Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Wed, 14 Dec 2016 17:57:32 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Scott Reid Subject: Security ERRATA Low: mod_nss on SL7.x x86_64 MIME-Version: 1.0 Message-ID: <20161214175732.15410.21077@slpackages.fnal.gov> Synopsis: Low: mod_nss security, bug fix, and enhancement update Advisory ID: SLSA-2016:2602-2 Issue Date: 2016-11-03 CVE Numbers: CVE-2016-3099 -- The following packages have been upgraded to a newer upstream version: mod_nss (1.0.14). Security Fix(es): * A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. (CVE-2016-3099) This issue was discovered by Rob Crittenden (Red Hat). Additional Changes: -- SL7 x86_64 mod_nss-1.0.14-7.el7.x86_64.rpm mod_nss-debuginfo-1.0.14-7.el7.x86_64.rpm - Scientific Linux Development Team