Mandriva Linux Security Advisory 2013-257 - Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. The updated mozilla NSS and NSPR packages have been upgraded to the latest versions where the flaw has been fixed in NSS. The rootcerts packages have been upgraded providing the latest root CA certs from mozilla as of 2013/04/11. The sqlite3 packages for mes5 have been upgraded to the 3.7.17 version to satisfy the requirements for a future upcoming Firefox 24 ESR advisory.
f1386d2817faab7a95e01d2ce8eef7faadad17f6df2003fbcbe1f9bbbd73a913
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:257
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : nss
Date : October 23, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in mozilla NSS:
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure
that data structures are initialized before read operations, which
allow remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors that trigger a decryption failure
(CVE-2013-1739).
The updated mozilla NSS and NSPR packages have been upgraded to the
latest versions where the CVE-2013-1739 flaw has been fixed in NSS.
The rootcerts packages have been upgraded providing the latest root
CA certs from mozilla as of 2013/04/11.
The sqlite3 packages for mes5 have been upgraded to the 3.7.17
version to satisfy the requirements for a future upcoming Firefox 24
ESR advisory.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
587019df50bb6ef8753566cf2a8cb4de mes5/i586/lemon-3.7.17-0.1mdvmes5.2.i586.rpm
82008150781f6d5f23553b162a753c79 mes5/i586/libnspr4-4.10.1-0.1mdvmes5.2.i586.rpm
9ff3b9941e2fd1dbb0cfa1cd58f09609 mes5/i586/libnspr-devel-4.10.1-0.1mdvmes5.2.i586.rpm
8a8107bad2958256418cb60c4e8062a5 mes5/i586/libnss3-3.15.2-0.1mdvmes5.2.i586.rpm
a7b0f150d386cddbdf4ed8af22f40302 mes5/i586/libnss-devel-3.15.2-0.1mdvmes5.2.i586.rpm
d5a8d29bd68428fba07fdd5f831e34a0 mes5/i586/libnss-static-devel-3.15.2-0.1mdvmes5.2.i586.rpm
57c7a509496c35f378854cba4948c46e mes5/i586/libsqlite3_0-3.7.17-0.1mdvmes5.2.i586.rpm
f02fe8f3d3fb794c2be28b42d3d1089a mes5/i586/libsqlite3-devel-3.7.17-0.1mdvmes5.2.i586.rpm
2faafb664205b424d525bedbdc54392a mes5/i586/libsqlite3-static-devel-3.7.17-0.1mdvmes5.2.i586.rpm
f2682f1c278247418c666a2a8fefb2c8 mes5/i586/nss-3.15.2-0.1mdvmes5.2.i586.rpm
fca6f06e016af9ff9e844d37abfb9601 mes5/i586/nss-doc-3.15.2-0.1mdvmes5.2.i586.rpm
ae326abf0a69ac6ab4bc5ee4550cc19c mes5/i586/rootcerts-20130411.00-1mdvmes5.2.i586.rpm
33ddec006b6c5370bd1b693eb5721b06 mes5/i586/rootcerts-java-20130411.00-1mdvmes5.2.i586.rpm
47601080d70c2a456ca46fd98fa4a8b0 mes5/i586/sqlite3-tcl-3.7.17-0.1mdvmes5.2.i586.rpm
7b8e73e484857f6ad66a1ba2757e1a25 mes5/i586/sqlite3-tools-3.7.17-0.1mdvmes5.2.i586.rpm
384b405ffe3c7ea9bcd7b51aaa6d2835 mes5/SRPMS/nspr-4.10.1-0.1mdvmes5.2.src.rpm
e433c4a380791da522b2198de6418328 mes5/SRPMS/nss-3.15.2-0.1mdvmes5.2.src.rpm
f2760a11ee4ce795f7ff3c143db5f32d mes5/SRPMS/rootcerts-20130411.00-1mdvmes5.2.src.rpm
