- Issued:
- 2011-05-19
- Updated:
- 2011-05-19
RHBA-2011:0735 - Bug Fix Advisory
Synopsis
mod_nss bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated mod_nss package that fixes various bugs is now available for Red Hat
Enterprise Linux 6.
Description
The mod_nss module provides strong cryptography for the Apache HTTP Server via
the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols,
using the Network Security Services (NSS) security library.
This update fixes the following bugs:
- During the Apache HTTP Server startup, a race condition could prevent one or
more child processes from receiving the token PIN, rendering such processes
unable to use SSL. With this update, the race condition no longer occurs, and
all child processes of the Apache HTTP Server can enable SSL as expected.
(BZ#677700)
- Due to an incorrect use of the memcpy() function in the mod_nss module,
running the Apache HTTP Server with this module enabled could cause some
requests to fail with the following message written to the error_log file:
request failed: error reading the headers
This update applies a patch to ensure that the memcpy() function is now used in
accordance with the current specification, and using the mod_nss module no
longer causes HTTP requests to fail. (BZ#682326)
- Under certain circumstances, a large "POST" request could cause the mod_nss
module to enter an infinite loop. With this update, the underlying source code
has been adapted to address this issue, and mod_nss now works as expected.
(BZ#634687)
- The mod_nss module is shipped with the gencert utility that generates the
default NSS database. Prior to this update, this utility was installed without
any documentation on its usage. This error has been fixed, and a manual page for
gencert is now included as expected. (BZ#605376)
All users of mod_nss are advised to upgrade to this updated package, which fixes
these bugs.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6 x86_64
Fixes
- BZ - 605376 - mod_nss lacks a man page for gencert
- BZ - 634687 - Large POST may cause loop in mod_nss
- BZ - 677700 - Lack of interlock between nss processes to pcache causes httpd failure
- BZ - 682326 - https://server.testrelm/ipa/xml: Bad Request intermittent errors
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 6
SRPM | |
---|---|
mod_nss-1.0.8-12.el6.src.rpm | SHA-256: 3882dbfdcc152292be10add9411cdf796f9af06dd8d21f2bda77584c6b9a7ab5 |
x86_64 | |
mod_nss-1.0.8-12.el6.x86_64.rpm | SHA-256: d1019a68754db76858306b4e6d1a3101df01a30add80a0aec2c180d452ebb574 |
mod_nss-debuginfo-1.0.8-12.el6.x86_64.rpm | SHA-256: 3904cfad1b671c3ceb1348002f5d73db96b0cd402ec9230ee765a3020aaba5d6 |
i386 | |
mod_nss-1.0.8-12.el6.i686.rpm | SHA-256: e446f281f1217c308e4de965c52702bc56d8b5d0ac34a7ad1a063e9d64c6af9e |
mod_nss-debuginfo-1.0.8-12.el6.i686.rpm | SHA-256: 8d19ef4e8e68d3e76e9b1dbb0f89650ec57792e7ce089dd3e6dce5e57e5d0723 |
Red Hat Enterprise Linux Server from RHUI 6
SRPM | |
---|---|
mod_nss-1.0.8-12.el6.src.rpm | SHA-256: 3882dbfdcc152292be10add9411cdf796f9af06dd8d21f2bda77584c6b9a7ab5 |
x86_64 | |
mod_nss-1.0.8-12.el6.x86_64.rpm | SHA-256: d1019a68754db76858306b4e6d1a3101df01a30add80a0aec2c180d452ebb574 |
mod_nss-debuginfo-1.0.8-12.el6.x86_64.rpm | SHA-256: 3904cfad1b671c3ceb1348002f5d73db96b0cd402ec9230ee765a3020aaba5d6 |
i386 | |
mod_nss-1.0.8-12.el6.i686.rpm | SHA-256: e446f281f1217c308e4de965c52702bc56d8b5d0ac34a7ad1a063e9d64c6af9e |
mod_nss-debuginfo-1.0.8-12.el6.i686.rpm | SHA-256: 8d19ef4e8e68d3e76e9b1dbb0f89650ec57792e7ce089dd3e6dce5e57e5d0723 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
