Rapid7 Vulnerability & Exploit Database

RHSA-2011:1444: nss security update

Back to Search

RHSA-2011:1444: nss security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
11/09/2011
Created
07/25/2018
Added
11/10/2011
Modified
07/04/2017

Description

Network Security Services (NSS) is a set of libraries designed to supportthe development of security-enabled client and server applications.It was found that the Malaysia-based Digicert Sdn. Bhd. subordinateCertificate Authority (CA) issued HTTPS certificates with weak keys. Thisupdate renders any HTTPS certificates signed by that CA as untrusted. Thiscovers all uses of the certificates, including SSL, S/MIME, and codesigning. Note: Digicert Sdn. Bhd. is not the same company as found atdigicert.com. (BZ#751366)Note: This fix only applies to applications using the NSS Builtin ObjectToken. It does not render the certificates untrusted for applications thatuse the NSS library, but do not use the NSS Builtin Object Token.This update also fixes the following bug on Red Hat Enterprise Linux 5:For Red Hat Enterprise Linux 6, these updated packages upgrade NSS toversion 3.12.10. As well, they upgrade NSPR (Netscape Portable Runtime) toversion 4.8.8 and nss-util to version 3.12.10 on Red HatEnterprise Linux 6, as required by the NSS update. (BZ#735972, BZ#736272,BZ#735973)All NSS users should upgrade to these updated packages, which correct thisissue. After installing the update, applications using NSS must berestarted for the changes to take effect. In addition, on Red HatEnterprise Linux 6, applications using NSPR and nss-util must also berestarted.

Solution(s)

  • redhat-upgrade-nspr
  • redhat-upgrade-nspr-debuginfo
  • redhat-upgrade-nspr-devel
  • redhat-upgrade-nss
  • redhat-upgrade-nss-debuginfo
  • redhat-upgrade-nss-devel
  • redhat-upgrade-nss-pkcs11-devel
  • redhat-upgrade-nss-sysinit
  • redhat-upgrade-nss-tools
  • redhat-upgrade-nss-util
  • redhat-upgrade-nss-util-debuginfo
  • redhat-upgrade-nss-util-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;