| Description: | Network Security Services (NSS) is a set of libraries designed to supportthe development of security-enabled client and server applications.It was found that the Malaysia-based Digicert Sdn. Bhd. subordinateCertificate Authority (CA) issued HTTPS certificates with weak keys. Thisupdate renders any HTTPS certificates signed by that CA as untrusted. Thiscovers all uses of the certificates, including SSL, S/MIME, and codesigning. Note: Digicert Sdn. Bhd. is not the same company as found atdigicert.com. (BZ#751366)Note: This fix only applies to applications using the NSS Builtin ObjectToken. It does not render the certificates untrusted for applications thatuse the NSS library, but do not use the NSS Builtin Object Token.This update also fixes the following bug on Oracle Linux 5.x:* When using mod_nss with the Apache HTTP Server, a bug in NSS on Red HatEnterprise Linux 5 resulted in file descriptors leaking each time theApache HTTP Server was restarted with the "service httpd reload" command.This could have prevented the Apache HTTP Server from functioning properlyif all available file descriptors were consumed. (BZ#743508)For Red Hat Enterprise Linux 6, these updated packages upgrade NSS toversion 3.12.10. As well, they upgrade NSPR (Netscape Portable Runtime) toversion 4.8.8 and nss-util to version 3.12.10 on Red HatEnterprise Linux 6, as required by the NSS update. (BZ#735972, BZ#736272,BZ#735973)All NSS users should upgrade to these updated packages, which correct thisissue. After installing the update, applications using NSS must berestarted for the changes to take effect. In addition, on Red HatEnterprise Linux 6, applications using NSPR and nss-util must also berestarted. |