Important: nss, nss-util, and nspr security, bug fix,
Date: Fri, 1 Feb 2013 09:47:45 -0600
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: Security ERRATA Important: nss, nss-util,
and nspr on SL6.x i386/x86_64
MIME-Version: 1.0
Synopsis: Important: nss, nss-util, and nspr security, bug fix,
and enhancement update
Issue Date: 2013-01-31
CVE Numbers: None
--
It was found that a Certificate Authority (CA) mis-issued two intermediate
certificates to customers. These certificates could be used to launch
man-in-the-middle attacks. This update renders those certificates as untrusted.
This covers all uses of the certificates, including SSL, S/MIME, and code
signing.
Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that use
the NSS library, but do not use the NSS Builtin Object Token.
In addition, the nss package has been upgraded to upstream version
3.13.6, the nss-util package has been upgraded to upstream version 3.13.6, and the nspr
package has been upgraded to upstream version 4.9.2. These updates provide a
number of bug fixes and enhancements over the previous versions.
After installing this update, applications using NSS, NSPR, or nss-util
must be restarted for this update to take effect.
--
SL6
x86_64
nspr-4.9.2-0.el6_3.1.i686.rpm
nspr-4.9.2-0.el6_3.1.x86_64.rpm
nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm
nspr-debuginfo-4.9.2-0.el6_3.1.x86_64.rpm
nss-3.13.6-2.el6_3.i686.rpm
nss-3.13.6-2.el6_3.x86_64.rpm
nss-debuginfo-3.13.6-2.el6_3.i686.rpm
nss-debuginfo-3.13.6-2.el6_3.x86_64.rpm
nss-sysinit-3.13.6-2.el6_3.x86_64.rpm
nss-tools-3.13.6-2.el6_3.x86_64.rpm
nss-util-3.13.6-1.el6_3.i686.rpm
nss-util-3.13.6-1.el6_3.x86_64.rpm
nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm
nss-util-debuginfo-3.13.6-1.el6_3.x86_64.rpm
nspr-devel-4.9.2-0.el6_3.1.i686.rpm
nspr-devel-4.9.2-0.el6_3.1.x86_64.rpm
nss-devel-3.13.6-2.el6_3.i686.rpm
nss-devel-3.13.6-2.el6_3.x86_64.rpm
nss-pkcs11-devel-3.13.6-2.el6_3.i686.rpm
nss-pkcs11-devel-3.13.6-2.el6_3.x86_64.rpm
nss-util-devel-3.13.6-1.el6_3.i686.rpm
nss-util-devel-3.13.6-1.el6_3.x86_64.rpm
i386
nspr-4.9.2-0.el6_3.1.i686.rpm
nspr-debuginfo-4.9.2-0.el6_3.1.i686.rpm
nss-3.13.6-2.el6_3.i686.rpm
nss-debuginfo-3.13.6-2.el6_3.i686.rpm
nss-sysinit-3.13.6-2.el6_3.i686.rpm
nss-tools-3.13.6-2.el6_3.i686.rpm
nss-util-3.13.6-1.el6_3.i686.rpm
nss-util-debuginfo-3.13.6-1.el6_3.i686.rpm
nspr-devel-4.9.2-0.el6_3.1.i686.rpm
nss-devel-3.13.6-2.el6_3.i686.rpm
nss-pkcs11-devel-3.13.6-2.el6_3.i686.rpm
nss-util-devel-3.13.6-1.el6_3.i686.rpm
- Scientific Linux Development Team