256: 588a1404e9050c63af5fda060c2767ff0a77f26ddb5022ffab4dbc2d1cc61c79 |
| mod_nss-debuginfo-1.0.8-13.el6.s390x.rpm | SHA-256: 6014f949f2bae00b4977b26178be8ce9ea5939bdfa2627f4679ce6d7fbbc5ede |
Red Hat Enterprise Linux for Power, big endian 6
| SRPM | |
|---|---|
| mod_nss-1.0.8-13.el6.src.rpm | SHA-256: dc3658f6ea40a6cd109f82d97fa5a6a5db80eaf017e145bc1b117f7d0407b1ae |
| ppc64 | |
| mod_nss-1.0.8-13.el6.ppc64.rpm | SHA-256: beaacac86f2f21b345759e634fb881402fc03f563708ea3edc7cc90b01bc13f7 |
| mod_nss-debuginfo-1.0.8-13.el6.ppc64.rpm | SHA-256: 79fbec105a654b65bab0503aaa4052626907504a28c732425b3365b21f602299 |
Red Hat Enterprise Linux for Scientific Computing 6
| SRPM | |
|---|---|
| mod_nss-1.0.8-13.el6.src.rpm | SHA-256: dc3658f6ea40a6cd109f82d97fa5a6a5db80eaf017e145bc1b117f7d0407b1ae |
| x86_64 | |
| mod_nss-1.0.8-13.el6.x86_64.rpm | SHA-256: 01c0947adbdb85818956f66cc1d7f132a5b6adcfdfc7f7dada46263be1c97ed3 |
| mod_nss-debuginfo-1.0.8-13.el6.x86_64.rpm | SHA-256: 19d020e82af0f803a56d3939e586c53351adf8cfe2bd5783ee5aedfde9719cf1 |
Red Hat Enterprise Linux Server from RHUI 6
| SRPM | |
|---|---|
| mod_nss-1.0.8-13.el6.src.rpm | SHA-256: dc3658f6ea40a6cd109f82d97fa5a6a5db80eaf017e145bc1b117f7d0407b1ae |
| x86_64 | |
| mod_nss-1.0.8-13.el6.x86_64.rpm | SHA-256: 01c0947adbdb85818956f66cc1d7f132a5b6adcfdfc7f7dada46263be1c97ed3 |
| mod_nss-debuginfo-1.0.8-13.el6.x86_64.rpm | SHA-256: 19d020e82af0f803a56d3939e586c53351adf8cfe2bd5783ee5aedfde9719cf1 |
| i386 | |
| mod_nss-1.0.8-13.el6.i686.rpm | SHA-256: bf03c6b40feffcc178256d1bf976595763c29f0dc9f657440789f53e1f25e15a |
| mod_nss-debuginfo-1.0.8-13.el6.i686.rpm | SHA-256: 0899ed0624da5b1a52cff5cce76c7a07b62a3dd20d8ae7cb5b90cdffa70858dc |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.