Recommended update for apache2-mod_nss
| Announcement ID: | SUSE-RU-2020:1708-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Affected Products: |
|
An update that contains one feature and has one fix can now be installed.
Description:
This update for apache2-mod_nss fixes the following issues:
- Update from version 1.0.14 to 1.0.17 (jsc#ECO-1907, bsc#1167322)
- Add TLSv1.3 support
- Update documentation for TLS 1.3
- Add TLS 1.3 support to the cipher tests
- PEP-8 fixups
- Change the default certificate database format to SQLite.
- Try to auto-detect the NSS database format if not specified
- Update nss_pcache.8 man page to drop directory and prefix
- When a token is configured in password file only authenticate once
- Return an error when NSSPassPhraseDialog is invalid
- Move 3DES ciphers down from HIGH to MEDIUM to match OpenSSL 1.0.2k+
- Add -Werror=implicit-function-declaration to CFLAGS
- Handle group membership when testing for file permissions
- NSS system-wide policy now disables SSLv3, don't use it in tests
- Add missing error messages for libssl errors
- Fix doc typo in SSL_[SERVER|CLIENT]_SAN_IPaddr env variable name
- When including additional test config use specific extension
- Fix the TLS Session ID cache
- Make an invalid protocol setting fatal
- Don't use same NSS db in nss_pcache as mod_nss, use NSS_NoDB_Init()
- Add info log message when FIPS is enabled
- Add AES-256 and drop DES, CAST128, SKIPJACK as wrapping key types
- Fix removal of CR from PEM certificates
- Add OCSP caching and timeout tuning knobs
- Check the NSS database directory permissions as well as the files inside it for read access on startup.
- Add in simple aliases for ciphers to fix those that don't follow the pattern (dhe_rsa_aes_128_sha256, dhe_rsa_aes_256_sha256) and those with typos (camelia_128_sha, camelia_256_sha)
- Don't set remote user in fixup hook
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise High Performance Computing 12 SP4
zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1708=1 -
SUSE Linux Enterprise Server 12 SP4
zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1708=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP4
zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1708=1 -
SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1708=1 -
SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1708=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1708=1
Package List:
-
SUSE Linux Enterprise High Performance Computing 12 SP4 (aarch64 x86_64)
- apache2-mod_nss-1.0.17-19.12.1
- apache2-mod_nss-debuginfo-1.0.17-19.12.1
- apache2-mod_nss-debugsource-1.0.17-19.12.1
-
SUSE Linux Enterprise Server 12 SP4 (aarch64 ppc64le s390x x86_64)
- apache2-mod_nss-1.0.17-19.12.1
- apache2-mod_nss-debuginfo-1.0.17-19.12.1
- apache2-mod_nss-debugsource-1.0.17-19.12.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64)
- apache2-mod_nss-1.0.17-19.12.1
- apache2-mod_nss-debuginfo-1.0.17-19.12.1
- apache2-mod_nss-debugsource-1.0.17-19.12.1
-
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
- apache2-mod_nss-1.0.17-19.12.1
- apache2-mod_nss-debuginfo-1.0.17-19.12.1
- apache2-mod_nss-debugsource-1.0.17-19.12.1
-
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
- apache2-mod_nss-1.0.17-19.12.1
- apache2-mod_nss-debuginfo-1.0.17-19.12.1
- apache2-mod_nss-debugsource-1.0.17-19.12.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
- apache2-mod_nss-1.0.17-19.12.1
- apache2-mod_nss-debuginfo-1.0.17-19.12.1
- apache2-mod_nss-debugsource-1.0.17-19.12.1