SUSE-RU-2020:1708-1: moderate: Recommended update for apache2-mod_nss
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Tue Jun 23 07:13:22 MDT 2020
SUSE Recommended Update: Recommended update for apache2-mod_nss
______________________________________________________________________________
Announcement ID: SUSE-RU-2020:1708-1
Rating: moderate
References: #1167322
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server 12-SP4
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for apache2-mod_nss fixes the following issues:
- Update from version 1.0.14 to 1.0.17 (jsc#ECO-1907, bsc#1167322)
* Add TLSv1.3 support
* Update documentation for TLS 1.3
* Add TLS 1.3 support to the cipher tests
* PEP-8 fixups
* Change the default certificate database format to SQLite.
* Try to auto-detect the NSS database format if not specified
* Update nss_pcache.8 man page to drop directory and prefix
* When a token is configured in password file only authenticate once
* Return an error when NSSPassPhraseDialog is invalid
* Move 3DES ciphers down from HIGH to MEDIUM to match OpenSSL 1.0.2k+
* Add -Werror=implicit-function-declaration to CFLAGS
* Handle group membership when testing for file permissions
* NSS system-wide policy now disables SSLv3, don't use it in tests
* Add missing error messages for libssl errors
* Fix doc typo in SSL_[SERVER|CLIENT]_SAN_IPaddr env variable name
* When including additional test config use specific extension
* Fix the TLS Session ID cache
* Make an invalid protocol setting fatal
* Don't use same NSS db in nss_pcache as mod_nss, use NSS_NoDB_Init()
* Add info log message when FIPS is enabled
* Add AES-256 and drop DES, CAST128, SKIPJACK as wrapping key types
* Fix removal of CR from PEM certificates
* Add OCSP caching and timeout tuning knobs
* Check the NSS database directory permissions as well as the files
inside it for read access on startup.
* Add in simple aliases for ciphers to fix those that don't follow the
pattern (dhe_rsa_aes_128_sha256, dhe_rsa_aes_256_sha256) and those
with typos (camelia_128_sha, camelia_256_sha)
* Don't set remote user in fixup hook
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1708=1
- SUSE Linux Enterprise Server 12-SP4:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1708=1
Package List:
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
apache2-mod_nss-1.0.17-19.12.1
apache2-mod_nss-debuginfo-1.0.17-19.12.1
apache2-mod_nss-debugsource-1.0.17-19.12.1
- SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64):
apache2-mod_nss-1.0.17-19.12.1
apache2-mod_nss-debuginfo-1.0.17-19.12.1
apache2-mod_nss-debugsource-1.0.17-19.12.1
References:
https://bugzilla.suse.com/1167322
More information about the sle-updates
mailing list