SUSE-SU-2016:2329-1

Source
https://www.suse.com/support/update/announcement/2016/suse-su-20162329-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:2329-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2016:2329-1
Related
Published
2016-09-16T15:19:20Z
Modified
2016-09-16T15:19:20Z
Summary
Security update for apache2-mod_nss
Details

This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements:

  • SHA256 cipher names change spelling from *sha256 to *sha_256.
  • Drop modnssmigrate.pl and use upstream migrate script instead.
  • Check for Apache user owner/group read permissions of NSS database at startup.
  • Update default ciphers to something more modern and secure.
  • Check for host and netstat commands in gencert before trying to use them.
  • Don't ignore NSSProtocol when NSSFIPS is enabled.
  • Use proper shell syntax to avoid creating /0 in gencert.
  • Add server support for DHE ciphers.
  • Extract SAN from server/client certificates into env.
  • Fix memory leaks and other coding issues caught by clang analyzer.
  • Add support for Server Name Indication (SNI)
  • Add support for SNI for reverse proxy connections.
  • Add RenegBufferSize? option.
  • Add support for TLS Session Tickets (RFC 5077).
  • Implement a slew more OpenSSL cipher macros.
  • Fix a number of illegal memory accesses and memory leaks.
  • Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against.
  • Add the SECURE_RENEG environment variable.
  • Add some hints when NSS database cannot be initialized.
  • Code cleanup including trailing whitespace and compiler warnings.
  • Modernize autotools configuration slightly, add config.h.
  • Add small test suite for SNI.
  • Add compatibility for mod_ssl-style cipher definitions.
  • Add Camelia ciphers.
  • Remove Fortezza ciphers.
  • Add TLSv1.2-specific ciphers.
  • Initialize cipher list when re-negotiating handshake.
  • Completely remove support for SSLv2.
  • Add support for sqlite NSS databases.
  • Compare subject CN and VS hostname during server start up.
  • Add support for enabling TLS v1.2.
  • Don't enable SSL 3 by default. (CVE-2014-3566)
  • Improve protocol testing.
  • Add nss_pcache man page.
  • Fix argument handling in nss_pcache.
  • Support httpd 2.4+.
  • Allow users to configure a helper to ask for certificate passphrases via NSSPassPhraseDialog. (bsc#975394)
References

Affected packages

SUSE:OpenStack Cloud 5 / apache2-mod_nss

Package

Name
apache2-mod_nss
Purl
pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20OpenStack%20Cloud%205

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.14-0.4.25.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-mod_nss": "1.0.14-0.4.25.1"
        }
    ]
}

SUSE:Manager 2.1 / apache2-mod_nss

Package

Name
apache2-mod_nss
Purl
pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Manager%202.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.14-0.4.25.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-mod_nss": "1.0.14-0.4.25.1"
        }
    ]
}

SUSE:Manager Proxy 2.1 / apache2-mod_nss

Package

Name
apache2-mod_nss
Purl
pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Manager%20Proxy%202.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.14-0.4.25.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-mod_nss": "1.0.14-0.4.25.1"
        }
    ]
}

SUSE:Linux Enterprise Point of Sale 11 SP3 / apache2-mod_nss

Package

Name
apache2-mod_nss
Purl
pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.14-0.4.25.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-mod_nss": "1.0.14-0.4.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP2-LTSS / apache2-mod_nss

Package

Name
apache2-mod_nss
Purl
pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.14-0.4.25.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-mod_nss": "1.0.14-0.4.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-LTSS / apache2-mod_nss

Package

Name
apache2-mod_nss
Purl
pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.14-0.4.25.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-mod_nss": "1.0.14-0.4.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-TERADATA / apache2-mod_nss

Package

Name
apache2-mod_nss
Purl
pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.14-0.4.25.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-mod_nss": "1.0.14-0.4.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4 / apache2-mod_nss

Package

Name
apache2-mod_nss
Purl
pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.14-0.4.25.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-mod_nss": "1.0.14-0.4.25.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 11 SP4 / apache2-mod_nss

Package

Name
apache2-mod_nss
Purl
pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.14-0.4.25.1

Ecosystem specific

{
    "binaries": [
        {
            "apache2-mod_nss": "1.0.14-0.4.25.1"
        }
    ]
}