lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VYv6f-0002SK-3R@titan.mandriva.com>
Date: Wed, 23 Oct 2013 11:52:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:257 ] nss

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:257
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : nss
 Date    : October 23, 2013
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in mozilla NSS:
 
 Mozilla Network Security Services (NSS) before 3.15.2 does not ensure
 that data structures are initialized before read operations, which
 allow remote attackers to cause a denial of service or possibly have
 unspecified other impact via vectors that trigger a decryption failure
 (CVE-2013-1739).
 
 The updated mozilla NSS and NSPR packages have been upgraded to the
 latest versions where the CVE-2013-1739 flaw has been fixed in NSS.
 
 The rootcerts packages have been upgraded providing the latest root
 CA certs from mozilla as of 2013/04/11.
 
 The sqlite3 packages for mes5 have been upgraded to the 3.7.17
 version to satisfy the requirements for a future upcoming Firefox 24
 ESR advisory.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 587019df50bb6ef8753566cf2a8cb4de  mes5/i586/lemon-3.7.17-0.1mdvmes5.2.i586.rpm
 82008150781f6d5f23553b162a753c79  mes5/i586/libnspr4-4.10.1-0.1mdvmes5.2.i586.rpm
 9ff3b9941e2fd1dbb0cfa1cd58f09609  mes5/i586/libnspr-devel-4.10.1-0.1mdvmes5.2.i586.rpm
 8a8107bad2958256418cb60c4e8062a5  mes5/i586/libnss3-3.15.2-0.1mdvmes5.2.i586.rpm
 a7b0f150d386cddbdf4ed8af22f40302  mes5/i586/libnss-devel-3.15.2-0.1mdvmes5.2.i586.rpm
 d5a8d29bd68428fba07fdd5f831e34a0  mes5/i586/libnss-static-devel-3.15.2-0.1mdvmes5.2.i586.rpm
 57c7a509496c35f378854cba4948c46e  mes5/i586/libsqlite3_0-3.7.17-0.1mdvmes5.2.i586.rpm
 f02fe8f3d3fb794c2be28b42d3d1089a  mes5/i586/libsqlite3-devel-3.7.17-0.1mdvmes5.2.i586.rpm
 2faafb664205b424d525bedbdc54392a  mes5/i586/libsqlite3-static-devel-3.7.17-0.1mdvmes5.2.i586.rpm
 f2682f1c278247418c666a2a8fefb2c8  mes5/i586/nss-3.15.2-0.1mdvmes5.2.i586.rpm
 fca6f06e016af9ff9e844d37abfb9601  mes5/i586/nss-doc-3.15.2-0.1mdvmes5.2.i586.rpm
 ae326abf0a69ac6ab4bc5ee4550cc19c  mes5/i586/rootcerts-20130411.00-1mdvmes5.2.i586.rpm
 33ddec006b6c5370bd1b693eb5721b06  mes5/i586/rootcerts-java-20130411.00-1mdvmes5.2.i586.rpm
 47601080d70c2a456ca46fd98fa4a8b0  mes5/i586/sqlite3-tcl-3.7.17-0.1mdvmes5.2.i586.rpm
 7b8e73e484857f6ad66a1ba2757e1a25  mes5/i586/sqlite3-tools-3.7.17-0.1mdvmes5.2.i586.rpm 
 384b405ffe3c7ea9bcd7b51aaa6d2835  mes5/SRPMS/nspr-4.10.1-0.1mdvmes5.2.src.rpm
 e433c4a380791da522b2198de6418328  mes5/SRPMS/nss-3.15.2-0.1mdvmes5.2.src.rpm
 f2760a11ee4ce795f7ff3c143db5f32d  mes5/SRPMS/rootcerts-20130411.00-1mdvmes5.2.src.rpm
 1f361abd2225db81b21a359ccd44cd65  mes5/SRPMS/sqlite3-3.7.17-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 1d98b3083fada8ad644f4c51e2b6aa03  mes5/x86_64/lemon-3.7.17-0.1mdvmes5.2.x86_64.rpm
