SUSE-SU-2016:2396-1

Source
https://www.suse.com/support/update/announcement/2016/suse-su-20162396-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:2396-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2016:2396-1
Related
Published
2016-09-27T13:12:22Z
Modified
2016-09-27T13:12:22Z
Summary
Security update for apache2-mod_nss
Details

This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements:

  • Fix OpenSSL ciphers stopped parsing at +. (CVE-2016-3099)
  • Created valgrind suppression files to ease debugging.
  • Implement SSLPPTYPEFILTER to call executables to get the key password pins.
  • Improvements to migrate.pl.
  • Update default ciphers to something more modern and secure.
  • Check for host and netstat commands in gencert before trying to use them.
  • Add server support for DHE ciphers.
  • Extract SAN from server/client certificates into env
  • Fix memory leaks and other coding issues caught by clang analyzer.
  • Add support for Server Name Indication (SNI).
  • Add support for SNI for reverse proxy connections.
  • Add RenegBufferSize? option.
  • Add support for TLS Session Tickets (RFC 5077).
  • Fix logical AND support in OpenSSL cipher compatibility.
  • Correctly handle disabled ciphers. (CVE-2015-5244)
  • Implement a slew more OpenSSL cipher macros.
  • Fix a number of illegal memory accesses and memory leaks.
  • Support for SHA384 ciphers if they are available in NSS.
  • Add compatibility for mod_ssl-style cipher definitions.
  • Add TLSv1.2-specific ciphers.
  • Completely remove support for SSLv2.
  • Add support for sqlite NSS databases.
  • Compare subject CN and VS hostname during server start up.
  • Add support for enabling TLS v1.2.
  • Don't enable SSL 3 by default. (CVE-2014-3566)
  • Fix CVE-2013-4566.
  • Move nss_pcache to /usr/libexec.
  • Support httpd 2.4+.
  • SHA256 cipher names change spelling from *sha256 to *sha_256.
  • Use apache2-systemd-ask-pass to prompt for a certificate passphrase. (bsc#972968, bsc#975394)
References

Affected packages

SUSE:Linux Enterprise Server for SAP Applications 12 / apache2-mod_nss

Package

Name
apache2-mod_nss
Purl
purl:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.14-10.14.3

Ecosystem specific

{
    "binaries": [
        {
            "apache2-mod_nss": "1.0.14-10.14.3"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / apache2-mod_nss

Package

Name
apache2-mod_nss
Purl
purl:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.14-10.14.3

Ecosystem specific

{
    "binaries": [
        {
            "apache2-mod_nss": "1.0.14-10.14.3"
        }
    ]
}