- Issued:
- 2013-01-07
- Updated:
- 2013-01-07
RHBA-2013:0081 - nss and nspr bug fix and enhancement update
Synopsis
nss and nspr bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated nss and nspr packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 5.
Description
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.
This update fixes the following bugs:
-
Due to errors in the Netscape Portable Runtime (NSPR) code responsible for thread synchronization, memory corruption sometimes occurred. Consequently, the web server daemon (httpd) sometimes terminated unexpectedly with a segmentation fault after making more than 1023 calls to the NSPR library. With this update, an improvement to the way NSPR frees previously allocated memory has been made and httpd no longer crashes in the scenario described. (BZ#633519)
-
Some Network Security Services (NSS) clients call NSS without initializing first as mandated by the API and NSS did not protect itself against such improper usage. Consequently, this caused unexpected terminations on shutdown as some variables had not been properly initialized. Such crashes were reported in the messaging daemon (qpidd), included in Red Hat Enterprise MRG, after a recent update to the nss package. This occurred as qpidd made NSS calls before initializing NSS. With this update, NSS now protects itself against potential improper use by client code. As a result, NSS prevents qpidd, and other processes that may call NSS without initializing as mandated by the API, from crashing. (BZ#797939)
This update also adds the following enhancement:
- The certutil tool was enhanced to support creation of Elliptic Curve (EC) key pairs on Hardware Security Modules. (BZ#820684)
All nss and nspr users should upgrade to these updated packages, which fix these bugs and add this enhancement. After installing the update, applications using NSS and NSPR must be restarted for the changes to take effect.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
| Red Hat Enterprise Linux Desktop | 5 | x86_64 |
| Red Hat Enterprise Linux Desktop | 5 | i386 |
Updated Packages
- nss-3.13.5-8.el5.i386.rpm
- nss-3.13.5-8.el5.src.rpm
- nspr-debuginfo-4.9.1-6.el5.x86_64.rpm
- nspr-4.9.1-6.el5.ppc64.rpm
- nspr-4.9.1-6.el5.s390x.rpm
- nspr-debuginfo-4.9.1-6.el5.ppc.rpm
- nss-pkcs11-devel-3.13.5-8.el5.s390x.rpm
- nss-debuginfo-3.13.5-8.el5.i386.rpm
- nspr-devel-4.9.1-6.el5.s390.rpm
- nss-debuginfo-3.13.5-8.el5.s390.rpm
- nss-devel-3.13.5-8.el5.s390x.rpm
- nspr-devel-4.9.1-6.el5.s390x.rpm
- nss-debuginfo-3.13.5-8.el5.ia64.rpm
- nss-devel-3.13.5-8.el5.x86_64.rpm
- nss-pkcs11-devel-3.13.5-8.el5.x86_64.rpm
- nss-debuginfo-3.13.5-8.el5.ppc.rpm
- nspr-4.9.1-6.el5.ia64.rpm
- nspr-4.9.1-6.el5.x86_64.rpm
- nss-3.13.5-8.el5.ppc64.rpm
- nss-pkcs11-devel-3.13.5-8.el5.i386.rpm
- nss-3.13.5-8.el5.s390.rpm
- nss-devel-3.13.5-8.el5.i386.rpm
- nss-tools-3.13.5-8.el5.ia64.rpm
- nspr-devel-4.9.1-6.el5.ppc.rpm
- nss-3.13.5-8.el5.s390x.rpm
- nss-pkcs11-devel-3.13.5-8.el5.ia64.rpm
- nss-devel-3.13.5-8.el5.ppc.rpm
- nspr-debuginfo-4.9.1-6.el5.ppc64.rpm
- nss-tools-3.13.5-8.el5.i386.rpm
- nss-tools-3.13.5-8.el5.x86_64.rpm
- nspr-4.9.1-6.el5.src.rpm
- nss-debuginfo-3.13.5-8.el5.x86_64.rpm
- nss-devel-3.13.5-8.el5.ppc64.rpm
- nss-tools-3.13.5-8.el5.ppc.rpm
- nspr-4.9.1-6.el5.s390.rpm
- nss-pkcs11-devel-3.13.5-8.el5.s390.rpm
- nss-tools-3.13.5-8.el5.s390x.rpm
- nspr-devel-4.9.1-6.el5.x86_64.rpm
- nss-devel-3.13.5-8.el5.s390.rpm
- nss-3.13.5-8.el5.ppc.rpm
- nspr-debuginfo-4.9.1-6.el5.s390.rpm
- nss-debuginfo-3.13.5-8.el5.s390x.rpm
- nss-devel-3.13.5-8.el5.ia64.rpm
- nspr-debuginfo-4.9.1-6.el5.ia64.rpm
- nss-3.13.5-8.el5.ia64.rpm
- nss-pkcs11-devel-3.13.5-8.el5.ppc64.rpm
- nspr-4.9.1-6.el5.ppc.rpm
- nspr-devel-4.9.1-6.el5.ia64.rpm
- nss-3.13.5-8.el5.x86_64.rpm
- nspr-debuginfo-4.9.1-6.el5.s390x.rpm
- nspr-debuginfo-4.9.1-6.el5.i386.rpm
- nspr-devel-4.9.1-6.el5.ppc64.rpm
- nspr-4.9.1-6.el5.i386.rpm
- nss-debuginfo-3.13.5-8.el5.ppc64.rpm
- nss-pkcs11-devel-3.13.5-8.el5.ppc.rpm
- nspr-devel-4.9.1-6.el5.i386.rpm
Fixes
- This content is not included.BZ - 633519
- This content is not included.BZ - 788039
- This content is not included.BZ - 797939
- This content is not included.BZ - 820684
- This content is not included.BZ - 830304
- This content is not included.BZ - 831654
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.