Skip to navigation

Security Advisory Important: nss security update

Advisory: RHSA-2012:0532-1
Type: Security Advisory
Severity: Important
Issued on: 2012-04-30
Last updated on: 2012-04-30
Affected Products: Red Hat Enterprise Linux EUS (v. 5.6.z server)
Red Hat Enterprise Linux Long Life (v. 5.6 server)

Details

Updated nss packages that fix one security issue are now available for Red
Hat Enterprise Linux 5.6 Extended Update Support

The Red Hat Security Response Team has rated this update as having
important security impact.

Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.

It was found that a Certificate Authority (CA) issued fraudulent HTTPS
certificates. This update renders any HTTPS certificates signed by that CA
as untrusted. This covers all uses of the certificates, including SSL,
S/MIME, and code signing. (BZ#734316)

Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that
use the NSS library, but do not use the NSS Builtin Object Token.

All NSS users should upgrade to these updated packages, which correct this
issue. After installing the update, applications using NSS must be
restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux EUS (v. 5.6.z server)

SRPMS:
nss-3.12.8-6.el5_6.src.rpm
File outdated by:  RHSA-2013:1841
    MD5: 30f5b4312b0fbf1f0846e6aee7012062
SHA-256: bcce9db82d903edbc6e10655f1e274b57628d3a401b29297968bf2e0088e0fd8
 
IA-32:
nss-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: 7e8777a9cb8e8f95fe60891b15e67f7a
SHA-256: 187178d676ede2561192fa4052489744e40d2b91dbc1762bea3daab0fca424c3
nss-devel-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: c1bb52a5148a757294264d898923bd78
SHA-256: 3f42b288f3ed6d404a8a0976c7c5ad1a57f66f7b00ae9309e392843c3155b778
nss-pkcs11-devel-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: 7515d466f0b59db461efce663e16b11e
SHA-256: 551401aa1356a19f37566aeaa45fb1667025781d67e5690efd780f022f8a7dfd
nss-tools-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: e9e2b178cbb938a274e9a6bce92bef6a
SHA-256: 85b91f7e231a05cc91e157acb7061c0171acb201629735399fb6b3d6b9471957
 
IA-64:
nss-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: 7e8777a9cb8e8f95fe60891b15e67f7a
SHA-256: 187178d676ede2561192fa4052489744e40d2b91dbc1762bea3daab0fca424c3
nss-3.12.8-6.el5_6.ia64.rpm
File outdated by:  RHSA-2013:1841
    MD5: c1fb6e91ab3f6e828c652a081117b883
SHA-256: 6043e02bd973af67698b9d4d9bd1cd3bdbec884f4eb6da6aac3884950f91f23d
nss-devel-3.12.8-6.el5_6.ia64.rpm
File outdated by:  RHSA-2013:1841
    MD5: 8741ae983bf43d9204c31bd5c943b622
SHA-256: b44d25d847d9c7d59f194fd1b1c055d4bd45eb80ba6078a0daa9b1af26f4b279
nss-pkcs11-devel-3.12.8-6.el5_6.ia64.rpm
File outdated by:  RHSA-2013:1841
    MD5: f0aaaca739f64f9e45087040afb88004
SHA-256: 55824bd47a1fad6fba2af155240d61ef0238eb031b620954574187a2d0d3d792
nss-tools-3.12.8-6.el5_6.ia64.rpm
File outdated by:  RHSA-2013:1841
    MD5: 4fe98a67eff09b7dc447725a5fab9edd
SHA-256: 73b7af1511b4e88a33370ec1bd3ff002a13f6faeafaf086860f6587bb176275f
 
PPC:
nss-3.12.8-6.el5_6.ppc.rpm
File outdated by:  RHSA-2013:1841
    MD5: 37f9f7117310c9994774854a0d3d5383
SHA-256: a0d939029a5ef03a3a0c07bc3cca0f2ac90edb611a757d0174443a5fc12fd3a7
nss-3.12.8-6.el5_6.ppc64.rpm
File outdated by:  RHSA-2013:1841
    MD5: 3db65bfe095aa69bf3d12ebbb7066d4a
SHA-256: ed3bfb9e3623649ad45f1dd71ff087efe84b2036448ab94231e0820f161cc694
nss-devel-3.12.8-6.el5_6.ppc.rpm
File outdated by:  RHSA-2013:1841
    MD5: 151c3ec5de104d8613a1d8c7026ded8b
SHA-256: c849f07735925a6d160ced6ef9e8c28afdb9efc8685d7ed2916331a954562369
nss-devel-3.12.8-6.el5_6.ppc64.rpm
File outdated by:  RHSA-2013:1841
    MD5: d000a3bbff2be573e4bb934244aaa118
SHA-256: fc244cc7f0d3c16fbfa1fb49b694da1525ee8403a221f0373430679b8e7ef553
nss-pkcs11-devel-3.12.8-6.el5_6.ppc.rpm
File outdated by:  RHSA-2013:1841
    MD5: 891ff264356241668f2a82185a32f1f9
SHA-256: 2388503153050517f7f1f451875bbdd260c9c217eb52fd0c881f57c9c15bc65b
nss-pkcs11-devel-3.12.8-6.el5_6.ppc64.rpm
File outdated by:  RHSA-2013:1841
    MD5: bdbba257efac2a48b8067e33be41eeb0
SHA-256: 14038dd275b7498297d08ddd6ecbe92533d5765411b088d2fbf78a71a43970dd
nss-tools-3.12.8-6.el5_6.ppc.rpm
File outdated by:  RHSA-2013:1841
    MD5: 7cfb26dc25c8b4320699982cbbe130b9
SHA-256: aa79c9b985ebb6df01f7ed42f831e2cf7835ef767ddb531a3d1bf2518113bf7f
 
