Issued:
2013-12-03
Updated:
2013-12-03

RHSA-2013:1779 - Security Advisory

Synopsis

Moderate: mod_nss security update

Type/Severity

Security Advisory: Moderate

Topic

An updated mod_nss package that fixes one security issue is now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The mod_nss module provides strong cryptography for the Apache HTTP Server
via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
protocols, using the Network Security Services (NSS) security library.

A flaw was found in the way mod_nss handled the NSSVerifyClient setting for
the per-directory context. When configured to not require a client
certificate for the initial connection and only require it for a specific
directory, mod_nss failed to enforce this requirement and allowed a client
to access the directory when no valid client certificate was provided.
(CVE-2013-4566)

Red Hat would like to thank Albert Smith of OUSD(AT&L) for reporting this
issue.

All mod_nss users should upgrade to this updated package, which contains a
backported patch to correct this issue. The httpd service must be restarted
for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.5 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.5 i386
  • Red Hat Enterprise Linux Server - AUS 6.5 x86_64
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.5 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.5 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 6.5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.5 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.5 i386
  • Red Hat Enterprise Linux EUS Compute Node 6.5 x86_64
  • Red Hat Enterprise Linux Server - TUS 6.5 x86_64

Fixes

  • BZ - 1016832 - CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context

CVEs

References

Red Hat Enterprise Linux Server 6

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
x86_64
mod_nss-1.0.8-19.el6_5.x86_64.rpm SHA-256: 7aaee9e767c7394b1b9dec8d520173b8e05d6852879ec681b9fc9efff70a1b3a
mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm SHA-256: 72bd597a67b299b7f3f0c9be8344ffdc88fbe4fc8faac437a6b6579a8958119c
i386
mod_nss-1.0.8-19.el6_5.i686.rpm SHA-256: a99ba153f50560eeec859cb94595e1971195b92f14c6ed3dc389eb4c56cbcaa1
mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm SHA-256: 30c2c8e5d4840383ecc6839f10c9f00f676f10b506cdb0a8d33dc89def26c568

Red Hat Enterprise Linux Server 5

SRPM
mod_nss-1.0.8-8.el5_10.src.rpm SHA-256: 1414d7b34922bd98898b3ea638af8b89de23428f60641157d5380af8ded6737a
x86_64
mod_nss-1.0.8-8.el5_10.x86_64.rpm SHA-256: 86ad836830fcf5cca4c5ad284ae645508a941dca37f2ba216f95f1958d444275
mod_nss-debuginfo-1.0.8-8.el5_10.x86_64.rpm SHA-256: c09fc7913a9545824c31a28c422b302419fef1d67278c0667cc13b4cb701b68c
ia64
mod_nss-1.0.8-8.el5_10.ia64.rpm SHA-256: 25aa8de233132e262cea42aac243d3cc992f3caec080dccc149a6bf666230220
mod_nss-debuginfo-1.0.8-8.el5_10.ia64.rpm SHA-256: bfeab2225af02e535b80b47aff1d1dfad101f282d4ee6d6aea40b01deb2357d4
i386
mod_nss-1.0.8-8.el5_10.i386.rpm SHA-256: 088993b95f129bf9568d84aa192583fe5bfe4a469b0a9ecceec62993ca95dc5a
mod_nss-debuginfo-1.0.8-8.el5_10.i386.rpm SHA-256: 87e526a50cd38bb3430bd37f9cabcb74202a0d9d81d3d3437d067e17e1be4d6f

Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.5

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
x86_64
mod_nss-1.0.8-19.el6_5.x86_64.rpm SHA-256: 7aaee9e767c7394b1b9dec8d520173b8e05d6852879ec681b9fc9efff70a1b3a
mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm SHA-256: 72bd597a67b299b7f3f0c9be8344ffdc88fbe4fc8faac437a6b6579a8958119c
i386
mod_nss-1.0.8-19.el6_5.i686.rpm SHA-256: a99ba153f50560eeec859cb94595e1971195b92f14c6ed3dc389eb4c56cbcaa1
mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm SHA-256: 30c2c8e5d4840383ecc6839f10c9f00f676f10b506cdb0a8d33dc89def26c568

Red Hat Enterprise Linux Workstation 6

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
x86_64
mod_nss-1.0.8-19.el6_5.x86_64.rpm SHA-256: 7aaee9e767c7394b1b9dec8d520173b8e05d6852879ec681b9fc9efff70a1b3a
mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm SHA-256: 72bd597a67b299b7f3f0c9be8344ffdc88fbe4fc8faac437a6b6579a8958119c
i386
mod_nss-1.0.8-19.el6_5.i686.rpm SHA-256: a99ba153f50560eeec859cb94595e1971195b92f14c6ed3dc389eb4c56cbcaa1
mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm SHA-256: 30c2c8e5d4840383ecc6839f10c9f00f676f10b506cdb0a8d33dc89def26c568