 7bf3b9072f8f3a6097f1462176962f02  mes5/x86_64/lib64nspr4-4.10.1-0.1mdvmes5.2.x86_64.rpm
 2690833d5e1972b1baa9849dd5a8a96d  mes5/x86_64/lib64nspr-devel-4.10.1-0.1mdvmes5.2.x86_64.rpm
 3715d923c9fb69dee65b5e23363d62b6  mes5/x86_64/lib64nss3-3.15.2-0.1mdvmes5.2.x86_64.rpm
 1c6a20d0612ff100e77ed4bc1f69f15f  mes5/x86_64/lib64nss-devel-3.15.2-0.1mdvmes5.2.x86_64.rpm
 f15d15e29c982e314fb3d48c3e1f6b99  mes5/x86_64/lib64nss-static-devel-3.15.2-0.1mdvmes5.2.x86_64.rpm
 55fad65e1cdcaf9351375a8ab8728668  mes5/x86_64/lib64sqlite3_0-3.7.17-0.1mdvmes5.2.x86_64.rpm
 a76a8be2ab8412541695bd00b7beea83  mes5/x86_64/lib64sqlite3-devel-3.7.17-0.1mdvmes5.2.x86_64.rpm
 e8a235871039b91d399b4608f2fbc8ce  mes5/x86_64/lib64sqlite3-static-devel-3.7.17-0.1mdvmes5.2.x86_64.rpm
 2abb704cc2806c97c534feb14c98d419  mes5/x86_64/nss-3.15.2-0.1mdvmes5.2.x86_64.rpm
 70247384c252e09c2033a4651dbe7629  mes5/x86_64/nss-doc-3.15.2-0.1mdvmes5.2.x86_64.rpm
 92530d8a7db00374f6b33ad56a4d5b48  mes5/x86_64/rootcerts-20130411.00-1mdvmes5.2.x86_64.rpm
 5aeed38e9df38304330331a38c92a6e4  mes5/x86_64/rootcerts-java-20130411.00-1mdvmes5.2.x86_64.rpm
 32c192e5eb1e361eb1dfbcd2d73006a1  mes5/x86_64/sqlite3-tcl-3.7.17-0.1mdvmes5.2.x86_64.rpm
 366810425a1fd0cf72264d3a2a5c3b5e  mes5/x86_64/sqlite3-tools-3.7.17-0.1mdvmes5.2.x86_64.rpm 
 384b405ffe3c7ea9bcd7b51aaa6d2835  mes5/SRPMS/nspr-4.10.1-0.1mdvmes5.2.src.rpm
 e433c4a380791da522b2198de6418328  mes5/SRPMS/nss-3.15.2-0.1mdvmes5.2.src.rpm
 f2760a11ee4ce795f7ff3c143db5f32d  mes5/SRPMS/rootcerts-20130411.00-1mdvmes5.2.src.rpm
 1f361abd2225db81b21a359ccd44cd65  mes5/SRPMS/sqlite3-3.7.17-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 f94509f81408f107c495dbe1a10f7c8d  mbs1/x86_64/lib64nspr4-4.10.1-1.mbs1.x86_64.rpm
 51fe851d5b93eede85715d8141ae386c  mbs1/x86_64/lib64nspr-devel-4.10.1-1.mbs1.x86_64.rpm
 2fc980b35d3b868850f59a557c9d76dd  mbs1/x86_64/lib64nss3-3.15.2-1.mbs1.x86_64.rpm
 48491aff7b534d29c456c83a3efd30f8  mbs1/x86_64/lib64nss-devel-3.15.2-1.mbs1.x86_64.rpm
 365cb054fc0dda3e09c56477f2359166  mbs1/x86_64/lib64nss-static-devel-3.15.2-1.mbs1.x86_64.rpm
 d4942a9a039c245d881641a41fa7639d  mbs1/x86_64/nss-3.15.2-1.mbs1.x86_64.rpm
 30fd49690e3d78fa976b3acc70bd3a61  mbs1/x86_64/nss-doc-3.15.2-1.mbs1.noarch.rpm
 e082d21b5bd53a38be220b4d033b0922  mbs1/x86_64/rootcerts-20130411.00-1.mbs1.x86_64.rpm
 54a1661464b62db879a95b8dc14d4662  mbs1/x86_64/rootcerts-java-20130411.00-1.mbs1.x86_64.rpm 
 d1eb79e5183c02465f20df148da90ed0  mbs1/SRPMS/nspr-4.10.1-1.mbs1.src.rpm
 936ddd455f27b802e42b360440fa7514  mbs1/SRPMS/nss-3.15.2-1.mbs1.src.rpm
 a2c2fe7591e999e8e1354d2dee1c1dbd  mbs1/SRPMS/rootcerts-20130411.00-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSZ3A/mqjQ0CJFipgRAuayAJwOKuFgVWA0AZ2GPFdFHRchHvgvRQCfaxg/
ZYbVRZbcud6QvL0nYKzoPm4=
=EwpK
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