suse-su-2016:2329-1
Vulnerability from csaf_suse
Published
2016-09-16 15:19
Modified
2016-09-16 15:19
Summary
Security update for apache2-mod_nss
Notes
Title of the patch
Security update for apache2-mod_nss
Description of the patch
This update provides apache2-mod_nss 1.0.14, which brings several fixes and
enhancements:
- SHA256 cipher names change spelling from *_sha256 to *_sha_256.
- Drop mod_nss_migrate.pl and use upstream migrate script instead.
- Check for Apache user owner/group read permissions of NSS database at startup.
- Update default ciphers to something more modern and secure.
- Check for host and netstat commands in gencert before trying to use them.
- Don't ignore NSSProtocol when NSSFIPS is enabled.
- Use proper shell syntax to avoid creating /0 in gencert.
- Add server support for DHE ciphers.
- Extract SAN from server/client certificates into env.
- Fix memory leaks and other coding issues caught by clang analyzer.
- Add support for Server Name Indication (SNI)
- Add support for SNI for reverse proxy connections.
- Add RenegBufferSize? option.
- Add support for TLS Session Tickets (RFC 5077).
- Implement a slew more OpenSSL cipher macros.
- Fix a number of illegal memory accesses and memory leaks.
- Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against.
- Add the SECURE_RENEG environment variable.
- Add some hints when NSS database cannot be initialized.
- Code cleanup including trailing whitespace and compiler warnings.
- Modernize autotools configuration slightly, add config.h.
- Add small test suite for SNI.
- Add compatibility for mod_ssl-style cipher definitions.
- Add Camelia ciphers.
- Remove Fortezza ciphers.
- Add TLSv1.2-specific ciphers.
- Initialize cipher list when re-negotiating handshake.
- Completely remove support for SSLv2.
- Add support for sqlite NSS databases.
- Compare subject CN and VS hostname during server start up.
- Add support for enabling TLS v1.2.
- Don't enable SSL 3 by default. (CVE-2014-3566)
- Improve protocol testing.
- Add nss_pcache man page.
- Fix argument handling in nss_pcache.
- Support httpd 2.4+.
- Allow users to configure a helper to ask for certificate passphrases via
NSSPassPhraseDialog. (bsc#975394)
Patchnames
sleclo50sp3-apache2-mod_nss-12751,sleman21-apache2-mod_nss-12751,slemap21-apache2-mod_nss-12751,sleposp3-apache2-mod_nss-12751,slessp2-apache2-mod_nss-12751,slessp3-apache2-mod_nss-12751,slessp4-apache2-mod_nss-12751
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for apache2-mod_nss", "title": "Title of the patch" }, { "category": "description", "text": "\nThis update provides apache2-mod_nss 1.0.14, which brings several fixes and\nenhancements:\n\n- SHA256 cipher names change spelling from *_sha256 to *_sha_256.\n- Drop mod_nss_migrate.pl and use upstream migrate script instead.\n- Check for Apache user owner/group read permissions of NSS database at startup.\n- Update default ciphers to something more modern and secure.\n- Check for host and netstat commands in gencert before trying to use them.\n- Don\u0027t ignore NSSProtocol when NSSFIPS is enabled.\n- Use proper shell syntax to avoid creating /0 in gencert.\n- Add server support for DHE ciphers.\n- Extract SAN from server/client certificates into env.\n- Fix memory leaks and other coding issues caught by clang analyzer.\n- Add support for Server Name Indication (SNI)\n- Add support for SNI for reverse proxy connections.\n- Add RenegBufferSize? option.\n- Add support for TLS Session Tickets (RFC 5077).\n- Implement a slew more OpenSSL cipher macros.\n- Fix a number of illegal memory accesses and memory leaks.\n- Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against.\n- Add the SECURE_RENEG environment variable.\n- Add some hints when NSS database cannot be initialized.\n- Code cleanup including trailing whitespace and compiler warnings.\n- Modernize autotools configuration slightly, add config.h.\n- Add small test suite for SNI.\n- Add compatibility for mod_ssl-style cipher definitions.\n- Add Camelia ciphers.\n- Remove Fortezza ciphers.\n- Add TLSv1.2-specific ciphers.\n- Initialize cipher list when re-negotiating handshake.\n- Completely remove support for SSLv2.\n- Add support for sqlite NSS databases.\n- Compare subject CN and VS hostname during server start up.\n- Add support for enabling TLS v1.2.\n- Don\u0027t enable SSL 3 by default. (CVE-2014-3566)\n- Improve protocol testing.\n- Add nss_pcache man page.\n- Fix argument handling in nss_pcache.\n- Support httpd 2.4+.