{"affected":[{"ecosystem_specific":{"binaries":[{"apache2-mod_nss":"1.0.14-0.4.25.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 5","name":"apache2-mod_nss","purl":"pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20OpenStack%20Cloud%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.14-0.4.25.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2-mod_nss":"1.0.14-0.4.25.1"}]},"package":{"ecosystem":"SUSE:Manager 2.1","name":"apache2-mod_nss","purl":"pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Manager%202.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.14-0.4.25.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2-mod_nss":"1.0.14-0.4.25.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy 2.1","name":"apache2-mod_nss","purl":"pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Manager%20Proxy%202.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.14-0.4.25.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2-mod_nss":"1.0.14-0.4.25.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"apache2-mod_nss","purl":"pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.14-0.4.25.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2-mod_nss":"1.0.14-0.4.25.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP2-LTSS","name":"apache2-mod_nss","purl":"pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.14-0.4.25.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2-mod_nss":"1.0.14-0.4.25.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","name":"apache2-mod_nss","purl":"pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.14-0.4.25.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2-mod_nss":"1.0.14-0.4.25.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-TERADATA","name":"apache2-mod_nss","purl":"pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.14-0.4.25.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2-mod_nss":"1.0.14-0.4.25.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"apache2-mod_nss","purl":"pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.14-0.4.25.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2-mod_nss":"1.0.14-0.4.25.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"apache2-mod_nss","purl":"pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.14-0.4.25.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update provides apache2-mod_nss 1.0.14, which brings several fixes and\nenhancements:\n\n- SHA256 cipher names change spelling from *_sha256 to *_sha_256.\n- Drop mod_nss_migrate.pl and use upstream migrate script instead.\n- Check for Apache user owner/group read permissions of NSS database at startup.\n- Update default ciphers to something more modern and secure.\n- Check for host and netstat commands in gencert before trying to use them.\n- Don't ignore NSSProtocol when NSSFIPS is enabled.\n- Use proper shell syntax to avoid creating /0 in gencert.\n- Add server support for DHE ciphers.\n- Extract SAN from server/client certificates into env.\n- Fix memory leaks and other coding issues caught by clang analyzer.\n- Add support for Server Name Indication (SNI)\n- Add support for SNI for reverse proxy connections.\n- Add RenegBufferSize? option.\n- Add support for TLS Session Tickets (RFC 5077).\n- Implement a slew more OpenSSL cipher macros.\n- Fix a number of illegal memory accesses and memory leaks.\n- Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against.\n- Add the SECURE_RENEG environment variable.\n- Add some hints when NSS database cannot be initialized.\n- Code cleanup including trailing whitespace and compiler warnings.\n- Modernize autotools configuration slightly, add config.h.\n- Add small test suite for SNI.\n- Add compatibility for mod_ssl-style cipher definitions.\n- Add Camelia ciphers.\n- Remove Fortezza ciphers.\n- Add TLSv1.2-specific ciphers.\n- Initialize cipher list when re-negotiating handshake.\n- Completely remove support for SSLv2.\n- Add support for sqlite NSS databases.\n- Compare subject CN and VS hostname during server start up.\n- Add support for enabling TLS v1.2.\n- Don't enable SSL 3 by default. (CVE-2014-3566)\n- Improve protocol testing.\n- Add nss_pcache man page.\n- Fix argument handling in nss_pcache.\n- Support httpd 2.4+.\n- Allow users to configure a helper to ask for certificate passphrases via\n  NSSPassPhraseDialog. (bsc#975394)\n","id":"SUSE-SU-2016:2329-1","modified":"2016-09-16T15:19:20Z","published":"2016-09-16T15:19:20Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162329-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/975394"},{"type":"REPORT","url":"https://bugzilla.suse.com/979688"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-4566"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3566"}],"related":["CVE-2013-4566","CVE-2014-3566"],"summary":"Security update for apache2-mod_nss","upstream":["CVE-2013-4566","CVE-2014-3566"]}