Описание
Recommended update for apache2-mod_nss
This update brings several improvements to apache2-mod_nss.
*
More TLS 1.2 ciphers have been added, including AES-GCM and Camelia
ciphers. These can be selected by their tags:
o rsa_aes_128_sha256
o rsa_aes_128_gcm_sha
o rsa_aes_256_sha256
o rsa_camellia_128_sha
o rsa_camellia_256_sha
o ecdh_ecdsa_aes_128_gcm_sha
o ecdhe_ecdsa_aes_128_sha256
o ecdhe_ecdsa_aes_128_gcm_sha
o ecdh_rsa_aes_128_gcm_sha
o ecdhe_rsa_aes_128_sha256
*
The mod_nss.conf.in template was updated to include those ciphers.
(bnc#863035)
*
VirtualHost settings in /etc/apache2/conf.d/mod_nss.conf is now
externalized to /etc/apache2/vhosts.d/vhost-nss.template and not
activated/read by default. (bnc#878681)
*
The Server Name Indication (SNI) extension was implemented.
*
Reading the pass phrase during start-up was improved. (bnc#863518)
Список пакетов
SUSE Linux Enterprise Server 11 SP3
apache2-mod_nss-1.0.8-0.4.9.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
apache2-mod_nss-1.0.8-0.4.9.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
apache2-mod_nss-1.0.8-0.4.9.1
Ссылки
- Link for SUSE-RU-2015:0591-1
- E-Mail link for SUSE-RU-2015:0591-1
- SUSE Security Ratings
- SUSE Bug 847216
- SUSE Bug 853039
- SUSE Bug 863035
- SUSE Bug 863518
- SUSE Bug 864929
- SUSE Bug 878681
- SUSE Bug 897712
- SUSE Bug 902068
- SUSE CVE CVE-2013-4566 page
Описание
mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.8-0.4.9.1
SUSE Linux Enterprise Server 11 SP3:apache2-mod_nss-1.0.8-0.4.9.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:apache2-mod_nss-1.0.8-0.4.9.1
Ссылки
- CVE-2013-4566
- SUSE Bug 853039