Overview

File _patchinfo of Package patchinfo.3000

<patchinfo incident="3000">
  <issue id="975394" tracker="bnc">Enable "exec" option for the NSSPassPhraseDialog directive in mod_nss</issue>
  <issue id="972968" tracker="bnc">Apache fails to prompt for a passphrase</issue>
  <issue id="979688" tracker="bnc">apache2-mod_nss - version upgrade to 1.0.14 or newer</issue>
  <issue id="2015-5244" tracker="cve" />
  <issue id="2013-4566" tracker="cve" />
  <issue id="2016-3099" tracker="cve" />
  <issue id="2014-3566" tracker="cve" />
  <issue id="320764" tracker="fate" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>
This update provides apache2-mod_nss 1.0.14, which brings several fixes and
enhancements:

- Fix OpenSSL ciphers stopped parsing at +. (CVE-2016-3099)
- Created valgrind suppression files to ease debugging.
- Implement SSL_PPTYPE_FILTER to call executables to get the key password pins.
- Improvements to migrate.pl.
- Update default ciphers to something more modern and secure.
- Check for host and netstat commands in gencert before trying to use them.
- Add server support for DHE ciphers.
- Extract SAN from server/client certificates into env
- Fix memory leaks and other coding issues caught by clang analyzer.
- Add support for Server Name Indication (SNI).
- Add support for SNI for reverse proxy connections.
- Add RenegBufferSize? option.
- Add support for TLS Session Tickets (RFC 5077).
- Fix logical AND support in OpenSSL cipher compatibility.
- Correctly handle disabled ciphers. (CVE-2015-5244)
- Implement a slew more OpenSSL cipher macros.
- Fix a number of illegal memory accesses and memory leaks.
- Support for SHA384 ciphers if they are available in NSS.
- Add compatibility for mod_ssl-style cipher definitions.
- Add TLSv1.2-specific ciphers.
- Completely remove support for SSLv2.
- Add support for sqlite NSS databases.
- Compare subject CN and VS hostname during server start up.
- Add support for enabling TLS v1.2.
- Don't enable SSL 3 by default. (CVE-2014-3566)
- Fix CVE-2013-4566.
- Move nss_pcache to /usr/libexec.
- Support httpd 2.4+.
- Use apache2-systemd-ask-pass to prompt for a certificate passphrase.
  (bsc#972968, bsc#975394)
</description>
  <summary>Security update for apache2-mod_nss</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places