ELSA-2016-2602

Опубликовано: 09 нояб. 2016

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2016-2602: mod_nss security, bug fix, and enhancement update (LOW)

[1.0.14-7]

Add the permission patch to the repository (#1312583)

[1.0.14-6]

Check the NSS certificate database directory for read permissions by the Apache user. (#1312583)

[1.0.14-5]

Update clean semaphore patch to not free the pinList twice. (#1364560)

[1.0.14-4]

Update clean semaphore patch to not close pipe twice and to shutdown NSS database (#1364560)

[1.0.14-3]

Clean up semaphore in nss_pcache on shutdown (#1364560)

[1.0.14-2]

mod_nss sets r->user in fixup even if it was long ago changed by other module (#1347298)

[1.0.14-1]

Rebase to 1.0.14 (#1299063)
Add support for Server Name Indication (SNI) (#1053327)
Use upstream method to not execute live tests as root (#1256887)
Always call SSL_ShutdownServerSessionIDCache() in ModuleKill (#1263301, #1296685)
Don't require NSSProxyNickname (#1280287)
Make link to libnssckbi.so an absolute link (#1288471)
Fail for colons in credentials with FakeBasicAuth (#1295970)
Don't ignore NSSProtocol when NSSFIPS is enabled (#1312491)
Check filesystem permissions on NSS database at startup (#1312583)
OpenSSL ciphers stopped parsing at +, CVE-2016-3099 (#1323913)
Patch to match available ciphers so tests pass (#1299063)
Patch to fix tests in brew (#1299063)

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

mod_nss

1.0.14-7.el7

Связанные CVE

CVE-2016-3099

Ссылки на источники

Связанные уязвимости

CVE-2016-3099

CVSS3: 7.5

ubuntu

около 8 лет назад

mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.