-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:125 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : nspr Date : June 13, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in nspr: Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions (CVE-2014-1545). The updated nspr packages have been upgraded to the 4.10.6 version which is unaffected by this issue. Additionally: * The rootcerts package have been upgraded to the latest version as of 2014-04-01. * The nss packages have been upgraded to the latest 3.16.1 version which resolves various bugs. * The sqlite3 packages have been upgraded to the 3.7.17 version for mbs1 due to an prerequisite to nss-3.16.1. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545 http://www.mozilla.org/security/announce/2014/mfsa2014-55.html https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1_release_notes _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 871b7828588ddba14fe5a3fa63353872 mes5/i586/libnspr4-4.10.6-0.1mdvmes5.2.i586.rpm a2c0b64bc6cd6e64aacf08e403c904be mes5/i586/libnspr-devel-4.10.6-0.1mdvmes5.2.i586.rpm 7e5de8bd72b992637677b8f0e785cd70 mes5/i586/libnss3-3.16.1-0.1mdvmes5.2.i586.rpm 59a76907525859e8c5abb08af67db573 mes5/i586/libnss-devel-3.16.1-0.1mdvmes5.2.i586.rpm ca78336fa128083dafc47d99a5327d4f mes5/i586/libnss-static-devel-3.16.1-0.1mdvmes5.2.i586.rpm aa17566d41af3c754cd33c51408542e8 mes5/i586/nss-3.16.1-0.1mdvmes5.2.i586.rpm 8fc865c9d74bb3acb6c39e780c555388 mes5/i586/nss-doc-3.16.1-0.1mdvmes5.2.i586.rpm 2622f5d0951a9e82726f18ac0c870797 mes5/i586/rootcerts-20140401.00-1mdvmes5.2.i586.rpm a452214d3dbdd48f67e51a0f60d9a0d1 mes5/i586/rootcerts-java-20140401.00-1mdvmes5.2.i586.rpm 2e37cefc0d57e66c496117eef3f8b64e mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm d81f1303fee6dda1d9931194434a72cd mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm 1693219abe0845f4b277b5ce0af65864 mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: fefb6ed175ff09964d4289dd2e35e4e2 mes5/x86_64/lib64nspr4-4.10.6-0.1mdvmes5.2.x86_64.rpm a742bdf485719a4241232ead1aa58d79 mes5/x86_64/lib64nspr-devel-4.10.6-0.1mdvmes5.2.x86_64.rpm e6c55cec0b0c593eed088947cedeafcc mes5/x86_64/lib64nss3-3.16.1-0.1mdvmes5.2.x86_64.rpm e4d27cd845a04e8f20ade562131166bb mes5/x86_64/lib64nss-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm 6aa535f37bb44453f2ffb9e2c6300866 mes5/x86_64/lib64nss-static-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm 85881c197e866031457d0c5e838c7130 mes5/x86_64/nss-3.16.1-0.1mdvmes5.2.x86_64.rpm daf3b5119cb885652bed0daf79a3b843 mes5/x86_64/nss-doc-3.16.1-0.1mdvmes5.2.x86_64.rpm 22bcfc38fe4353ab329be15779ccbc4f mes5/x86_64/rootcerts-20140401.00-1mdvmes5.2.x86_64.rpm 7f53efea4b3bb272b1bd282aecbbe189 mes5/x86_64/rootcerts-java-20140401.00-1mdvmes5.2.x86_64.rpm 2e37cefc0d57e66c496117eef3f8b64e mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm d81f1303fee6dda1d9931194434a72cd mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm 1693219abe0845f4b277b5ce0af65864 mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 971ca03b751a5b3e6d3afefdc8ebf02b mbs1/x86_64/lemon-3.7.17-1.mbs1.x86_64.rpm a217173e1ad73f0e3fa53e3fa6f64846 mbs1/x86_64/lib64nspr4-4.10.6-1.mbs1.x86_64.rpm e2ec066d21ebcbf33610694b484a8dc5 mbs1/x86_64/lib64nspr-devel-4.10.6-1.mbs1.x86_64.rpm b72f56cea5af20b689605f8608bd4e43 mbs1/x86_64/lib64nss3-3.16.1-1.mbs1.x86_64.rpm d88bf2c9244bae5bf3eae084d59b2603 mbs1/x86_64/lib64nss-devel-3.16.1-1.mbs1.x86_64.rpm b0962cfd80a4b2ca46dab9daa6f6a7e0 mbs1/x86_64/lib64nss-static-devel-3.16.1-1.mbs1.x86_64.rpm 0b334598f4f234861b4fbfb6f42467ec mbs1/x86_64/lib64sqlite3_0-3.7.17-1.mbs1.x86_64.rpm 55b279bec9fc53e46212df18367cdea6 mbs1/x86_64/lib64sqlite3-devel-3.7.17-1.mbs1.x86_64.rpm b21fb9c68187079fb0a14f2d7a5874f2 mbs1/x86_64/lib64sqlite3-static-devel-3.7.17-1.mbs1.x86_64.rpm 725ad41fdbc1c547f2c1283c1c855f1a mbs1/x86_64/nss-3.16.1-1.mbs1.x86_64.rpm 45838333e5000ae1064c93697b67d110 mbs1/x86_64/nss-doc-3.16.1-1.mbs1.noarch.rpm ef3993eb75903e2da63133926a05bb93 mbs1/x86_64/rootcerts-20140401.00-1.mbs1.x86_64.rpm 8ac879f760d140f51fa7a7b924530d94 mbs1/x86_64/rootcerts-java-20140401.00-1.mbs1.x86_64.rpm fac1dec8bb96d10acc8562afa5836943 mbs1/x86_64/sqlite3-tcl-3.7.17-1.mbs1.x86_64.rpm f78b319fc6f6e236c41bb6236f227afe mbs1/x86_64/sqlite3-tools-3.7.17-1.mbs1.x86_64.rpm 65bf32ce4c4bcf079599cd8a87048e22 mbs1/SRPMS/nspr-4.10.6-1.mbs1.src.rpm 5d15ba18cb5a6ce74922f332aff834dc mbs1/SRPMS/nss-3.16.1-1.mbs1.src.rpm d38697d45661b225754d9cabbb314e3d mbs1/SRPMS/rootcerts-20140401.00-1.mbs1.src.rpm d0f6f79de5b2fc80fdb420c8131dd73e mbs1/SRPMS/sqlite3-3.7.17-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTmxfpmqjQ0CJFipgRAqKpAKCRDRLgX1XoAjq3M//3sJ1QiTljQgCgzvik BunG6xas4C6dR9qp4MF9u7I= =C4xJ -----END PGP SIGNATURE-----