1f361abd2225db81b21a359ccd44cd65 mes5/SRPMS/sqlite3-3.7.17-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
1d98b3083fada8ad644f4c51e2b6aa03 mes5/x86_64/lemon-3.7.17-0.1mdvmes5.2.x86_64.rpm
7bf3b9072f8f3a6097f1462176962f02 mes5/x86_64/lib64nspr4-4.10.1-0.1mdvmes5.2.x86_64.rpm
2690833d5e1972b1baa9849dd5a8a96d mes5/x86_64/lib64nspr-devel-4.10.1-0.1mdvmes5.2.x86_64.rpm
3715d923c9fb69dee65b5e23363d62b6 mes5/x86_64/lib64nss3-3.15.2-0.1mdvmes5.2.x86_64.rpm
1c6a20d0612ff100e77ed4bc1f69f15f mes5/x86_64/lib64nss-devel-3.15.2-0.1mdvmes5.2.x86_64.rpm
f15d15e29c982e314fb3d48c3e1f6b99 mes5/x86_64/lib64nss-static-devel-3.15.2-0.1mdvmes5.2.x86_64.rpm
55fad65e1cdcaf9351375a8ab8728668 mes5/x86_64/lib64sqlite3_0-3.7.17-0.1mdvmes5.2.x86_64.rpm
a76a8be2ab8412541695bd00b7beea83 mes5/x86_64/lib64sqlite3-devel-3.7.17-0.1mdvmes5.2.x86_64.rpm
e8a235871039b91d399b4608f2fbc8ce mes5/x86_64/lib64sqlite3-static-devel-3.7.17-0.1mdvmes5.2.x86_64.rpm
2abb704cc2806c97c534feb14c98d419 mes5/x86_64/nss-3.15.2-0.1mdvmes5.2.x86_64.rpm
70247384c252e09c2033a4651dbe7629 mes5/x86_64/nss-doc-3.15.2-0.1mdvmes5.2.x86_64.rpm
92530d8a7db00374f6b33ad56a4d5b48 mes5/x86_64/rootcerts-20130411.00-1mdvmes5.2.x86_64.rpm
5aeed38e9df38304330331a38c92a6e4 mes5/x86_64/rootcerts-java-20130411.00-1mdvmes5.2.x86_64.rpm
32c192e5eb1e361eb1dfbcd2d73006a1 mes5/x86_64/sqlite3-tcl-3.7.17-0.1mdvmes5.2.x86_64.rpm
366810425a1fd0cf72264d3a2a5c3b5e mes5/x86_64/sqlite3-tools-3.7.17-0.1mdvmes5.2.x86_64.rpm
384b405ffe3c7ea9bcd7b51aaa6d2835 mes5/SRPMS/nspr-4.10.1-0.1mdvmes5.2.src.rpm
e433c4a380791da522b2198de6418328 mes5/SRPMS/nss-3.15.2-0.1mdvmes5.2.src.rpm
f2760a11ee4ce795f7ff3c143db5f32d mes5/SRPMS/rootcerts-20130411.00-1mdvmes5.2.src.rpm
1f361abd2225db81b21a359ccd44cd65 mes5/SRPMS/sqlite3-3.7.17-0.1mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
f94509f81408f107c495dbe1a10f7c8d mbs1/x86_64/lib64nspr4-4.10.1-1.mbs1.x86_64.rpm
51fe851d5b93eede85715d8141ae386c mbs1/x86_64/lib64nspr-devel-4.10.1-1.mbs1.x86_64.rpm
2fc980b35d3b868850f59a557c9d76dd mbs1/x86_64/lib64nss3-3.15.2-1.mbs1.x86_64.rpm
48491aff7b534d29c456c83a3efd30f8 mbs1/x86_64/lib64nss-devel-3.15.2-1.mbs1.x86_64.rpm
365cb054fc0dda3e09c56477f2359166 mbs1/x86_64/lib64nss-static-devel-3.15.2-1.mbs1.x86_64.rpm
d4942a9a039c245d881641a41fa7639d mbs1/x86_64/nss-3.15.2-1.mbs1.x86_64.rpm
30fd49690e3d78fa976b3acc70bd3a61 mbs1/x86_64/nss-doc-3.15.2-1.mbs1.noarch.rpm
e082d21b5bd53a38be220b4d033b0922 mbs1/x86_64/rootcerts-20130411.00-1.mbs1.x86_64.rpm
54a1661464b62db879a95b8dc14d4662 mbs1/x86_64/rootcerts-java-20130411.00-1.mbs1.x86_64.rpm
d1eb79e5183c02465f20df148da90ed0 mbs1/SRPMS/nspr-4.10.1-1.mbs1.src.rpm
936ddd455f27b802e42b360440fa7514 mbs1/SRPMS/nss-3.15.2-1.mbs1.src.rpm
a2c2fe7591e999e8e1354d2dee1c1dbd mbs1/SRPMS/rootcerts-20130411.00-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSZ3A/mqjQ0CJFipgRAuayAJwOKuFgVWA0AZ2GPFdFHRchHvgvRQCfaxg/
ZYbVRZbcud6QvL0nYKzoPm4=
=EwpK
-----END PGP SIGNATURE-----