Solution
Please Install the Updated Packages.
Insight
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.
It was found that a Certificate Authority (CA) issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted.
(BZ#798533)
Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.
The nspr package has been upgraded to upstream version 4.9, which provides a number of bug fixes and enhancements over the previous version.
(BZ#799193)
The nss-util package has been upgraded to upstream version 3.13.3, which provides a number of bug fixes and enhancements over the previous version.
(BZ#799192)
The nss package has been upgraded to upstream version 3.13.3, which provides numerous bug fixes and enhancements over the previous version. In particular, SSL 2.0 is now disabled by default, support for SHA-224 has been added, PORT_ErrorToString and PORT_ErrorToName now return the error message and symbolic name of an NSS error code, and NSS_GetVersion now returns the NSS version string. (BZ#744070)
These updated nss, nss-util, and nspr packages also provide fixes for the following bugs:
* A PEM module internal function did not clean up memory when detecting a non-existent file name. Consequently, memory leaks in client code occurred.
The code has been improved to deallocate such temporary objects and as a result the reported memory leakage is gone. (BZ#746632)
* Recent changes to NSS re-introduced a problem where applications could not use multiple SSL client certificates in the same process. Therefore, any attempt to run commands that worked with multiple SSL client certificates, such as the "
yum repolist"
command, resulted in a
re-negotiation handshake failure. With this update, a revised patch correcting this problem has been applied to NSS, and using multiple SSL client certificates in the same process is now possible again. (BZ#761086)
* The PEM module did not fully initialize newly constructed objects with function pointers set to NULL. Consequ ...
Description truncated, for more information please check the Reference URL
Affected
nss, nss-util, and nspr on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
References
Updated on 2015-03-25