\n- Allow users to configure a helper to ask for certificate passphrases via\n NSSPassPhraseDialog. (bsc#975394)\n", "title": "Description of the patch" }, { "category": "details", "text": "sleclo50sp3-apache2-mod_nss-12751,sleman21-apache2-mod_nss-12751,slemap21-apache2-mod_nss-12751,sleposp3-apache2-mod_nss-12751,slessp2-apache2-mod_nss-12751,slessp3-apache2-mod_nss-12751,slessp4-apache2-mod_nss-12751", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2329-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2016:2329-1", "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162329-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2016:2329-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-September/002277.html" }, { "category": "self", "summary": "SUSE Bug 975394", "url": "https://bugzilla.suse.com/975394" }, { "category": "self", "summary": "SUSE Bug 979688", "url": "https://bugzilla.suse.com/979688" }, { "category": "self", "summary": "SUSE CVE CVE-2013-4566 page", "url": "https://www.suse.com/security/cve/CVE-2013-4566/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-3566 page", "url": "https://www.suse.com/security/cve/CVE-2014-3566/" } ], "title": "Security update for apache2-mod_nss", "tracking": { "current_release_date": "2016-09-16T15:19:20Z", "generator": { "date": "2016-09-16T15:19:20Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2016:2329-1", "initial_release_date": "2016-09-16T15:19:20Z", "revision_history": [ { "date": "2016-09-16T15:19:20Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "apache2-mod_nss-1.0.14-0.4.25.1.i586", "product": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.i586", "product_id": "apache2-mod_nss-1.0.14-0.4.25.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "apache2-mod_nss-1.0.14-0.4.25.1.ia64", "product": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.ia64", "product_id": "apache2-mod_nss-1.0.14-0.4.25.1.ia64" } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "product": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "product_id": "apache2-mod_nss-1.0.14-0.4.25.1.ppc64" } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "apache2-mod_nss-1.0.14-0.4.25.1.s390x", "product": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.s390x", "product_id": "apache2-mod_nss-1.0.14-0.4.25.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "product": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "product_id": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE OpenStack Cloud 5", "product": { "name": "SUSE OpenStack Cloud 5", "product_id": "SUSE OpenStack Cloud 5", "product_identification_helper": { "cpe": "cpe:/o:suse:cloud:5" } } }, { "category": "product_name", "name": "SUSE Manager 2.1", "product": { "name": "SUSE Manager 2.1", "product_id": "SUSE Manager 2.1", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-manager-server:2.1" } } }, { "category": "product_name", "name": "SUSE Manager Proxy 2.1", "product": { "name": "SUSE Manager Proxy 2.1", "product_id": "SUSE Manager Proxy 2.1", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-manager-proxy:2.1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Point of Sale 11 SP3", "product": { "name": "SUSE Linux Enterprise Point of Sale 11 SP3", "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-pos:11:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP2-LTSS", "product": { "name": "SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product": { "name": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product": { "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:11:sp3:teradata" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP4", "product": { "name": "SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles:11:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:11:sp4" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64 as component of SUSE OpenStack Cloud 5", "product_id": "SUSE OpenStack Cloud 5:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "relates_to_product_reference": "SUSE OpenStack Cloud 5" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.s390x as component of SUSE Manager 2.1", "product_id": "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.s390x" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.s390x", "relates_to_product_reference": "SUSE Manager 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64 as component of SUSE Manager 2.1", "product_id": "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "relates_to_product_reference": "SUSE Manager 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64 as component of SUSE Manager Proxy 2.1", "product_id": "SUSE