- Issued:
- 2009-01-20
- Updated:
- 2009-01-20
RHEA-2009:0075 - Product Enhancement Advisory
Synopsis
mod_nss enhancement update
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An enhanced mod_nss package is now available.
Description
mod_nss provides strong cryptography for the Apache Web server via the
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols,
using the Network Security Services (NSS) security library.
mod_proxy uses several functions that are provided by the OpenSSL-based
mod_ssl to provide SSL support for both forward and reverse proxies:
- ssl_proxy_enable
- ssl_engine_disable
- ssl_is_https
- ssl_var_lookup
mod_nss will now advertise these functions if mod_ssl is not loaded,
allowing mod_proxy to use mod_nss for its SSL functions instead. mod_ssl
can be disabled in one of two ways:
- By removing the package from the system
- By removing or renaming /etc/httpd/conf.d/ssl.conf
This patch also allows mod_nss to work with FIPS mode enabled. Previously,
if FIPS was enabled, mod_nss was unable to locate the Web server's SSL
certificate. This patch changes the logout and security policy settings in
NSS to fix the way mod_nss works in FIPS mode.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 338401 - mod_nss does not work with mod_proxy
- BZ - 450349 - Enabling FIPS mode does not work in mod_nss
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
mod_nss-1.0.3-6.el5.src.rpm | SHA-256: a461920feda3be40a08bb2042b69e4b59a7a02e7de246a555a6edcbc6fab45d6 |
x86_64 | |
mod_nss-1.0.3-6.el5.x86_64.rpm | SHA-256: c629e3b0f410c83b0e3d64841378e1a6d580a510904ef2ef112224f000698382 |
ia64 | |
mod_nss-1.0.3-6.el5.ia64.rpm | SHA-256: 79d30f78a083d56ed388bbef491053e76b9e65f778087f9c8d3dbbd8b195697c |
i386 | |
mod_nss-1.0.3-6.el5.i386.rpm | SHA-256: 7a0c6581eaae7222bda110bdb8e32b2206146e162b388d95425d3b80d1fdfa18 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
mod_nss-1.0.3-6.el5.src.rpm | SHA-256: a461920feda3be40a08bb2042b69e4b59a7a02e7de246a555a6edcbc6fab45d6 |
x86_64 | |
mod_nss-1.0.3-6.el5.x86_64.rpm | SHA-256: c629e3b0f410c83b0e3d64841378e1a6d580a510904ef2ef112224f000698382 |
i386 | |
mod_nss-1.0.3-6.el5.i386.rpm | SHA-256: 7a0c6581eaae7222bda110bdb8e32b2206146e162b388d95425d3b80d1fdfa18 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
mod_nss-1.0.3-6.el5.src.rpm | SHA-256: a461920feda3be40a08bb2042b69e4b59a7a02e7de246a555a6edcbc6fab45d6 |
x86_64 | |
mod_nss-1.0.3-6.el5.x86_64.rpm | SHA-256: c629e3b0f410c83b0e3d64841378e1a6d580a510904ef2ef112224f000698382 |
i386 | |
mod_nss-1.0.3-6.el5.i386.rpm | SHA-256: 7a0c6581eaae7222bda110bdb8e32b2206146e162b388d95425d3b80d1fdfa18 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
mod_nss-1.0.3-6.el5.src.rpm | SHA-256: a461920feda3be40a08bb2042b69e4b59a7a02e7de246a555a6edcbc6fab45d6 |
s390x | |
mod_nss-1.0.3-6.el5.s390x.rpm | SHA-256: 0fe8f8c1b73bd59d26fc7c1d4313bb808cf09399967caa75c2dbc53976127da2 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
mod_nss-1.0.3-6.el5.src.rpm | SHA-256: a461920feda3be40a08bb2042b69e4b59a7a02e7de246a555a6edcbc6fab45d6 |
ppc | |
mod_nss-1.0.3-6.el5.ppc.rpm | SHA-256: d90ff038e6e45a56aa17570afcca3f411f7aa2be5fd58a5f666be71dca68f3e0 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
mod_nss-1.0.3-6.el5.src.rpm | SHA-256: a461920feda3be40a08bb2042b69e4b59a7a02e7de246a555a6edcbc6fab45d6 |
x86_64 | |
mod_nss-1.0.3-6.el5.x86_64.rpm | SHA-256: c629e3b0f410c83b0e3d64841378e1a6d580a510904ef2ef112224f000698382 |
i386 | |
mod_nss-1.0.3-6.el5.i386.rpm | SHA-256: 7a0c6581eaae7222bda110bdb8e32b2206146e162b388d95425d3b80d1fdfa18 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.