SUSE-SU-2016:2329-1
- Source
- https://www.suse.com/support/update/announcement/2016/suse-su-20162329-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:2329-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2016:2329-1
- Related
- Published
- 2016-09-16T15:19:20Z
- Modified
- 2016-09-16T15:19:20Z
- Summary
- Security update for apache2-mod_nss
- Details
-
This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements:
- SHA256 cipher names change spelling from *sha256 to *sha_256.
- Drop modnssmigrate.pl and use upstream migrate script instead.
- Check for Apache user owner/group read permissions of NSS database at startup.
- Update default ciphers to something more modern and secure.
- Check for host and netstat commands in gencert before trying to use them.
- Don't ignore NSSProtocol when NSSFIPS is enabled.
- Use proper shell syntax to avoid creating /0 in gencert.
- Add server support for DHE ciphers.
- Extract SAN from server/client certificates into env.
- Fix memory leaks and other coding issues caught by clang analyzer.
- Add support for Server Name Indication (SNI)
- Add support for SNI for reverse proxy connections.
- Add RenegBufferSize? option.
- Add support for TLS Session Tickets (RFC 5077).
- Implement a slew more OpenSSL cipher macros.
- Fix a number of illegal memory accesses and memory leaks.
- Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against.
- Add the SECURE_RENEG environment variable.
- Add some hints when NSS database cannot be initialized.
- Code cleanup including trailing whitespace and compiler warnings.
- Modernize autotools configuration slightly, add config.h.
- Add small test suite for SNI.
- Add compatibility for mod_ssl-style cipher definitions.
- Add Camelia ciphers.
- Remove Fortezza ciphers.
- Add TLSv1.2-specific ciphers.
- Initialize cipher list when re-negotiating handshake.
- Completely remove support for SSLv2.
- Add support for sqlite NSS databases.
- Compare subject CN and VS hostname during server start up.
- Add support for enabling TLS v1.2.
- Don't enable SSL 3 by default. (CVE-2014-3566)
- Improve protocol testing.
- Add nss_pcache man page.
- Fix argument handling in nss_pcache.
- Support httpd 2.4+.
- Allow users to configure a helper to ask for certificate passphrases via NSSPassPhraseDialog. (bsc#975394)
- References
Affected packages
SUSE:OpenStack Cloud 5 / apache2-mod_nss
Package
- Name
- apache2-mod_nss
- Purl
- purl:rpm/suse/apache2-mod_nss&distro=SUSE%20OpenStack%20Cloud%205
SUSE:Manager 2.1 / apache2-mod_nss
Package
- Name
- apache2-mod_nss
- Purl
- purl:rpm/suse/apache2-mod_nss&distro=SUSE%20Manager%202.1
SUSE:Manager Proxy 2.1 / apache2-mod_nss
Package
- Name
- apache2-mod_nss
- Purl
- purl:rpm/suse/apache2-mod_nss&distro=SUSE%20Manager%20Proxy%202.1
SUSE:Linux Enterprise Point of Sale 11 SP3 / apache2-mod_nss
Package
- Name
- apache2-mod_nss
- Purl
- purl:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3
SUSE:Linux Enterprise Server 11 SP2-LTSS / apache2-mod_nss
Package
- Name
- apache2-mod_nss
- Purl
- purl:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS
SUSE:Linux Enterprise Server 11 SP3-LTSS / apache2-mod_nss
Package
- Name
- apache2-mod_nss
- Purl
- purl:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS
SUSE:Linux Enterprise Server 11 SP3-TERADATA / apache2-mod_nss
Package
- Name
- apache2-mod_nss
- Purl
- purl:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA
SUSE:Linux Enterprise Server 11 SP4 / apache2-mod_nss
Package
- Name
- apache2-mod_nss
- Purl
- purl:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4