Updated nss and nspr packages that fix one security issue, various bugs,and add enhancements are now available for Red Hat Enterprise Linux 5.The Red Hat Security Response Team has rated this update as havingimportant security impact. Network Security Services is a set of libraries designed to supportthe cross-platform development of security-enabled client and serverapplications. Netscape Portable Runtime provides platformindependence for non-GUI operating system facilities.It was found that a Certificate Authority mis-issued two intermediatecertificates to customers. These certificates could be used to launchman-in-the-middle attacks. This update renders those certificates asuntrusted. This covers all uses of the certificates, including SSL, S/MIME,and code signing. In addition, the nss package has been upgraded to upstream version 3.13.6,and the nspr package has been upgraded to upstream version 4.9.2. Theseupdates provide a number of bug fixes and enhancements over the previousversions. All NSS and NSPR users should upgrade to these updated packages, whichcorrect these issues and add these enhancements. After installing theupdate, applications using NSS and NSPR must be restarted for the changesto take effect.