| Revision Date: | 2014-07-21 | Version: | 14 | | Title: | ELSA-2012:0973: nss, nss-util, and nspr security, bug fix, and enhancement update (Moderate) | | Description: | Network Security Services (NSS) is a set of libraries designed to supportthe cross-platform development of security-enabled client and serverapplications. Netscape Portable Runtime (NSPR) provides platformindependence for non-GUI operating system facilities.It was found that a Certificate Authority (CA) issued a subordinate CAcertificate to its customer, that could be used to issue certificates forany name. This update renders the subordinate CA certificate as untrusted.(BZ#798533)Note: This fix only applies to applications using the NSS Builtin ObjectToken. It does not render the certificates untrusted for applications thatuse the NSS library, but do not use the NSS Builtin Object Token.The nspr package has been upgraded to upstream version 4.9, which providesa number of bug fixes and enhancements over the previous version.(BZ#799193)The nss-util package has been upgraded to upstream version 3.13.3, whichprovides a number of bug fixes and enhancements over the previous version.(BZ#799192)The nss package has been upgraded to upstream version 3.13.3, whichprovides numerous bug fixes and enhancements over the previous version. Inparticular, SSL 2.0 is now disabled by default, support for SHA-224 hasbeen added, PORT_ErrorToString and PORT_ErrorToName now return the errormessage and symbolic name of an NSS error code, and NSS_GetVersion nowreturns the NSS version string. (BZ#744070)These updated nss, nss-util, and nspr packages also provide fixes for thefollowing bugs:* A PEM module internal function did not clean up memory when detecting anon-existent file name. Consequently, memory leaks in client code occurred.The code has been improved to deallocate such temporary objects and as aresult the reported memory leakage is gone. (BZ#746632)* Recent changes to NSS re-introduced a problem where applications couldnot use multiple SSL client certificates in the same process. Therefore,any attempt to run commands that worked with multiple SSL clientcertificates, such as the "yum repolist" command, resulted in are-negotiation handshake failure. With this update, a revised patchcorrecting this problem has been applied to NSS, and using multiple SSLclient certificates in the same process is now possible again. (BZ#761086)* The PEM module did not fully initialize newly constructed objects withfunction pointers set to NULL. Consequently, a segmentation violation inlibcurl was sometimes experienced while accessing a package repository.With this update, the code has been changed to fully initialize newlyallocated objects. As a result, updates can now be installed withoutproblems. (BZ#768669)* A lack-of-robustness flaw caused the administration server for Red HatDirectory Server to terminate unexpectedly because the mod_nss module madenss calls before initializing nss as per the documented API. With thisupdate, nss protects itself against being called before it has beenproperly initialized by the caller. (BZ#784674)* Compilation errors occurred with some compilers when compiling codeagainst NSS 3.13.1. The following error message was displayed:pkcs11n.h:365:26: warning: "__GNUC_MINOR" is not definedAn upstream patch has been applied to improve the code and the problem nolonger occurs. (BZ#795693)* Unexpected terminations were reported in the messaging daemon (qpidd)included in Red Hat Enterprise MRG after a recent update to nss. Thisoccurred because qpidd made nss calls before initializing nss. Theseupdated packages prevent qpidd and other affected processes that call nsswithout initializing as mandated by the API from crashing. (BZ#797426)Users of NSS, NSPR, and nss-util are advised to upgrade to these updatedpackages, which fix these issues and add these enhancements. Afterinstalling this update, applications using NSS, NSPR, or nss-util must berestarted for this update to take effect. | | Family: | unix | Class: | patch | | Status: | ACCEPTED | Reference(s): | ELSA-2012:0973-04
| | Platform(s): | Oracle Linux 6
| Product(s): | nspr
nss
nss-util
| | Definition Synopsis | | Oracle Linux 6.x AND rpm test
nspr is earlier than 0:4.9-1.el6
OR nspr-devel is earlier than 0:4.9-1.el6
OR nss-util is earlier than 0:3.13.3-2.el6
OR nss-util-devel is earlier than 0:3.13.3-2.el6
OR nss-tools is earlier than 0:3.13.3-6.el6
OR nss-pkcs11-devel is earlier than 0:3.13.3-6.el6
OR nss-sysinit is earlier than 0:3.13.3-6.el6
OR nss is earlier than 0:3.13.3-6.el6
OR nss-devel is earlier than 0:3.13.3-6.el6
|
|