Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » RHBA-2013:0081-01

Overview

Id RHBA-2013:0081-01
Name Red Hat 2013:0081-01 RHBA nss and nspr bug fix and enhancement update for RHEL 5 x86
Vendor Name red_hat
Product None
Content Type Recommended Recommended
Language(s)
Operating System(s) Linux 
Released On 07 Jan 2013 12:00:00

RHBA-2013:0081-01

Red Hat 2013:0081-01 RHBA nss and nspr bug fix and enhancement update for RHEL 5 x86

Vendor Name

red_hat

Product

None

Released On

07 Jan 2013 12:00:00

Url

https://rhn.redhat.com/errata/RHBA-2013-0081.html

Description

LSAC(v2)
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. This update fixes the following bugs: * Due to errors in the Netscape Portable Runtime (NSPR) code responsible for thread synchronization, memory corruption sometimes occurred. Consequently, the web server daemon (httpd) sometimes terminated unexpectedly with a segmentation fault after making more than 1023 calls to the NSPR library. With this update, an improvement to the way NSPR frees previously allocated memory has been made and httpd no longer crashes in the scenario described. (BZ#633519) * Some Network Security Services (NSS) clients call NSS without initializing first as mandated by the API and NSS did not protect itself against such improper usage. Consequently, this caused unexpected terminations on shutdown as some variables had not been properly initialized. Such crashes were reported in the messaging daemon (qpidd), included in Red Hat Enterprise MRG, after a recent update to the nss package. This occurred as qpidd made NSS calls before initializing NSS. With this update, NSS now protects itself against potential improper use by client code. As a result, NSS prevents qpidd, and other processes that may call NSS without initializing as mandated by the API, from crashing. (BZ#797939) This update also adds the following enhancement: * The certutil tool was enhanced to support creation of Elliptic Curve (EC) key pairs on Hardware Security Modules. (BZ#820684) All nss and nspr users should upgrade to these updated packages, which fix these bugs and add this enhancement. After installing the update, applications using NSS and NSPR must be restarted for the changes to take effect.

Related Resources

Related Vulnerabilities

None

Related Patches

None

Superseded Patches


Last Updated: 27 May 2016 11:16:08