SUSE-RU-2020:1708-1: moderate: Recommended update for apache2-mod_nss

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Jun 23 07:13:22 MDT 2020 

   SUSE Recommended Update: Recommended update for apache2-mod_nss
______________________________________________________________________________

Announcement ID:    SUSE-RU-2020:1708-1
Rating:             moderate
References:         #1167322 
Affected Products:
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for apache2-mod_nss fixes the following issues:

   - Update from version 1.0.14 to 1.0.17 (jsc#ECO-1907, bsc#1167322)
     * Add TLSv1.3 support
     * Update documentation for TLS 1.3
     * Add TLS 1.3 support to the cipher tests
     * PEP-8 fixups
     * Change the default certificate database format to SQLite.
     * Try to auto-detect the NSS database format if not specified
     * Update nss_pcache.8 man page to drop directory and prefix
     * When a token is configured in password file only authenticate once
     * Return an error when NSSPassPhraseDialog is invalid
     * Move 3DES ciphers down from HIGH to MEDIUM to match OpenSSL 1.0.2k+
     * Add -Werror=implicit-function-declaration to CFLAGS
     * Handle group membership when testing for file permissions
     * NSS system-wide policy now disables SSLv3, don't use it in tests
     * Add missing error messages for libssl errors
     * Fix doc typo in SSL_[SERVER|CLIENT]_SAN_IPaddr env variable name
     * When including additional test config use specific extension
     * Fix the TLS Session ID cache
     * Make an invalid protocol setting fatal
     * Don't use same NSS db in nss_pcache as mod_nss, use NSS_NoDB_Init()
     * Add info log message when FIPS is enabled
         * Add AES-256 and drop DES, CAST128, SKIPJACK as wrapping key types
     * Fix removal of CR from PEM certificates
     * Add OCSP caching and timeout tuning knobs
     * Check the NSS database directory permissions as well as the files
       inside it for read access on startup.
     * Add in simple aliases for ciphers to fix those that don't follow the
       pattern (dhe_rsa_aes_128_sha256, dhe_rsa_aes_256_sha256) and those
       with typos (camelia_128_sha, camelia_256_sha)
     * Don't set remote user in fixup hook


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1708=1

   - SUSE Linux Enterprise Server 12-SP4:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1708=1



Package List:

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      apache2-mod_nss-1.0.17-19.12.1
      apache2-mod_nss-debuginfo-1.0.17-19.12.1
      apache2-mod_nss-debugsource-1.0.17-19.12.1

   - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64):

      apache2-mod_nss-1.0.17-19.12.1
      apache2-mod_nss-debuginfo-1.0.17-19.12.1
      apache2-mod_nss-debugsource-1.0.17-19.12.1


References:

   https://bugzilla.suse.com/1167322

More information about the sle-updates mailing list