{"affected":[{"ecosystem_specific":{"binaries":[{"apache2-mod_nss":"1.0.14-10.14.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"apache2-mod_nss","purl":"pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.14-10.14.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apache2-mod_nss":"1.0.14-10.14.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"apache2-mod_nss","purl":"pkg:rpm/suse/apache2-mod_nss&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.14-10.14.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update provides apache2-mod_nss 1.0.14, which brings several fixes and\nenhancements:\n\n- Fix OpenSSL ciphers stopped parsing at +. (CVE-2016-3099)\n- Created valgrind suppression files to ease debugging.\n- Implement SSL_PPTYPE_FILTER to call executables to get the key password pins.\n- Improvements to migrate.pl.\n- Update default ciphers to something more modern and secure.\n- Check for host and netstat commands in gencert before trying to use them.\n- Add server support for DHE ciphers.\n- Extract SAN from server/client certificates into env\n- Fix memory leaks and other coding issues caught by clang analyzer.\n- Add support for Server Name Indication (SNI).\n- Add support for SNI for reverse proxy connections.\n- Add RenegBufferSize? option.\n- Add support for TLS Session Tickets (RFC 5077).\n- Fix logical AND support in OpenSSL cipher compatibility.\n- Correctly handle disabled ciphers. (CVE-2015-5244)\n- Implement a slew more OpenSSL cipher macros.\n- Fix a number of illegal memory accesses and memory leaks.\n- Support for SHA384 ciphers if they are available in NSS.\n- Add compatibility for mod_ssl-style cipher definitions.\n- Add TLSv1.2-specific ciphers.\n- Completely remove support for SSLv2.\n- Add support for sqlite NSS databases.\n- Compare subject CN and VS hostname during server start up.\n- Add support for enabling TLS v1.2.\n- Don't enable SSL 3 by default. (CVE-2014-3566)\n- Fix CVE-2013-4566.\n- Move nss_pcache to /usr/libexec.\n- Support httpd 2.4+.\n- SHA256 cipher names change spelling from *_sha256 to *_sha_256.\n- Use apache2-systemd-ask-pass to prompt for a certificate passphrase.\n  (bsc#972968, bsc#975394)\n","id":"SUSE-SU-2016:2396-1","modified":"2016-09-27T13:12:22Z","published":"2016-09-27T13:12:22Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162396-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/972968"},{"type":"REPORT","url":"https://bugzilla.suse.com/975394"},{"type":"REPORT","url":"https://bugzilla.suse.com/979688"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-4566"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3566"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5244"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3099"}],"related":["CVE-2013-4566","CVE-2014-3566","CVE-2015-5244","CVE-2016-3099"],"summary":"Security update for apache2-mod_nss","upstream":["CVE-2013-4566","CVE-2014-3566","CVE-2015-5244","CVE-2016-3099"]}