Red Hat Enterprise Linux Workstation 5

SRPM
mod_nss-1.0.8-8.el5_10.src.rpm SHA-256: 1414d7b34922bd98898b3ea638af8b89de23428f60641157d5380af8ded6737a
x86_64
mod_nss-1.0.8-8.el5_10.x86_64.rpm SHA-256: 86ad836830fcf5cca4c5ad284ae645508a941dca37f2ba216f95f1958d444275
mod_nss-debuginfo-1.0.8-8.el5_10.x86_64.rpm SHA-256: c09fc7913a9545824c31a28c422b302419fef1d67278c0667cc13b4cb701b68c
i386
mod_nss-1.0.8-8.el5_10.i386.rpm SHA-256: 088993b95f129bf9568d84aa192583fe5bfe4a469b0a9ecceec62993ca95dc5a
mod_nss-debuginfo-1.0.8-8.el5_10.i386.rpm SHA-256: 87e526a50cd38bb3430bd37f9cabcb74202a0d9d81d3d3437d067e17e1be4d6f

Red Hat Enterprise Linux Desktop 6

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
x86_64
mod_nss-1.0.8-19.el6_5.x86_64.rpm SHA-256: 7aaee9e767c7394b1b9dec8d520173b8e05d6852879ec681b9fc9efff70a1b3a
mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm SHA-256: 72bd597a67b299b7f3f0c9be8344ffdc88fbe4fc8faac437a6b6579a8958119c
i386
mod_nss-1.0.8-19.el6_5.i686.rpm SHA-256: a99ba153f50560eeec859cb94595e1971195b92f14c6ed3dc389eb4c56cbcaa1
mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm SHA-256: 30c2c8e5d4840383ecc6839f10c9f00f676f10b506cdb0a8d33dc89def26c568

Red Hat Enterprise Linux Desktop 5

SRPM
mod_nss-1.0.8-8.el5_10.src.rpm SHA-256: 1414d7b34922bd98898b3ea638af8b89de23428f60641157d5380af8ded6737a
x86_64
mod_nss-1.0.8-8.el5_10.x86_64.rpm SHA-256: 86ad836830fcf5cca4c5ad284ae645508a941dca37f2ba216f95f1958d444275
mod_nss-debuginfo-1.0.8-8.el5_10.x86_64.rpm SHA-256: c09fc7913a9545824c31a28c422b302419fef1d67278c0667cc13b4cb701b68c
i386
mod_nss-1.0.8-8.el5_10.i386.rpm SHA-256: 088993b95f129bf9568d84aa192583fe5bfe4a469b0a9ecceec62993ca95dc5a
mod_nss-debuginfo-1.0.8-8.el5_10.i386.rpm SHA-256: 87e526a50cd38bb3430bd37f9cabcb74202a0d9d81d3d3437d067e17e1be4d6f

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
s390x
mod_nss-1.0.8-19.el6_5.s390x.rpm SHA-256: f45c5bba53089358e0d6fd7ab87b60301fefecd7ac22f3524c75cedca2e436a5
mod_nss-debuginfo-1.0.8-19.el6_5.s390x.rpm SHA-256: dcbd773f40f647a397ca0626d70db7c35d0de974b9fcb86d8866efad7e7bbf30

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
mod_nss-1.0.8-8.el5_10.src.rpm SHA-256: 1414d7b34922bd98898b3ea638af8b89de23428f60641157d5380af8ded6737a
s390x
mod_nss-1.0.8-8.el5_10.s390x.rpm SHA-256: f4b686db386a1fd73cdd802ec8cb4f34fcd653b03c7a074b721b67db513ec519
mod_nss-debuginfo-1.0.8-8.el5_10.s390x.rpm SHA-256: f0de64047fb8a805194f1e35643e10688c34e1bab5418f70d1f90d519219df6d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.5

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
s390x
mod_nss-1.0.8-19.el6_5.s390x.rpm SHA-256: f45c5bba53089358e0d6fd7ab87b60301fefecd7ac22f3524c75cedca2e436a5
mod_nss-debuginfo-1.0.8-19.el6_5.s390x.rpm SHA-256: dcbd773f40f647a397ca0626d70db7c35d0de974b9fcb86d8866efad7e7bbf30

Red Hat Enterprise Linux for Power, big endian 6

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
ppc64
mod_nss-1.0.8-19.el6_5.ppc64.rpm SHA-256: 857f25cb6df52853b0c7cb811a34d7c57b7aef2285c98d0fc4f484550d64fb25
mod_nss-debuginfo-1.0.8-19.el6_5.ppc64.rpm SHA-256: 1660249121dcf0c27c46f8bb3bff80e72a82655c47ac336ffd580b3bf46b7a1e

Red Hat Enterprise Linux for Power, big endian 5

SRPM
mod_nss-1.0.8-8.el5_10.src.rpm SHA-256: 1414d7b34922bd98898b3ea638af8b89de23428f60641157d5380af8ded6737a
ppc
mod_nss-1.0.8-8.el5_10.ppc.rpm SHA-256: 60f66288e2d8b59d4d258f261f22e4d44989d7f89f0b867b0bcfa629431da49d
mod_nss-debuginfo-1.0.8-8.el5_10.ppc.rpm SHA-256: 18c9e8461c149b8957a8fceb4288efbeb0752fab44f992d8cae7da442591e7b0