s390x:
nss-3.12.8-6.el5_6.s390.rpm
File outdated by:  RHSA-2013:1841
    MD5: 92f56c20f3cf90760949d6a65a6eea0a
SHA-256: 6153499522db7ee40a9063825797a5065e7596055f8f4fd84a49ff36925ccbda
nss-3.12.8-6.el5_6.s390x.rpm
File outdated by:  RHSA-2013:1841
    MD5: 1c571281fc0d06c8ac2df9281b269877
SHA-256: 8a641b81e1abcb0c5e1c3989969add547a1402e42bb4b6ddbdb89119822f8651
nss-devel-3.12.8-6.el5_6.s390.rpm
File outdated by:  RHSA-2013:1841
    MD5: 6aaf7aff4e8272e9bd32e197a02d9ffd
SHA-256: 782be6553c3d7ff6f063c5417a52a08287649015bd7df7b6d465fd35d35f18f8
nss-devel-3.12.8-6.el5_6.s390x.rpm
File outdated by:  RHSA-2013:1841
    MD5: 5a3bcbf6dd090cdbbbba79914916b79e
SHA-256: cea3cc82c380ab752f693e1bd5ed1e02cd66372a769784ec6041d69a370d3667
nss-pkcs11-devel-3.12.8-6.el5_6.s390.rpm
File outdated by:  RHSA-2013:1841
    MD5: fc071568cbbb95085360cf19ca5340ff
SHA-256: 8971f08edc2a737dc8f097cd8239a0ea0495bfcd3780c5720cd52eea992a2ba0
nss-pkcs11-devel-3.12.8-6.el5_6.s390x.rpm
File outdated by:  RHSA-2013:1841
    MD5: 8324b1d308bdfe976233f4d991f25355
SHA-256: 1cbd414a0b3e0af35ad696807e488788c662f3ed02585fee856deccd8843ce70
nss-tools-3.12.8-6.el5_6.s390x.rpm
File outdated by:  RHSA-2013:1841
    MD5: 43353e073a345dda21508f4f9f21ab93
SHA-256: df15ad3a9f801fe991d22b13d9da8a540e6d794a44c454ef2e7d8f865732b3fa
 
x86_64:
nss-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: 7e8777a9cb8e8f95fe60891b15e67f7a
SHA-256: 187178d676ede2561192fa4052489744e40d2b91dbc1762bea3daab0fca424c3
nss-3.12.8-6.el5_6.x86_64.rpm
File outdated by:  RHSA-2013:1841
    MD5: 0a9592088e97c2c007cf27cecdcb0b86
SHA-256: 7d66ba76928fd83564f4be9faed46e360e4c4e913aeeba2f117229bbcce5abe2
nss-devel-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: c1bb52a5148a757294264d898923bd78
SHA-256: 3f42b288f3ed6d404a8a0976c7c5ad1a57f66f7b00ae9309e392843c3155b778
nss-devel-3.12.8-6.el5_6.x86_64.rpm
File outdated by:  RHSA-2013:1841
    MD5: 45b0876d3f19e8c6ba6cf641ffe4e2a1
SHA-256: 365a9a0426d3d39bf888757d5ccf751ecc43cce93c3cd1464920f05cca9b0eb3
nss-pkcs11-devel-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: 7515d466f0b59db461efce663e16b11e
SHA-256: 551401aa1356a19f37566aeaa45fb1667025781d67e5690efd780f022f8a7dfd
nss-pkcs11-devel-3.12.8-6.el5_6.x86_64.rpm
File outdated by:  RHSA-2013:1841
    MD5: e868f380e5aba5adafb8c78dae3ac794
SHA-256: 6e34f9060312073ce3bd9124dabea8841fe63921b77cb1593f6587922c29322d
nss-tools-3.12.8-6.el5_6.x86_64.rpm
File outdated by:  RHSA-2013:1841
    MD5: 13d89cdf9c1830bbf4b90bc9c2ed2e7b
SHA-256: 24f263d26ae92b9790847ec6ce4f8602dac717f7b8653ec2052e6156a166631b
 
