Recommended update for apache2-mod_nss

Announcement ID:	SUSE-RU-2018:0304-1
Rating:	low
References:	bsc#863035 bsc#993642 bsc#996282 bsc#998176 bsc#998180 bsc#998183
Affected Products:	SLES for SAP Applications 11-SP4 SUSE Linux Enterprise Server 11 SP4

An update that has six fixes can now be installed.

Description:

This update for apache2-mod_nss fixes the following issues:

• Change minimum required NSS version to 3.25, as 3.24 breaks mod_nss because of SSLv2 changes. (bsc#993642)
• Rebuild against the recently updated NSS (3.29) adding support for SHA384 TLS ciphers. (bsc#863035)
• Remove deprecated NSSSessionCacheTimeout option from mod_nss.conf.in. (bsc#998176)
• Change the ownership of the gencert generated NSS database so apache can read it. (bsc#998180)
• Fix configuration paths in mod_nss.conf.in to point to correct locations. (bsc#996282)
• Generate dummy certificates if there are none in mod_nss.d. (bsc#998183)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 11 SP4
  zypper in -t patch slessp4-apache2-mod_nss-13452=1
• SLES for SAP Applications 11-SP4
  zypper in -t patch slessp4-apache2-mod_nss-13452=1

Package List:

• SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
  • apache2-mod_nss-1.0.14-0.4.26.5.1
• SLES for SAP Applications 11-SP4 (ppc64 x86_64)
  • apache2-mod_nss-1.0.14-0.4.26.5.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=863035
• https://bugzilla.suse.com/show_bug.cgi?id=993642
• https://bugzilla.suse.com/show_bug.cgi?id=996282
• https://bugzilla.suse.com/show_bug.cgi?id=998176
• https://bugzilla.suse.com/show_bug.cgi?id=998180
• https://bugzilla.suse.com/show_bug.cgi?id=998183