Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Scientific Linux SL6: Important NSS and NSPR Update Against Attack

Scientific Large Esm H446
Important: nss, nss-util, and nspr security, bug fix,
Date: Fri, 1 Feb 2013 09:47:45 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Important: nss, nss-util,
 and nspr on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: nss, nss-util, and nspr security, bug fix,
and enhancement update
Issue Date: 2013-01-31
CVE Numbers: None
--

It was found that a Certificate Authority (CA) mis-issued two intermediate
certificates to customers. These certificates could be used to launch
man-in-the-middle attacks. This update renders those certificates as untrusted.
This covers all uses of the certificates, including SSL, S/MIME, and code
signing.

Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that use
the NSS library, but do not use the NSS Builtin Object Token.

In addition, the nss package has been upgraded to upstream version
3.13.6, the nss-util package has been upgraded to upstream version 3.13.6, and the nspr
package has been upgraded to upstream version 4.9.2. These updates provide a
number of bug fixes and enhancements over the previous versions.

After installing this update, applications using NSS, NSPR, or nss-util
must be restarted for this update to take effect.
--

SL6
 x86_64
 nspr-4.9.2-0.el6_3.1.i686.rpm
 nspr-4.9.2-0.el6_3.1.x86_64.rpm
 nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm
 nspr-debuginfo-4.9.2-0.el6_3.1.x86_64.rpm
 nss-3.13.6-2.el6_3.i686.rpm
 nss-3.13.6-2.el6_3.x86_64.rpm
 nss-debuginfo-3.13.6-2.el6_3.i686.rpm
 nss-debuginfo-3.13.6-2.el6_3.x86_64.rpm
 nss-sysinit-3.13.6-2.el6_3.x86_64.rpm
 nss-tools-3.13.6-2.el6_3.x86_64.rpm
 nss-util-3.13.6-1.el6_3.i686.rpm
 nss-util-3.13.6-1.el6_3.x86_64.rpm
 nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm
 nss-util-debuginfo-3.13.6-1.el6_3.x86_64.rpm
 nspr-devel-4.9.2-0.el6_3.1.i686.rpm
 nspr-devel-4.9.2-0.el6_3.1.x86_64.rpm
 nss-devel-3.13.6-2.el6_3.i686.rpm
 nss-devel-3.13.6-2.el6_3.x86_64.rpm
 nss-pkcs11-devel-3.13.6-2.el6_3.i686.rpm
 nss-pkcs11-devel-3.13.6-2.el6_3.x86_64.rpm
 nss-util-devel-3.13.6-1.el6_3.i686.rpm
 nss-util-devel-3.13.6-1.el6_3.x86_64.rpm
 i386
 nspr-4.9.2-0.el6_3.1.i686.rpm
 nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm
 nss-3.13.6-2.el6_3.i686.rpm
 nss-debuginfo-3.13.6-2.el6_3.i686.rpm
 nss-sysinit-3.13.6-2.el6_3.i686.rpm
 nss-tools-3.13.6-2.el6_3.i686.rpm
 nss-util-3.13.6-1.el6_3.i686.rpm
 nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm
 nspr-devel-4.9.2-0.el6_3.1.i686.rpm
 nss-devel-3.13.6-2.el6_3.i686.rpm
 nss-pkcs11-devel-3.13.6-2.el6_3.i686.rpm
 nss-util-devel-3.13.6-1.el6_3.i686.rpm

- Scientific Linux Development Team
Your message here