- Issued:
- 2015-07-22
- Updated:
- 2015-07-22
RHBA-2015:1315 - jss bug fix and enhancement update
Synopsis
jss bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
Updated jss packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
Description
Java Security Services (JSS) provides an interface between Java Virtual Machine and Network Security Services (NSS). It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System.
This update fixes the following bugs:
-
Previously, the HASH_ALGORITHM constant was defined incorrectly. As a consequence, object identifiers (OIDs) for SHA-256, SHA-384, and SHA-512 hash functions were incorrect. With this update, the underlying source code has been modified, and the mentioned OIDs are now correct. (BZ#1190302)
-
Prior to this update, the source code for JSS was missing a condition for validating the key strength for the RC4 software stream cipher. As a consequence, JSS did not validate the key strength properly. A patch has been applied to fix this bug, and JSS now performs key strength validation checks as expected. (BZ#1190303)
In addition, this update adds the following enhancement:
- The Tomcat service has been updated to support the Transport Layer Security cryptographic protocol version 1.1 (TLSv1.1) and the Transport Layer Security cryptographic protocol version 1.2 (TLSv1.2) using JSS. (BZ#1167470)
Users of jss are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- jss-4.2.6-35.el6.ppc64.rpm
- jss-javadoc-4.2.6-35.el6.x86_64.rpm
- jss-debuginfo-4.2.6-35.el6.s390x.rpm
- jss-javadoc-4.2.6-35.el6.i686.rpm
- jss-4.2.6-35.el6.s390x.rpm
- jss-4.2.6-35.el6.x86_64.rpm
- jss-javadoc-4.2.6-35.el6.s390x.rpm
- jss-4.2.6-35.el6.src.rpm
- jss-debuginfo-4.2.6-35.el6.i686.rpm
- jss-debuginfo-4.2.6-35.el6.x86_64.rpm
- jss-javadoc-4.2.6-35.el6.ppc64.rpm
- jss-4.2.6-35.el6.i686.rpm
- jss-debuginfo-4.2.6-35.el6.ppc64.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.