- Issued:
- 2011-04-04
- Updated:
- 2011-04-04
RHBA-2011:0411 - Bug Fix Advisory
Synopsis
mod_nss bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated mod_nss package that fixes NSS database permissions when
upgrading is now available for Red Hat Enterprise Linux 5.
Description
The mod_nss module provides strong cryptography for the Apache HTTP Server
via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
protocols, using the Network Security Services (NSS) security library.
This update addresses the following bug:
- The NSS database initializing sequence changed in mod_nss 1.0.8. As of
this version, the database is initialized in each Apache child rather than
in the main process. This change adheres to the PKCS #11 specification
which does not allow forking after a token is initialized. As a result the
NSS database needs to be readable by the user that Apache runs as. When
mod_nss 1.0.8 is newly installed, it generates a new database and ensures
file ownership is correct (ie is root:apache, mode 0640).
Previously, however, a bug in the %postinstall script meant the necessary
read permissions were not added correctly when upgrading from mod_nss 1.0.3
to 1.0.8. As a consequence, after upgrading from mod_nss 1.0.3 to mod_nss
1.0.8, the Apache server failed to start. This update corrects the error in
the %postinstall script and upgrading from mod_install 1.0.3 to 1.0.8 now
adds the necessary read permissions (and Apache starts as expected after
upgrading).
Note: as described above, this bug only presented when upgrading from
mod_install 1.0.3 to 1.0.8. New installs of 1.0.8 were not affected by this
bug. (BZ#679748)
All mod_nss users are advised to upgrade to this updated package, which
resolves this issue.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 ia64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 i386
- Red Hat Enterprise Linux Server - AUS 5.6 ia64
- Red Hat Enterprise Linux Server - AUS 5.6 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.6 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.6 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
- Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 x86_64
- Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 i386
- Red Hat Enterprise Linux Server - AUS 5.6 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
Fixes
- BZ - 679748 - mod_nss's postinstall script doesn't work properly
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
mod_nss-1.0.8-4.el5_6.1.src.rpm | SHA-256: 9d6c1ef348e68ee7403318e4b48d9e4f6c15b47ddaeb51c84869b25a48738e86 |
x86_64 | |
mod_nss-1.0.8-4.el5_6.1.x86_64.rpm | SHA-256: f13a80b237b75f09a92cd8d98de31701b3d5140a6b9c82b7509454e58e726b0d |
ia64 | |
mod_nss-1.0.8-4.el5_6.1.ia64.rpm | SHA-256: 010c9a2a0502585ee906833ce82926b45458209a0b9b06b16e9e844d04ab5152 |
i386 | |
mod_nss-1.0.8-4.el5_6.1.i386.rpm | SHA-256: 9f2e79a14fa7fc6a80cb6bdbdb8a9a8d0755e4ce8acf898f1a3d5764036bc508 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6
SRPM | |
---|---|
mod_nss-1.0.8-4.el5_6.1.src.rpm | SHA-256: 9d6c1ef348e68ee7403318e4b48d9e4f6c15b47ddaeb51c84869b25a48738e86 |
x86_64 | |
mod_nss-1.0.8-4.el5_6.1.x86_64.rpm | SHA-256: f13a80b237b75f09a92cd8d98de31701b3d5140a6b9c82b7509454e58e726b0d |
ia64 | |
mod_nss-1.0.8-4.el5_6.1.ia64.rpm | SHA-256: 010c9a2a0502585ee906833ce82926b45458209a0b9b06b16e9e844d04ab5152 |
i386 | |
mod_nss-1.0.8-4.el5_6.1.i386.rpm | SHA-256: 9f2e79a14fa7fc6a80cb6bdbdb8a9a8d0755e4ce8acf898f1a3d5764036bc508 |