SRPM | |
---|---|
mod_nss-1.0.8-12.el6.src.rpm | SHA-256: 3882dbfdcc152292be10add9411cdf796f9af06dd8d21f2bda77584c6b9a7ab5 |
x86_64 | |
mod_nss-1.0.8-12.el6.x86_64.rpm | SHA-256: d1019a68754db76858306b4e6d1a3101df01a30add80a0aec2c180d452ebb574 |
mod_nss-debuginfo-1.0.8-12.el6.x86_64.rpm | SHA-256: 3904cfad1b671c3ceb1348002f5d73db96b0cd402ec9230ee765a3020aaba5d6 |
i386 | |
mod_nss-1.0.8-12.el6.i686.rpm | SHA-256: e446f281f1217c308e4de965c52702bc56d8b5d0ac34a7ad1a063e9d64c6af9e |
mod_nss-debuginfo-1.0.8-12.el6.i686.rpm | SHA-256: 8d19ef4e8e68d3e76e9b1dbb0f89650ec57792e7ce089dd3e6dce5e57e5d0723 |
Red Hat Enterprise Linux Workstation 6
SRPM | |
---|---|
mod_nss-1.0.8-12.el6.src.rpm | SHA-256: 3882dbfdcc152292be10add9411cdf796f9af06dd8d21f2bda77584c6b9a7ab5 |
x86_64 | |
mod_nss-1.0.8-12.el6.x86_64.rpm | SHA-256: d1019a68754db76858306b4e6d1a3101df01a30add80a0aec2c180d452ebb574 |
mod_nss-debuginfo-1.0.8-12.el6.x86_64.rpm | SHA-256: 3904cfad1b671c3ceb1348002f5d73db96b0cd402ec9230ee765a3020aaba5d6 |
i386 | |
mod_nss-1.0.8-12.el6.i686.rpm | SHA-256: e446f281f1217c308e4de965c52702bc56d8b5d0ac34a7ad1a063e9d64c6af9e |
mod_nss-debuginfo-1.0.8-12.el6.i686.rpm | SHA-256: 8d19ef4e8e68d3e76e9b1dbb0f89650ec57792e7ce089dd3e6dce5e57e5d0723 |
Red Hat Enterprise Linux Desktop 6
SRPM | |
---|---|
mod_nss-1.0.8-12.el6.src.rpm | SHA-256: 3882dbfdcc152292be10add9411cdf796f9af06dd8d21f2bda77584c6b9a7ab5 |
x86_64 | |
mod_nss-1.0.8-12.el6.x86_64.rpm | SHA-256: d1019a68754db76858306b4e6d1a3101df01a30add80a0aec2c180d452ebb574 |
mod_nss-debuginfo-1.0.8-12.el6.x86_64.rpm | SHA-256: 3904cfad1b671c3ceb1348002f5d73db96b0cd402ec9230ee765a3020aaba5d6 |
i386 | |
mod_nss-1.0.8-12.el6.i686.rpm | SHA-256: e446f281f1217c308e4de965c52702bc56d8b5d0ac34a7ad1a063e9d64c6af9e |
mod_nss-debuginfo-1.0.8-12.el6.i686.rpm | SHA-256: 8d19ef4e8e68d3e76e9b1dbb0f89650ec57792e7ce089dd3e6dce5e57e5d0723 |
Red Hat Enterprise Linux for IBM z Systems 6
SRPM | |
---|---|
mod_nss-1.0.8-12.el6.src.rpm | SHA-256: 3882dbfdcc152292be10add9411cdf796f9af06dd8d21f2bda77584c6b9a7ab5 |
s390x | |
mod_nss-1.0.8-12.el6.s390x.rpm | SHA-256: b46a2b93d79793658da1489224cf842adff2bdba105982f06e526727291503f9 |
mod_nss-debuginfo-1.0.8-12.el6.s390x.rpm | SHA-256: 3d5668f4814bd8d7f0e98debeaee5306d42df9b3fda5376ab7d0394f0ab3ac82 |
Red Hat Enterprise Linux for Power, big endian 6
SRPM | |
---|---|
mod_nss-1.0.8-12.el6.src.rpm | SHA-256: 3882dbfdcc152292be10add9411cdf796f9af06dd8d21f2bda77584c6b9a7ab5 |
ppc64 | |
mod_nss-1.0.8-12.el6.ppc64.rpm | SHA-256: 9f171324b5400fec87b0b9dab2bce1b9f847e08287e76af08542fac28ef17ab4 |
mod_nss-debuginfo-1.0.8-12.el6.ppc64.rpm | SHA-256: 5272273773b82252fbc577ba58024736be33adc66450021a06f2139a7110b188 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
SRPM | |
---|---|
mod_nss-1.0.8-12.el6.src.rpm | SHA-256: 3882dbfdcc152292be10add9411cdf796f9af06dd8d21f2bda77584c6b9a7ab5 |
s390x | |
mod_nss-1.0.8-12.el6.s390x.rpm | SHA-256: b46a2b93d79793658da1489224cf842adff2bdba105982f06e526727291503f9 |
mod_nss-debuginfo-1.0.8-12.el6.s390x.rpm | SHA-256: 3d5668f4814bd8d7f0e98debeaee5306d42df9b3fda5376ab7d0394f0ab3ac82 |
Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6
SRPM | |
---|---|
mod_nss-1.0.8-12.el6.src.rpm | SHA-256: 3882dbfdcc152292be10add9411cdf796f9af06dd8d21f2bda77584c6b9a7ab5 |
x86_64 | |
mod_nss-1.0.8-12.el6.x86_64.rpm | SHA-256: d1019a68754db76858306b4e6d1a3101df01a30add80a0aec2c180d452ebb574 |
mod_nss-debuginfo-1.0.8-12.el6.x86_64.rpm | SHA-256: 3904cfad1b671c3ceb1348002f5d73db96b0cd402ec9230ee765a3020aaba5d6 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.