Bug 3572 - [UPDATE REQUEST] [UPSTREAM UPDATE] mod_nss
: [UPDATE REQUEST] [UPSTREAM UPDATE] mod_nss
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-13 15:04 MSK by Andrew Lukoshko
Modified: 2014-01-20 15:17 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2014-01-13 15:04:15 MSK
A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided. (CVE-2013-4566)

https://rhn.redhat.com/errata/RHSA-2013-1779.html

https://abf.rosalinux.ru/build_lists/1513298
https://abf.rosalinux.ru/build_lists/1513299
Comment 1 Vladimir Potapov 2014-01-14 13:14:15 MSK
mod_nss-1.0.8-19.res6
************************ RHEL Advisory ************************
A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided. (CVE-2013-4566)
****************************************************************
QA Verified