Bug 1012656
Summary: | pick up NSS 3.15.2 to (a) fix CVE-2013-1739 (moderate) and (b) to disable MD5 in OCSP/CRL | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Kai Engert (:kaie) (inactive account) <kengert> |
Component: | nss | Assignee: | Elio Maldonado Batiz <emaldona> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Hubert Kario <hkario> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | emaldona, eparis, hkario, huzaifas, ksrot, lmiksik, rrelyea, sforsber |
Target Milestone: | rc | Keywords: | Rebase |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | nss-3.15.2-1.el7 | Doc Type: | Rebase: Bug Fixes and Enhancements |
Doc Text: |
Rebase package(s) to version: nss-3.15.2
Highlights, important fixes, or notable enhancements:
A security-relevant bug has been resolved in NSS 3.15.2. (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure. Upstream URL:
https://bugzilla.mozilla.org/show_bug.cgi?id=894370
MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs, consistent with their handling for general certificate signatures.
AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-04-17 13:57:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1012678, 1012679 | ||
Bug Blocks: |
Description
Kai Engert (:kaie) (inactive account)
2013-09-26 19:59:13 UTC
After discussing on IRC: We'd prefer to rebase RHEL 7 to NSS 3.15.2 This will require also to update the nss-util and nss-softokn packages, which should be trivial? *** Bug 1012655 has been marked as a duplicate of this bug. *** If this feature or issue should be documented in the Release or Technical Notes for RHEL 7.0 Beta, please select the correct Doc Type from the drop-down menu and enter a description in Doc Text. For info about the differences between known issues, driver updates, deprecated functionality, release notes and Technology Previews, see: https://engineering.redhat.com/docs/en-US/Policy/70.ecs/html-single/Describing_Errata_Release_and_Technical_Notes_for_Engineers/index.html#bh-known_issue If you have questions, please email rhel-notes. |