what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2014-125

Mandriva Linux Security Advisory 2014-125
Posted Jun 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-125 - Mozilla Netscape Portable Runtime before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service via vectors involving the sprintf and console functions. The updated nspr packages have been upgraded to the 4.10.6 version which is unaffected by this issue.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2014-1545
SHA-256 | 920fede0411a1a0bcc21b4e57061b9623745ffea51d8d4553d6c70d950c0a435

Mandriva Linux Security Advisory 2014-125

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:125
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : nspr
Date : June 13, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been discovered and corrected in nspr:

Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote
attackers to execute arbitrary code or cause a denial of service
(out-of-bounds write) via vectors involving the sprintf and console
functions (CVE-2014-1545).

The updated nspr packages have been upgraded to the 4.10.6 version
which is unaffected by this issue.

Additionally:

* The rootcerts package have been upgraded to the latest version as
of 2014-04-01.

* The nss packages have been upgraded to the latest 3.16.1 version
which resolves various bugs.

* The sqlite3 packages have been upgraded to the 3.7.17 version for
mbs1 due to an prerequisite to nss-3.16.1.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545
http://www.mozilla.org/security/announce/2014/mfsa2014-55.html
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1_release_notes
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
871b7828588ddba14fe5a3fa63353872 mes5/i586/libnspr4-4.10.6-0.1mdvmes5.2.i586.rpm
a2c0b64bc6cd6e64aacf08e403c904be mes5/i586/libnspr-devel-4.10.6-0.1mdvmes5.2.i586.rpm
7e5de8bd72b992637677b8f0e785cd70 mes5/i586/libnss3-3.16.1-0.1mdvmes5.2.i586.rpm
59a76907525859e8c5abb08af67db573 mes5/i586/libnss-devel-3.16.1-0.1mdvmes5.2.i586.rpm
ca78336fa128083dafc47d99a5327d4f mes5/i586/libnss-static-devel-3.16.1-0.1mdvmes5.2.i586.rpm
aa17566d41af3c754cd33c51408542e8 mes5/i586/nss-3.16.1-0.1mdvmes5.2.i586.rpm
8fc865c9d74bb3acb6c39e780c555388 mes5/i586/nss-doc-3.16.1-0.1mdvmes5.2.i586.rpm
2622f5d0951a9e82726f18ac0c870797 mes5/i586/rootcerts-20140401.00-1mdvmes5.2.i586.rpm
a452214d3dbdd48f67e51a0f60d9a0d1 mes5/i586/rootcerts-java-20140401.00-1mdvmes5.2.i586.rpm
2e37cefc0d57e66c496117eef3f8b64e mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm
d81f1303fee6dda1d9931194434a72cd mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm
1693219abe0845f4b277b5ce0af65864 mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
fefb6ed175ff09964d4289dd2e35e4e2 mes5/x86_64/lib64nspr4-4.10.6-0.1mdvmes5.2.x86_64.rpm
a742bdf485719a4241232ead1aa58d79 mes5/x86_64/lib64nspr-devel-4.10.6-0.1mdvmes5.2.x86_64.rpm
e6c55cec0b0c593eed088947cedeafcc mes5/x86_64/lib64nss3-3.16.1-0.1mdvmes5.2.x86_64.rpm
e4d27cd845a04e8f20ade562131166bb mes5/x86_64/lib64nss-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm
6aa535f37bb44453f2ffb9e2c6300866 mes5/x86_64/lib64nss-static-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm
85881c197e866031457d0c5e838c7130 mes5/x86_64/nss-3.16.1-0.1mdvmes5.2.x86_64.rpm
daf3b5119cb885652bed0daf79a3b843 mes5/x86_64/nss-doc-3.16.1-0.1mdvmes5.2.x86_64.rpm
22bcfc38fe4353ab329be15779ccbc4f mes5/x86_64/rootcerts-20140401.00-1mdvmes5.2.x86_64.rpm
7f53efea4b3bb272b1bd282aecbbe189 mes5/x86_64/rootcerts-java-20140401.00-1mdvmes5.2.x86_64.rpm
2e37cefc0d57e66c496117eef3f8b64e mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm
d81f1303fee6dda1d9931194434a72cd mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm
1693219abe0845f4b277b5ce0af65864 mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
971ca03b751a5b3e6d3afefdc8ebf02b mbs1/x86_64/lemon-3.7.17-1.mbs1.x86_64.rpm
a217173e1ad73f0e3fa53e3fa6f64846 mbs1/x86_64/lib64nspr4-4.10.6-1.mbs1.x86_64.rpm
e2ec066d21ebcbf33610694b484a8dc5 mbs1/x86_64/lib64nspr-devel-4.10.6-1.mbs1.x86_64.rpm
b72f56cea5af20b689605f8608bd4e43 mbs1/x86_64/lib64nss3-3.16.1-1.mbs1.x86_64.rpm
d88bf2c9244bae5bf3eae084d59b2603 mbs1/x86_64/lib64nss-devel-3.16.1-1.mbs1.x86_64.rpm
b0962cfd80a4b2ca46dab9daa6f6a7e0 mbs1/x86_64/lib64nss-static-devel-3.16.1-1.mbs1.x86_64.rpm
0b334598f4f234861b4fbfb6f42467ec mbs1/x86_64/lib64sqlite3_0-3.7.17-1.mbs1.x86_64.rpm
55b279bec9fc53e46212df18367cdea6 mbs1/x86_64/lib64sqlite3-devel-3.7.17-1.mbs1.x86_64.rpm
b21fb9c68187079fb0a14f2d7a5874f2 mbs1/x86_64/lib64sqlite3-static-devel-3.7.17-1.mbs1.x86_64.rpm
725ad41fdbc1c547f2c1283c1c855f1a mbs1/x86_64/nss-3.16.1-1.mbs1.x86_64.rpm
45838333e5000ae1064c93697b67d110 mbs1/x86_64/nss-doc-3.16.1-1.mbs1.noarch.rpm
ef3993eb75903e2da63133926a05bb93 mbs1/x86_64/rootcerts-20140401.00-1.mbs1.x86_64.rpm
8ac879f760d140f51fa7a7b924530d94 mbs1/x86_64/rootcerts-java-20140401.00-1.mbs1.x86_64.rpm
fac1dec8bb96d10acc8562afa5836943 mbs1/x86_64/sqlite3-tcl-3.7.17-1.mbs1.x86_64.rpm
f78b319fc6f6e236c41bb6236f227afe mbs1/x86_64/sqlite3-tools-3.7.17-1.mbs1.x86_64.rpm
65bf32ce4c4bcf079599cd8a87048e22 mbs1/SRPMS/nspr-4.10.6-1.mbs1.src.rpm
5d15ba18cb5a6ce74922f332aff834dc mbs1/SRPMS/nss-3.16.1-1.mbs1.src.rpm
d38697d45661b225754d9cabbb314e3d mbs1/SRPMS/rootcerts-20140401.00-1.mbs1.src.rpm
d0f6f79de5b2fc80fdb420c8131dd73e mbs1/SRPMS/sqlite3-3.7.17-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTmxfpmqjQ0CJFipgRAqKpAKCRDRLgX1XoAjq3M//3sJ1QiTljQgCgzvik
BunG6xas4C6dR9qp4MF9u7I=
=C4xJ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close