-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:257 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : nss Date : October 23, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in mozilla NSS: Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure (CVE-2013-1739). The updated mozilla NSS and NSPR packages have been upgraded to the latest versions where the CVE-2013-1739 flaw has been fixed in NSS. The rootcerts packages have been upgraded providing the latest root CA certs from mozilla as of 2013/04/11. The sqlite3 packages for mes5 have been upgraded to the 3.7.17 version to satisfy the requirements for a future upcoming Firefox 24 ESR advisory. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 587019df50bb6ef8753566cf2a8cb4de mes5/i586/lemon-3.7.17-0.1mdvmes5.2.i586.rpm 82008150781f6d5f23553b162a753c79 mes5/i586/libnspr4-4.10.1-0.1mdvmes5.2.i586.rpm 9ff3b9941e2fd1dbb0cfa1cd58f09609 mes5/i586/libnspr-devel-4.10.1-0.1mdvmes5.2.i586.rpm 8a8107bad2958256418cb60c4e8062a5 mes5/i586/libnss3-3.15.2-0.1mdvmes5.2.i586.rpm a7b0f150d386cddbdf4ed8af22f40302 mes5/i586/libnss-devel-3.15.2-0.1mdvmes5.2.i586.rpm d5a8d29bd68428fba07fdd5f831e34a0 mes5/i586/libnss-static-devel-3.15.2-0.1mdvmes5.2.i586.rpm 57c7a509496c35f378854cba4948c46e mes5/i586/libsqlite3_0-3.7.17-0.1mdvmes5.2.i586.rpm f02fe8f3d3fb794c2be28b42d3d1089a mes5/i586/libsqlite3-devel-3.7.17-0.1mdvmes5.2.i586.rpm 2faafb664205b424d525bedbdc54392a mes5/i586/libsqlite3-static-devel-3.7.17-0.1mdvmes5.2.i586.rpm f2682f1c278247418c666a2a8fefb2c8 mes5/i586/nss-3.15.2-0.1mdvmes5.2.i586.rpm fca6f06e016af9ff9e844d37abfb9601 mes5/i586/nss-doc-3.15.2-0.1mdvmes5.2.i586.rpm ae326abf0a69ac6ab4bc5ee4550cc19c mes5/i586/rootcerts-20130411.00-1mdvmes5.2.i586.rpm 33ddec006b6c5370bd1b693eb5721b06 mes5/i586/rootcerts-java-20130411.00-1mdvmes5.2.i586.rpm 47601080d70c2a456ca46fd98fa4a8b0 mes5/i586/sqlite3-tcl-3.7.17-0.1mdvmes5.2.i586.rpm 7b8e73e484857f6ad66a1ba2757e1a25 mes5/i586/sqlite3-tools-3.7.17-0.1mdvmes5.2.i586.rpm 384b405ffe3c7ea9bcd7b51aaa6d2835 mes5/SRPMS/nspr-4.10.1-0.1mdvmes5.2.src.rpm e433c4a380791da522b2198de6418328 mes5/SRPMS/nss-3.15.2-0.1mdvmes5.2.src.rpm f2760a11ee4ce795f7ff3c143db5f32d mes5/SRPMS/rootcerts-20130411.00-1mdvmes5.2.src.rpm 1f361abd2225db81b21a359ccd44cd65 mes5/SRPMS/sqlite3-3.7.17-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 1d98b3083fada8ad644f4c51e2b6aa03 mes5/x86_64/lemon-3.7.17-0.1mdvmes5.2.x86_64.rpm 7bf3b9072f8f3a6097f1462176962f02 mes5/x86_64/lib64nspr4-4.10.1-0.1mdvmes5.2.x86_64.rpm 2690833d5e1972b1baa9849dd5a8a96d mes5/x86_64/lib64nspr-devel-4.10.1-0.1mdvmes5.2.x86_64.rpm 