Oval Definition:oval:com.redhat.rhsa:def:20162602
Revision Date:2016-11-03Version:639
Title:RHSA-2016:2602: mod_nss security, bug fix, and enhancement update (Low)
Description:The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library.

  • The following packages have been upgraded to a newer upstream version: mod_nss (1.0.14). (BZ#1299063)

    Security Fix(es):

  • A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. (CVE-2016-3099)

    This issue was discovered by Rob Crittenden (Red Hat).

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2016-3099
    RHSA-2016:2602
    RHSA-2016:2602-01
    RHSA-2016:2602-02
    RHSA-2016:2602-02
    Platform(s):Red Hat Enterprise Linux 7
    Red Hat Enterprise Linux 7 (please do not use for >= RHEL-7.5)
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND mod_nss is earlier than 0:1.0.14-7.el7
  • AND mod_nss is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • mod_nss is earlier than 0:1.0.14-7.el7
  • AND mod_nss is signed with Red Hat redhatrelease2 key
  • AND Package Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
    • BACK