Red Hat Enterprise Linux Server - AUS 5.6
SRPM | |
---|---|
mod_nss-1.0.8-4.el5_6.1.src.rpm | SHA-256: 9d6c1ef348e68ee7403318e4b48d9e4f6c15b47ddaeb51c84869b25a48738e86 |
ia64 | |
mod_nss-1.0.8-4.el5_6.1.ia64.rpm | SHA-256: 010c9a2a0502585ee906833ce82926b45458209a0b9b06b16e9e844d04ab5152 |
x86_64 | |
mod_nss-1.0.8-4.el5_6.1.x86_64.rpm | SHA-256: f13a80b237b75f09a92cd8d98de31701b3d5140a6b9c82b7509454e58e726b0d |
i386 | |
mod_nss-1.0.8-4.el5_6.1.i386.rpm | SHA-256: 9f2e79a14fa7fc6a80cb6bdbdb8a9a8d0755e4ce8acf898f1a3d5764036bc508 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
mod_nss-1.0.8-4.el5_6.1.src.rpm | SHA-256: 9d6c1ef348e68ee7403318e4b48d9e4f6c15b47ddaeb51c84869b25a48738e86 |
x86_64 | |
mod_nss-1.0.8-4.el5_6.1.x86_64.rpm | SHA-256: f13a80b237b75f09a92cd8d98de31701b3d5140a6b9c82b7509454e58e726b0d |
i386 | |
mod_nss-1.0.8-4.el5_6.1.i386.rpm | SHA-256: 9f2e79a14fa7fc6a80cb6bdbdb8a9a8d0755e4ce8acf898f1a3d5764036bc508 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
mod_nss-1.0.8-4.el5_6.1.src.rpm | SHA-256: 9d6c1ef348e68ee7403318e4b48d9e4f6c15b47ddaeb51c84869b25a48738e86 |
x86_64 | |
mod_nss-1.0.8-4.el5_6.1.x86_64.rpm | SHA-256: f13a80b237b75f09a92cd8d98de31701b3d5140a6b9c82b7509454e58e726b0d |
i386 | |
mod_nss-1.0.8-4.el5_6.1.i386.rpm | SHA-256: 9f2e79a14fa7fc6a80cb6bdbdb8a9a8d0755e4ce8acf898f1a3d5764036bc508 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.6
SRPM | |
---|---|
mod_nss-1.0.8-4.el5_6.1.src.rpm | SHA-256: 9d6c1ef348e68ee7403318e4b48d9e4f6c15b47ddaeb51c84869b25a48738e86 |
s390x | |
mod_nss-1.0.8-4.el5_6.1.s390x.rpm | SHA-256: 6d0a76688735f6578560b7582affc3a8c6e4daf58c565f66f26c28bec1d8e2f7 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
mod_nss-1.0.8-4.el5_6.1.src.rpm | SHA-256: 9d6c1ef348e68ee7403318e4b48d9e4f6c15b47ddaeb51c84869b25a48738e86 |
ppc | |
mod_nss-1.0.8-4.el5_6.1.ppc.rpm | SHA-256: a229d5bd5098f79326f4bc14e0ca30cb1adfea2d0b9854ae41718b612a261114 |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.6
SRPM | |
---|---|
mod_nss-1.0.8-4.el5_6.1.src.rpm | SHA-256: 9d6c1ef348e68ee7403318e4b48d9e4f6c15b47ddaeb51c84869b25a48738e86 |
ppc | |
mod_nss-1.0.8-4.el5_6.1.ppc.rpm | SHA-256: a229d5bd5098f79326f4bc14e0ca30cb1adfea2d0b9854ae41718b612a261114 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
mod_nss-1.0.8-4.el5_6.1.src.rpm | SHA-256: 9d6c1ef348e68ee7403318e4b48d9e4f6c15b47ddaeb51c84869b25a48738e86 |
x86_64 | |
mod_nss-1.0.8-4.el5_6.1.x86_64.rpm | SHA-256: f13a80b237b75f09a92cd8d98de31701b3d5140a6b9c82b7509454e58e726b0d |
i386 | |
mod_nss-1.0.8-4.el5_6.1.i386.rpm | SHA-256: 9f2e79a14fa7fc6a80cb6bdbdb8a9a8d0755e4ce8acf898f1a3d5764036bc508 |
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6
SRPM | |
---|---|
mod_nss-1.0.8-4.el5_6.1.src.rpm | SHA-256: 9d6c1ef348e68ee7403318e4b48d9e4f6c15b47ddaeb51c84869b25a48738e86 |
x86_64 | |
mod_nss-1.0.8-4.el5_6.1.x86_64.rpm | SHA-256: f13a80b237b75f09a92cd8d98de31701b3d5140a6b9c82b7509454e58e726b0d |
i386 | |
mod_nss-1.0.8-4.el5_6.1.i386.rpm | SHA-256: 9f2e79a14fa7fc6a80cb6bdbdb8a9a8d0755e4ce8acf898f1a3d5764036bc508 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
mod_nss-1.0.8-4.el5_6.1.src.rpm | SHA-256: 9d6c1ef348e68ee7403318e4b48d9e4f6c15b47ddaeb51c84869b25a48738e86 |
s390x | |
mod_nss-1.0.8-4.el5_6.1.s390x.rpm | SHA-256: 6d0a76688735f6578560b7582affc3a8c6e4daf58c565f66f26c28bec1d8e2f7 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.