Issued:
2011-05-19
Updated:
2011-05-19

RHBA-2011:0735 - mod_nss bug fix update

Synopsis

mod_nss bug fix update

Type/Severity

Bug Fix Advisory (none)

Topic

An updated mod_nss package that fixes various bugs is now available for Red Hat Enterprise Linux 6.

Description

The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library.

This update fixes the following bugs:

  • During the Apache HTTP Server startup, a race condition could prevent one or more child processes from receiving the token PIN, rendering such processes unable to use SSL. With this update, the race condition no longer occurs, and all child processes of the Apache HTTP Server can enable SSL as expected. (BZ#677700)

  • Due to an incorrect use of the memcpy() function in the mod_nss module, running the Apache HTTP Server with this module enabled could cause some requests to fail with the following message written to the error_log file:

    request failed: error reading the headers

This update applies a patch to ensure that the memcpy() function is now used in accordance with the current specification, and using the mod_nss module no longer causes HTTP requests to fail. (BZ#682326)

  • Under certain circumstances, a large "POST" request could cause the mod_nss module to enter an infinite loop. With this update, the underlying source code has been adapted to address this issue, and mod_nss now works as expected. (BZ#634687)

  • The mod_nss module is shipped with the gencert utility that generates the default NSS database. Prior to this update, this utility was installed without any documentation on its usage. This error has been fixed, and a manual page for gencert is now included as expected. (BZ#605376)

All users of mod_nss are advised to upgrade to this updated package, which fixes these bugs.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for Power, big endian6ppc64
Red Hat Enterprise Linux for IBM z Systems6s390x
Red Hat Enterprise Linux Workstation6x86_64
Red Hat Enterprise Linux Workstation6i386
Red Hat Enterprise Linux Server6x86_64
Red Hat Enterprise Linux Server6i386
Red Hat Enterprise Linux Server from RHUI6x86_64
Red Hat Enterprise Linux Server from RHUI6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support6x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension6x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems)6s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems)6s390x
Red Hat Enterprise Linux Desktop6x86_64
Red Hat Enterprise Linux Desktop6i386

Updated Packages

  • mod_nss-1.0.8-12.el6.ppc64.rpm
  • mod_nss-1.0.8-12.el6.x86_64.rpm
  • mod_nss-debuginfo-1.0.8-12.el6.i686.rpm
  • mod_nss-1.0.8-12.el6.i686.rpm
  • mod_nss-1.0.8-12.el6.s390x.rpm
  • mod_nss-1.0.8-12.el6.src.rpm
  • mod_nss-debuginfo-1.0.8-12.el6.x86_64.rpm
  • mod_nss-debuginfo-1.0.8-12.el6.ppc64.rpm
  • mod_nss-debuginfo-1.0.8-12.el6.s390x.rpm

Fixes

CVEs

(none)

References

(none)

Additional information