lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WvWHd-0000jb-2U@titan.mandriva.com>
Date: Fri, 13 Jun 2014 20:33:01 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:125 ] nspr

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:125
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : nspr
 Date    : June 13, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in nspr:
 
 Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote
 attackers to execute arbitrary code or cause a denial of service
 (out-of-bounds write) via vectors involving the sprintf and console
 functions (CVE-2014-1545).
 
 The updated nspr packages have been upgraded to the 4.10.6 version
 which is unaffected by this issue.
 
 Additionally:
 
 * The rootcerts package have been upgraded to the latest version as
 of 2014-04-01.
 
 * The nss packages have been upgraded to the latest 3.16.1 version
 which resolves various bugs.
 
 * The sqlite3 packages have been upgraded to the 3.7.17 version for
 mbs1 due to an prerequisite to nss-3.16.1.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545
 http://www.mozilla.org/security/announce/2014/mfsa2014-55.html
 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1_release_notes
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 871b7828588ddba14fe5a3fa63353872  mes5/i586/libnspr4-4.10.6-0.1mdvmes5.2.i586.rpm
 a2c0b64bc6cd6e64aacf08e403c904be  mes5/i586/libnspr-devel-4.10.6-0.1mdvmes5.2.i586.rpm
 7e5de8bd72b992637677b8f0e785cd70  mes5/i586/libnss3-3.16.1-0.1mdvmes5.2.i586.rpm
 59a76907525859e8c5abb08af67db573  mes5/i586/libnss-devel-3.16.1-0.1mdvmes5.2.i586.rpm
 ca78336fa128083dafc47d99a5327d4f  mes5/i586/libnss-static-devel-3.16.1-0.1mdvmes5.2.i586.rpm
 aa17566d41af3c754cd33c51408542e8  mes5/i586/nss-3.16.1-0.1mdvmes5.2.i586.rpm
 8fc865c9d74bb3acb6c39e780c555388  mes5/i586/nss-doc-3.16.1-0.1mdvmes5.2.i586.rpm
 2622f5d0951a9e82726f18ac0c870797  mes5/i586/rootcerts-20140401.00-1mdvmes5.2.i586.rpm
 a452214d3dbdd48f67e51a0f60d9a0d1  mes5/i586/rootcerts-java-20140401.00-1mdvmes5.2.i586.rpm 
 2e37cefc0d57e66c496117eef3f8b64e  mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm
 d81f1303fee6dda1d9931194434a72cd  mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm
 1693219abe0845f4b277b5ce0af65864  mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 fefb6ed175ff09964d4289dd2e35e4e2  mes5/x86_64/lib64nspr4-4.10.6-0.1mdvmes5.2.x86_64.rpm
 a742bdf485719a4241232ead1aa58d79  mes5/x86_64/lib64nspr-devel-4.10.6-0.1mdvmes5.2.x86_64.rpm
 e6c55cec0b0c593eed088947cedeafcc  mes5/x86_64/lib64nss3-3.16.1-0.1mdvmes5.2.x86_64.rpm
 e4d27cd845a04e8f20ade562131166bb  mes5/x86_64/lib64nss-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm
 6aa535f37bb44453f2ffb9e2c6300866  mes5/x86_64/lib64nss-static-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm
 85881c197e866031457d0c5e838c7130  mes5/x86_64/nss-3.16.1-0.1mdvmes5.2.x86_64.rpm
 daf3b5119cb885652bed0daf79a3b843  mes5/x86_64/nss-doc-3.16.1-0.1mdvmes5.2.x86_64.rpm
 22bcfc38fe4353ab329be15779ccbc4f  mes5/x86_64/rootcerts-20140401.00-1mdvmes5.2.x86_64.rpm
 7f53efea4b3bb272b1bd282aecbbe189  mes5/x86_64/rootcerts-java-20140401.00-1mdvmes5.2.x86_64.rpm 
 2e37cefc0d57e66c496117eef3f8b64e  mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm
 d81f1303fee6dda1d9931194434a72cd  mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm
 1693219abe0845f4b277b5ce0af65864  mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 971ca03b751a5b3e6d3afefdc8ebf02b  mbs1/x86_64/lemon-3.7.17-1.mbs1.x86_64.rpm
 a217173e1ad73f0e3fa53e3fa6f64846  mbs1/x86_64/lib64nspr4-4.10.6-1.mbs1.x86_64.rpm
 e2ec066d21ebcbf33610694b484a8dc5  mbs1/x86_64/lib64nspr-devel-4.10.6-1.mbs1.x86_64.rpm
 b72f56cea5af20b689605f8608bd4e43  mbs1/x86_64/lib64nss3-3.16.1-1.mbs1.x86_64.rpm
 d88bf2c9244bae5bf3eae084d59b2603  mbs1/x86_64/lib64nss-devel-3.16.1-1.mbs1.x86_64.rpm
 b0962cfd80a4b2ca46dab9daa6f6a7e0  mbs1/x86_64/lib64nss-static-devel-3.16.1-1.mbs1.x86_64.rpm
 0b334598f4f234861b4fbfb6f42467ec  mbs1/x86_64/lib64sqlite3_0-3.7.17-1.mbs1.x86_64.rpm
 55b279bec9fc53e46212df18367cdea6  mbs1/x86_64/lib64sqlite3-devel-3.7.17-1.mbs1.x86_64.rpm
 b21fb9c68187079fb0a14f2d7a5874f2  mbs1/x86_64/lib64sqlite3-static-devel-3.7.17-1.mbs1.x86_64.rpm
 725ad41fdbc1c547f2c1283c1c855f1a  mbs1/x86_64/nss-3.16.1-1.mbs1.x86_64.rpm
 45838333e5000ae1064c93697b67d110  mbs1/x86_64/nss-doc-3.16.1-1.mbs1.noarch.rpm
 ef3993eb75903e2da63133926a05bb93  mbs1/x86_64/rootcerts-20140401.00-1.mbs1.x86_64.rpm
 8ac879f760d140f51fa7a7b924530d94  mbs1/x86_64/rootcerts-java-20140401.00-1.mbs1.x86_64.rpm
 fac1dec8bb96d10acc8562afa5836943  mbs1/x86_64/sqlite3-tcl-3.7.17-1.mbs1.x86_64.rpm
 f78b319fc6f6e236c41bb6236f227afe  mbs1/x86_64/sqlite3-tools-3.7.17-1.mbs1.x86_64.rpm 
 65bf32ce4c4bcf079599cd8a87048e22  mbs1/SRPMS/nspr-4.10.6-1.mbs1.src.rpm
 5d15ba18cb5a6ce74922f332aff834dc  mbs1/SRPMS/nss-3.16.1-1.mbs1.src.rpm
 d38697d45661b225754d9cabbb314e3d  mbs1/SRPMS/rootcerts-20140401.00-1.mbs1.src.rpm
 d0f6f79de5b2fc80fdb420c8131dd73e  mbs1/SRPMS/sqlite3-3.7.17-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTmxfpmqjQ0CJFipgRAqKpAKCRDRLgX1XoAjq3M//3sJ1QiTljQgCgzvik
BunG6xas4C6dR9qp4MF9u7I=
=C4xJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