Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » RHSA-2013:0214-01

Overview

Id RHSA-2013:0214-01
Name Red Hat 2013:0214-01 RHSA Important: nss and nspr security, bug fix, and enhancement update for RHEL 5 x86_64
Vendor Name red_hat
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 31 Jan 2013 12:00:00

RHSA-2013:0214-01

Red Hat 2013:0214-01 RHSA Important: nss and nspr security, bug fix, and enhancement update for RHEL 5 x86_64

Vendor Name

red_hat

Product

None

Released On

31 Jan 2013 12:00:00

Url

https://rhn.redhat.com/errata/RHSA-2013-0214.html

Description

LSAC(v2)
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority (CA) mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. (BZ#890605) In addition, the nss package has been upgraded to upstream version 3.13.6, and the nspr package has been upgraded to upstream version 4.9.2. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#893371, BZ#893372) All NSS and NSPR users should upgrade to these updated packages, which correct these issues and add these enhancements. After installing the update, applications using NSS and NSPR must be restarted for the changes to take effect.

Related Resources

Related Vulnerabilities

None

Related Patches

Superseded Patches

None


Last Updated: 27 May 2016 11:16:27