accept no compromises

Mandriva Linux Security Advisory 2014-125

Mandriva Linux Security Advisory 2014-125
Posted Jun 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-125 - Mozilla Netscape Portable Runtime before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service via vectors involving the sprintf and console functions. The updated nspr packages have been upgraded to the 4.10.6 version which is unaffected by this issue.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2014-1545
MD5 | d365d4f2c0f68de73c6e27c872209d8d

Mandriva Linux Security Advisory 2014-125

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:125
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : nspr
Date : June 13, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been discovered and corrected in nspr:

Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote
attackers to execute arbitrary code or cause a denial of service
(out-of-bounds write) via vectors involving the sprintf and console
functions (CVE-2014-1545).

The updated nspr packages have been upgraded to the 4.10.6 version
which is unaffected by this issue.

Additionally:

* The rootcerts package have been upgraded to the latest version as
of 2014-04-01.

* The nss packages have been upgraded to the latest 3.16.1 version
which resolves various bugs.

* The sqlite3 packages have been upgraded to the 3.7.17 version for
mbs1 due to an prerequisite to nss-3.16.1.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545
http://www.mozilla.org/security/announce/2014/mfsa2014-55.html
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1_release_notes
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
871b7828588ddba14fe5a3fa63353872 mes5/i586/libnspr4-4.10.6-0.1mdvmes5.2.i586.rpm
a2c0b64bc6cd6e64aacf08e403c904be mes5/i586/libnspr-devel-4.10.6-0.1mdvmes5.2.i586.rpm
7e5de8bd72b992637677b8f0e785cd70 mes5/i586/libnss3-3.16.1-0.1mdvmes5.2.i586.rpm
59a76907525859e8c5abb08af67db573 mes5/i586/libnss-devel-3.16.1-0.1mdvmes5.2.i586.rpm
ca78336fa128083dafc47d99a5327d4f mes5/i586/libnss-static-devel-3.16.1-0.1mdvmes5.2.i586.rpm
aa17566d41af3c754cd33c51408542e8 mes5/i586/nss-3.16.1-0.1mdvmes5.2.i586.rpm
8fc865c9d74bb3acb6c39e780c555388 mes5/i586/nss-doc-3.16.1-0.1mdvmes5.2.i586.rpm
2622f5d0951a9e82726f18ac0c870797 mes5/i586/rootcerts-20140401.00-1mdvmes5.2.i586.rpm
a452214d3dbdd48f67e51a0f60d9a0d1 mes5/i586/rootcerts-java-20140401.00-1mdvmes5.2.i586.rpm
2e37cefc0d57e66c496117eef3f8b64e mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm
d81f1303fee6dda1d9931194434a72cd mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm
1693219abe0845f4b277b5ce0af65864 mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
fefb6ed175ff09964d4289dd2e35e4e2 mes5/x86_64/lib64nspr4-4.10.6-0.1mdvmes5.2.x86_64.rpm
a742bdf485719a4241232ead1aa58d79 mes5/x86_64/lib64nspr-devel-4.10.6-0.1mdvmes5.2.x86_64.rpm
e6c55cec0b0c593eed088947cedeafcc mes5/x86_64/lib64nss3-3.16.1-0.1mdvmes5.2.x86_64.rpm
e4d27cd845a04e8f20ade562131166bb mes5/x86_64/lib64nss-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm
6aa535f37bb44453f2ffb9e2c6300866 mes5/x86_64/lib64nss-static-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm
85881c197e866031457d0c5e838c7130 mes5/x86_64/nss-3.16.1-0.1mdvmes5.2.x86_64.rpm
daf3b5119cb885652bed0daf79a3b843 mes5/x86_64/nss-doc-3.16.1-0.1mdvmes5.2.x86_64.rpm
22bcfc38fe4353ab329be15779ccbc4f mes5/x86_64/rootcerts-20140401.00-1mdvmes5.2.x86_64.rpm
7f53efea4b3bb272b1bd282aecbbe189 mes5/x86_64/rootcerts-java-20140401.00-1mdvmes5.2.x86_64.rpm
2e37cefc0d57e66c496117eef3f8b64e mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm
d81f1303fee6dda1d9931194434a72cd mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm
1693219abe0845f4b277b5ce0af65864 mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
971ca03b751a5b3e6d3afefdc8ebf02b mbs1/x86_64/lemon-3.7.17-1.mbs1.x86_64.rpm
a217173e1ad73f0e3fa53e3fa6f64846 mbs1/x86_64/lib64nspr4-4.10.6-1.mbs1.x86_64.rpm
e2ec066d21ebcbf33610694b484a8dc5 mbs1/x86_64/lib64nspr-devel-4.10.6-1.mbs1.x86_64.rpm
b72f56cea5af20b689605f8608bd4e43 mbs1/x86_64/lib64nss3-3.16.1-1.mbs1.x86_64.rpm
d88bf2c9244bae5bf3eae084d59b2603 mbs1/x86_64/lib64nss-devel-3.16.1-1.mbs1.x86_64.rpm
b0962cfd80a4b2ca46dab9daa6f6a7e0 mbs1/x86_64/lib64nss-static-devel-3.16.1-1.mbs1.x86_64.rpm
0b334598f4f234861b4fbfb6f42467ec mbs1/x86_64/lib64sqlite3_0-3.7.17-1.mbs1.x86_64.rpm
55b279bec9fc53e46212df18367cdea6 mbs1/x86_64/lib64sqlite3-devel-3.7.17-1.mbs1.x86_64.rpm
b21fb9c68187079fb0a14f2d7a5874f2 mbs1/x86_64/lib64sqlite3-static-devel-3.7.17-1.mbs1.x86_64.rpm
725ad41fdbc1c547f2c1283c1c855f1a mbs1/x86_64/nss-3.16.1-1.mbs1.x86_64.rpm
45838333e5000ae1064c93697b67d110 mbs1/x86_64/nss-doc-3.16.1-1.mbs1.noarch.rpm
ef3993eb75903e2da63133926a05bb93 mbs1/x86_64/rootcerts-20140401.00-1.mbs1.x86_64.rpm
8ac879f760d140f51fa7a7b924530d94 mbs1/x86_64/rootcerts-java-20140401.00-1.mbs1.x86_64.rpm
fac1dec8bb96d10acc8562afa5836943 mbs1/x86_64/sqlite3-tcl-3.7.17-1.mbs1.x86_64.rpm
f78b319fc6f6e236c41bb6236f227afe mbs1/x86_64/sqlite3-tools-3.7.17-1.mbs1.x86_64.rpm
65bf32ce4c4bcf079599cd8a87048e22 mbs1/SRPMS/nspr-4.10.6-1.mbs1.src.rpm
5d15ba18cb5a6ce74922f332aff834dc mbs1/SRPMS/nss-3.16.1-1.mbs1.src.rpm
d38697d45661b225754d9cabbb314e3d mbs1/SRPMS/rootcerts-20140401.00-1.mbs1.src.rpm
d0f6f79de5b2fc80fdb420c8131dd73e mbs1/SRPMS/sqlite3-3.7.17-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTmxfpmqjQ0CJFipgRAqKpAKCRDRLgX1XoAjq3M//3sJ1QiTljQgCgzvik
BunG6xas4C6dR9qp4MF9u7I=
=C4xJ
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close