| Description: | Network Security Services (NSS) is a set of libraries designed to supportthe cross-platform development of security-enabled client and serverapplications. Netscape Portable Runtime (NSPR) provides platformindependence for non-GUI operating system facilities.It was found that a Certificate Authority (CA) mis-issued two intermediatecertificates to customers. These certificates could be used to launchman-in-the-middle attacks. This update renders those certificates asuntrusted. This covers all uses of the certificates, including SSL, S/MIME,and code signing. (BZ#890605)In addition, the nss package has been upgraded to upstream version 3.13.6,and the nspr package has been upgraded to upstream version 4.9.2. Theseupdates provide a number of bug fixes and enhancements over the previousversions. (BZ#893371, BZ#893372)All NSS and NSPR users should upgrade to these updated packages, whichcorrect these issues and add these enhancements. After installing theupdate, applications using NSS and NSPR must be restarted for the changesto take effect. |