3715d923c9fb69dee65b5e23363d62b6 mes5/x86_64/lib64nss3-3.15.2-0.1mdvmes5.2.x86_64.rpm 1c6a20d0612ff100e77ed4bc1f69f15f mes5/x86_64/lib64nss-devel-3.15.2-0.1mdvmes5.2.x86_64.rpm f15d15e29c982e314fb3d48c3e1f6b99 mes5/x86_64/lib64nss-static-devel-3.15.2-0.1mdvmes5.2.x86_64.rpm 55fad65e1cdcaf9351375a8ab8728668 mes5/x86_64/lib64sqlite3_0-3.7.17-0.1mdvmes5.2.x86_64.rpm a76a8be2ab8412541695bd00b7beea83 mes5/x86_64/lib64sqlite3-devel-3.7.17-0.1mdvmes5.2.x86_64.rpm e8a235871039b91d399b4608f2fbc8ce mes5/x86_64/lib64sqlite3-static-devel-3.7.17-0.1mdvmes5.2.x86_64.rpm 2abb704cc2806c97c534feb14c98d419 mes5/x86_64/nss-3.15.2-0.1mdvmes5.2.x86_64.rpm 70247384c252e09c2033a4651dbe7629 mes5/x86_64/nss-doc-3.15.2-0.1mdvmes5.2.x86_64.rpm 92530d8a7db00374f6b33ad56a4d5b48 mes5/x86_64/rootcerts-20130411.00-1mdvmes5.2.x86_64.rpm 5aeed38e9df38304330331a38c92a6e4 mes5/x86_64/rootcerts-java-20130411.00-1mdvmes5.2.x86_64.rpm 32c192e5eb1e361eb1dfbcd2d73006a1 mes5/x86_64/sqlite3-tcl-3.7.17-0.1mdvmes5.2.x86_64.rpm 366810425a1fd0cf72264d3a2a5c3b5e mes5/x86_64/sqlite3-tools-3.7.17-0.1mdvmes5.2.x86_64.rpm 384b405ffe3c7ea9bcd7b51aaa6d2835 mes5/SRPMS/nspr-4.10.1-0.1mdvmes5.2.src.rpm e433c4a380791da522b2198de6418328 mes5/SRPMS/nss-3.15.2-0.1mdvmes5.2.src.rpm f2760a11ee4ce795f7ff3c143db5f32d mes5/SRPMS/rootcerts-20130411.00-1mdvmes5.2.src.rpm 1f361abd2225db81b21a359ccd44cd65 mes5/SRPMS/sqlite3-3.7.17-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: f94509f81408f107c495dbe1a10f7c8d mbs1/x86_64/lib64nspr4-4.10.1-1.mbs1.x86_64.rpm 51fe851d5b93eede85715d8141ae386c mbs1/x86_64/lib64nspr-devel-4.10.1-1.mbs1.x86_64.rpm 2fc980b35d3b868850f59a557c9d76dd mbs1/x86_64/lib64nss3-3.15.2-1.mbs1.x86_64.rpm 48491aff7b534d29c456c83a3efd30f8 mbs1/x86_64/lib64nss-devel-3.15.2-1.mbs1.x86_64.rpm 365cb054fc0dda3e09c56477f2359166 mbs1/x86_64/lib64nss-static-devel-3.15.2-1.mbs1.x86_64.rpm d4942a9a039c245d881641a41fa7639d mbs1/x86_64/nss-3.15.2-1.mbs1.x86_64.rpm 30fd49690e3d78fa976b3acc70bd3a61 mbs1/x86_64/nss-doc-3.15.2-1.mbs1.noarch.rpm e082d21b5bd53a38be220b4d033b0922 mbs1/x86_64/rootcerts-20130411.00-1.mbs1.x86_64.rpm 54a1661464b62db879a95b8dc14d4662 mbs1/x86_64/rootcerts-java-20130411.00-1.mbs1.x86_64.rpm d1eb79e5183c02465f20df148da90ed0 mbs1/SRPMS/nspr-4.10.1-1.mbs1.src.rpm 936ddd455f27b802e42b360440fa7514 mbs1/SRPMS/nss-3.15.2-1.mbs1.src.rpm a2c2fe7591e999e8e1354d2dee1c1dbd mbs1/SRPMS/rootcerts-20130411.00-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSZ3A/mqjQ0CJFipgRAuayAJwOKuFgVWA0AZ2GPFdFHRchHvgvRQCfaxg/ ZYbVRZbcud6QvL0nYKzoPm4= =EwpK -----END PGP SIGNATURE-----