Description
It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate
Certificate Authority (CA) issued HTTPS certificates with weak keys. This
update renders any HTTPS certificates signed by that CA as untrusted. This
covers all uses of the certificates, including SSL, S/MIME, and code
signing. This update also fixes the following bug on Red Hat Enterprise Linux 5:
* When using mod_nss with the Apache HTTP Server, a bug in NSS on Red Hat
Enterprise Linux 5 resulted in file descriptors leaking each time the
Apache HTTP Server was restarted with the "service httpd reload" command.
This could have prevented the Apache HTTP Server from functioning properly
if all available file descriptors were consumed. (BZ#743508)
For Red Hat Enterprise Linux 6, these updated packages upgrade NSS to
version 3.12.10. As well, they upgrade NSPR (Netscape Portable Runtime) to
version 4.8.8 and nss-util to version 3.12.10 on Red Hat
Enterprise Linux 6, as required by the NSS update. (BZ#735972, BZ#736272,
BZ#735973)