Red Hat Enterprise Linux Long Life (v. 5.6 server)

SRPMS:
nss-3.12.8-6.el5_6.src.rpm
File outdated by:  RHSA-2013:1841
    MD5: 30f5b4312b0fbf1f0846e6aee7012062
SHA-256: bcce9db82d903edbc6e10655f1e274b57628d3a401b29297968bf2e0088e0fd8
 
IA-32:
nss-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: 7e8777a9cb8e8f95fe60891b15e67f7a
SHA-256: 187178d676ede2561192fa4052489744e40d2b91dbc1762bea3daab0fca424c3
nss-devel-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: c1bb52a5148a757294264d898923bd78
SHA-256: 3f42b288f3ed6d404a8a0976c7c5ad1a57f66f7b00ae9309e392843c3155b778
nss-pkcs11-devel-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: 7515d466f0b59db461efce663e16b11e
SHA-256: 551401aa1356a19f37566aeaa45fb1667025781d67e5690efd780f022f8a7dfd
nss-tools-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: e9e2b178cbb938a274e9a6bce92bef6a
SHA-256: 85b91f7e231a05cc91e157acb7061c0171acb201629735399fb6b3d6b9471957
 
IA-64:
nss-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: 7e8777a9cb8e8f95fe60891b15e67f7a
SHA-256: 187178d676ede2561192fa4052489744e40d2b91dbc1762bea3daab0fca424c3
nss-3.12.8-6.el5_6.ia64.rpm
File outdated by:  RHSA-2013:1841
    MD5: c1fb6e91ab3f6e828c652a081117b883
SHA-256: 6043e02bd973af67698b9d4d9bd1cd3bdbec884f4eb6da6aac3884950f91f23d
nss-devel-3.12.8-6.el5_6.ia64.rpm
File outdated by:  RHSA-2013:1841
    MD5: 8741ae983bf43d9204c31bd5c943b622
SHA-256: b44d25d847d9c7d59f194fd1b1c055d4bd45eb80ba6078a0daa9b1af26f4b279
nss-pkcs11-devel-3.12.8-6.el5_6.ia64.rpm
File outdated by:  RHSA-2013:1841
    MD5: f0aaaca739f64f9e45087040afb88004
SHA-256: 55824bd47a1fad6fba2af155240d61ef0238eb031b620954574187a2d0d3d792
nss-tools-3.12.8-6.el5_6.ia64.rpm
File outdated by:  RHSA-2013:1841
    MD5: 4fe98a67eff09b7dc447725a5fab9edd
SHA-256: 73b7af1511b4e88a33370ec1bd3ff002a13f6faeafaf086860f6587bb176275f
 
x86_64:
nss-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: 7e8777a9cb8e8f95fe60891b15e67f7a
SHA-256: 187178d676ede2561192fa4052489744e40d2b91dbc1762bea3daab0fca424c3
nss-3.12.8-6.el5_6.x86_64.rpm
File outdated by:  RHSA-2013:1841
    MD5: 0a9592088e97c2c007cf27cecdcb0b86
SHA-256: 7d66ba76928fd83564f4be9faed46e360e4c4e913aeeba2f117229bbcce5abe2
nss-devel-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: c1bb52a5148a757294264d898923bd78
SHA-256: 3f42b288f3ed6d404a8a0976c7c5ad1a57f66f7b00ae9309e392843c3155b778
nss-devel-3.12.8-6.el5_6.x86_64.rpm
File outdated by:  RHSA-2013:1841
    MD5: 45b0876d3f19e8c6ba6cf641ffe4e2a1
SHA-256: 365a9a0426d3d39bf888757d5ccf751ecc43cce93c3cd1464920f05cca9b0eb3
nss-pkcs11-devel-3.12.8-6.el5_6.i386.rpm
File outdated by:  RHSA-2013:1841
    MD5: 7515d466f0b59db461efce663e16b11e
SHA-256: 551401aa1356a19f37566aeaa45fb1667025781d67e5690efd780f022f8a7dfd
nss-pkcs11-devel-3.12.8-6.el5_6.x86_64.rpm
File outdated by:  RHSA-2013:1841
    MD5: e868f380e5aba5adafb8c78dae3ac794
SHA-256: 6e34f9060312073ce3bd9124dabea8841fe63921b77cb1593f6587922c29322d
nss-tools-3.12.8-6.el5_6.x86_64.rpm
File outdated by:  RHSA-2013:1841
    MD5: 13d89cdf9c1830bbf4b90bc9c2ed2e7b
SHA-256: 24f263d26ae92b9790847ec6ce4f8602dac717f7b8653ec2052e6156a166631b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

734316 - Fraudulent certificates signed by DigiNotar CA certificate (MFSA 2011-34)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/