[SECURITY] Fedora 14 Update: nss-3.12.10-7.fc14
updates at fedoraproject.org
updates at fedoraproject.org
Sat Nov 26 23:09:55 UTC 2011
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15586
2011-11-10 16:42:28
--------------------------------------------------------------------------------
Name : nss
Product : Fedora 14
Version : 3.12.10
Release : 7.fc14
URL : http://www.mozilla.org/projects/security/pki/nss/
Summary : Network Security Services
Description :
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.
--------------------------------------------------------------------------------
Update Information:
This security update revokes trust in DigiCert Sdn. Bhd Intermediate Certificate Authority from NSS - rhbz#751674
It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate
Certificate Authority (CA) issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 8 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.10-7
- Update builtins certs to those from NSSCKBI_1_88_RTM
* Tue Sep 6 2011 Kai Engert <kaie at redhat.com> - 3.12.10-6
- Update builtins certs to those from NSSCKBI_1_87_RTM
* Mon Jun 27 2011 Michael Schwendt <mschwendt at fedoraproject.org> - 3.12.10-5
- Provide virtual -static package to meet guidelines (#609612).
* Fri Jun 10 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.10-4
- Enable pluggable ecc support (#712556)
- Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045)
* Fri May 20 2011 Dennis Gilmore <dennis at ausil.us> - 3.12.10-3
- make the testsuite non fatal on arm arches
* Tue May 17 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.10-2
- Fix crmf hard-coded maximum size for wrapped private keys (#703656)
* Fri May 6 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.10-1
- Update to NSS_3_12_10_RTM
* Wed Apr 27 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.10-0.1.beta1
- Update to NSS_3_12_10_BETA1
* Mon Apr 11 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-15
- Implement PEM logging using NSPR's own (#695011)
- Update the expired PayPalEE test certificate to one good until April 1, 2013
* Fri Mar 25 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-14
- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM
* Thu Feb 24 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-13
- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)
* Fri Feb 18 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-12
- Add a missing requires for pkcs11-devel (#675196)
* Tue Feb 15 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-11
- Run the test suites in the check section (#677809)
* Thu Feb 10 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-10
- Fix cms headers to not use c++ reserved words (#676036)
- Reenabling Bug 499444 patches
- Fix to swap internal key slot on fips mode switches
* Tue Feb 8 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-9
- Revert patches for 499444 until all c++ reserved words are found and extirpated
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.12.9-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Feb 8 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-7
- Fix cms header to not use c++ reserved word (#676036)
- Reenable patches for bug 499444
* Tue Feb 8 2011 Christopher Aillon <caillon at redhat.com> - 3.12.9-6
- Revert patches for 499444 as they use a C++ reserved word and
cause compilation of Firefox to fail
* Fri Feb 4 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-5
- Fix the earlier infinite recursion patch (#499444)
- Remove a header that now nss-softokn-freebl-devel ships
* Tue Feb 1 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-4
- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)
* Mon Jan 31 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-3
- Update the cacert trust patch per upstream review requests (#633043)
* Wed Jan 19 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-2
- Fix to honor the user's cert trust preferences (#633043)
- Remove obsoleted patch
* Wed Jan 12 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.9-1
- Update to 3.12.9
* Mon Dec 27 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.9-0.1.beta2
- Rebuilt according to fedora pre-release package naming guidelines
* Fri Dec 10 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8.99.2-1
- Update to NSS_3_12_9_BETA2
- Fix libpnsspem crash when cacert dir contains other directories (#642433)
* Wed Dec 8 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8.99.1-1
- Update to NSS_3_12_9_BETA1
* Thu Nov 25 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8-9
- Update pem source tar with fixes for 614532 and 596674
- Remove no longer needed patches
* Fri Nov 5 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8-8
- Update PayPalEE.cert test certificate which had expired
* Sun Oct 31 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8-7
- Tell rpm not to verify md5, size, and modtime of configurations file
* Mon Oct 18 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8-6
- Fix certificates trust order (#643134)
- Apply nss-sysinit-userdb-first.patch last
* Wed Oct 6 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8-5
- Move triggerpostun -n nss-sysinit script ahead of the other ones (#639248)
* Tue Oct 5 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8-4
- Fix invalid %postun scriptlet (#639248)
* Wed Sep 29 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8-3
- Replace posttrans sysinit scriptlet with a triggerpostun one (#636787)
- Fix and cleanup the setup-nsssysinit.sh script (#636792, #636801)
* Mon Sep 27 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8-2
- Add posttrans scriptlet (#636787)
* Thu Sep 23 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.8-1
- Update to 3.12.8
- Prevent disabling of nss-sysinit on package upgrade (#636787)
- Create pkcs11.txt with correct permissions regardless of umask (#636792)
- Setup-nsssysinit.sh reports whether nss-sysinit is turned on or off (#636801)
- Added provides pkcs11-devel-static to comply with packaging guidelines (#609612)
* Sat Sep 18 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.7.99.4-1
- NSS 3.12.8 RC0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #751674 - Revoking Trust in DigiCert Sdn. Bhd Intermediate Certificate Authority from nss [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=751674
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update nss' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list