Synopsis: Low: mod_nss security, bug fix, and enhancement update Advisory ID: SLSA-2016:2602-2 Issue Date: 2016-11-03 CVE Numbers: CVE-2016-3099 -- The following packages have been upgraded to a newer upstream version: mod_nss (1.0.14). Security Fix(es): * A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. (CVE-2016-3099) This issue was discovered by Rob Crittenden (Red Hat). Additional Changes: -- SL7 x86_64 mod_nss-1.0.14-7.el7.x86_64.rpm mod_nss-debuginfo-1.0.14-7.el7.x86_64.rpm - Scientific Linux Development Team