Manager Proxy 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "relates_to_product_reference": "SUSE Manager Proxy 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3", "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_nss-1.0.14-0.4.25.1.i586" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.i586" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.s390x" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" }, "product_reference": "apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-4566", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2013-4566" } ], "notes": [ { "category": "general", "text": "mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Manager Proxy 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE OpenStack Cloud 5:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2013-4566", "url": "https://www.suse.com/security/cve/CVE-2013-4566" }, { "category": "external", "summary": "SUSE Bug 853039 for CVE-2013-4566", "url": "https://bugzilla.suse.com/853039" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Manager Proxy 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE OpenStack Cloud 5:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-09-16T15:19:20Z", "details": "moderate" } ], "title": "CVE-2013-4566" }, { "cve": "CVE-2014-3566", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-3566" } ], "notes": [ { "category": "general", "text": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Manager Proxy 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE OpenStack Cloud 5:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-3566", "url": "https://www.suse.com/security/cve/CVE-2014-3566" }, { "category": "external", "summary": "SUSE Bug 1011293 for CVE-2014-3566", "url": "https://bugzilla.suse.com/1011293" }, { "category": "external", "summary": "SUSE Bug 1031023 for CVE-2014-3566", "url": "https://bugzilla.suse.com/1031023" }, { "category": "external", "summary": "SUSE Bug 901223 for CVE-2014-3566", "url": "https://bugzilla.suse.com/901223" }, { "category": "external", "summary": "SUSE Bug 901254 for CVE-2014-3566", "url": "https://bugzilla.suse.com/901254" }, { "category": "external", "summary": "SUSE Bug 901277 for CVE-2014-3566", "url": "https://bugzilla.suse.com/901277" }, { "category": "external", "summary": "SUSE Bug 901748 for CVE-2014-3566", "url": "https://bugzilla.suse.com/901748" }, { "category": "external", "summary": "SUSE Bug 901757 for CVE-2014-3566", "url": "https://bugzilla.suse.com/901757" }, { "category": "external", "summary": "SUSE Bug 901759 for CVE-2014-3566", "url": "https://bugzilla.suse.com/901759" }, { "category": "external", "summary": "SUSE Bug 901889 for CVE-2014-3566", "url": "https://bugzilla.suse.com/901889" }, { "category": "external", "summary": "SUSE Bug 901968 for CVE-2014-3566", "url": "https://bugzilla.suse.com/901968" }, { "category": "external", "summary": "SUSE Bug 902229 for CVE-2014-3566", "url": "https://bugzilla.suse.com/902229" }, { "category": "external", "summary": "SUSE Bug 902233 for CVE-2014-3566", "url": "https://bugzilla.suse.com/902233" }, { "category": "external", "summary": "SUSE Bug 902476 for CVE-2014-3566", "url": "https://bugzilla.suse.com/902476" }, { "category": "external", "summary": "SUSE Bug 903405 for CVE-2014-3566", "url": "https://bugzilla.suse.com/903405" }, { "category": "external", "summary": "SUSE Bug 903684 for CVE-2014-3566", "url": "https://bugzilla.suse.com/903684" }, { "category": "external", "summary": "SUSE Bug 904889 for CVE-2014-3566", "url": "https://bugzilla.suse.com/904889" }, { "category": "external", "summary": "SUSE Bug 905106 for CVE-2014-3566", "url": "https://bugzilla.suse.com/905106" }, { "category": "external", "summary": "SUSE Bug 914041 for CVE-2014-3566", "url": "https://bugzilla.suse.com/914041" }, { "category": "external", "summary": "SUSE Bug 994144 for CVE-2014-3566", "url": "https://bugzilla.suse.com/994144" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Manager Proxy 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE OpenStack Cloud 5:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Point of Sale 11 SP3:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.s390x", "SUSE Manager 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE Manager Proxy 2.1:apache2-mod_nss-1.0.14-0.4.25.1.x86_64", "SUSE OpenStack Cloud 5:apache2-mod_nss-1.0.14-0.4.25.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-09-16T15:19:20Z", "details": "critical" } ], "title": "CVE-2014-3566" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…