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.5

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
ppc64
mod_nss-1.0.8-19.el6_5.ppc64.rpm SHA-256: 857f25cb6df52853b0c7cb811a34d7c57b7aef2285c98d0fc4f484550d64fb25
mod_nss-debuginfo-1.0.8-19.el6_5.ppc64.rpm SHA-256: 1660249121dcf0c27c46f8bb3bff80e72a82655c47ac336ffd580b3bf46b7a1e

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
x86_64
mod_nss-1.0.8-19.el6_5.x86_64.rpm SHA-256: 7aaee9e767c7394b1b9dec8d520173b8e05d6852879ec681b9fc9efff70a1b3a
mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm SHA-256: 72bd597a67b299b7f3f0c9be8344ffdc88fbe4fc8faac437a6b6579a8958119c

Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 6.5

SRPM
x86_64

Red Hat Enterprise Linux Server from RHUI 6

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
x86_64
mod_nss-1.0.8-19.el6_5.x86_64.rpm SHA-256: 7aaee9e767c7394b1b9dec8d520173b8e05d6852879ec681b9fc9efff70a1b3a
mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm SHA-256: 72bd597a67b299b7f3f0c9be8344ffdc88fbe4fc8faac437a6b6579a8958119c
i386
mod_nss-1.0.8-19.el6_5.i686.rpm SHA-256: a99ba153f50560eeec859cb94595e1971195b92f14c6ed3dc389eb4c56cbcaa1
mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm SHA-256: 30c2c8e5d4840383ecc6839f10c9f00f676f10b506cdb0a8d33dc89def26c568

Red Hat Enterprise Linux Server from RHUI 5

SRPM
mod_nss-1.0.8-8.el5_10.src.rpm SHA-256: 1414d7b34922bd98898b3ea638af8b89de23428f60641157d5380af8ded6737a
x86_64
mod_nss-1.0.8-8.el5_10.x86_64.rpm SHA-256: 86ad836830fcf5cca4c5ad284ae645508a941dca37f2ba216f95f1958d444275
mod_nss-debuginfo-1.0.8-8.el5_10.x86_64.rpm SHA-256: c09fc7913a9545824c31a28c422b302419fef1d67278c0667cc13b4cb701b68c
i386
mod_nss-1.0.8-8.el5_10.i386.rpm SHA-256: 088993b95f129bf9568d84aa192583fe5bfe4a469b0a9ecceec62993ca95dc5a
mod_nss-debuginfo-1.0.8-8.el5_10.i386.rpm SHA-256: 87e526a50cd38bb3430bd37f9cabcb74202a0d9d81d3d3437d067e17e1be4d6f

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.5

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
x86_64
mod_nss-1.0.8-19.el6_5.x86_64.rpm SHA-256: 7aaee9e767c7394b1b9dec8d520173b8e05d6852879ec681b9fc9efff70a1b3a
mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm SHA-256: 72bd597a67b299b7f3f0c9be8344ffdc88fbe4fc8faac437a6b6579a8958119c
i386
mod_nss-1.0.8-19.el6_5.i686.rpm SHA-256: a99ba153f50560eeec859cb94595e1971195b92f14c6ed3dc389eb4c56cbcaa1
mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm SHA-256: 30c2c8e5d4840383ecc6839f10c9f00f676f10b506cdb0a8d33dc89def26c568

Red Hat Enterprise Linux EUS Compute Node 6.5

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
x86_64
mod_nss-1.0.8-19.el6_5.x86_64.rpm SHA-256: 7aaee9e767c7394b1b9dec8d520173b8e05d6852879ec681b9fc9efff70a1b3a
mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm SHA-256: 72bd597a67b299b7f3f0c9be8344ffdc88fbe4fc8faac437a6b6579a8958119c

Red Hat Enterprise Linux Server - AUS 6.5

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
x86_64
mod_nss-1.0.8-19.el6_5.x86_64.rpm SHA-256: 7aaee9e767c7394b1b9dec8d520173b8e05d6852879ec681b9fc9efff70a1b3a
mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm SHA-256: 72bd597a67b299b7f3f0c9be8344ffdc88fbe4fc8faac437a6b6579a8958119c

Red Hat Enterprise Linux Server - TUS 6.5

SRPM
mod_nss-1.0.8-19.el6_5.src.rpm SHA-256: a81210f57409a9b40bbfac7acecd30e0c6d9d5908fa57da61ae6b09c1f7cbfa1
x86_64
mod_nss-1.0.8-19.el6_5.x86_64.rpm SHA-256: 7aaee9e767c7394b1b9dec8d520173b8e05d6852879ec681b9fc9efff70a1b3a
mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm SHA-256: 72bd597a67b299b7f3f0c9be8344ffdc88fbe4fc8faac437a6b6579a8958119c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.