SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:1256-2 Rating: critical References: #726096 #728520 Cross-References: CVE-2011-2372 CVE-2011-2996 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 CVE-2011-3001 CVE-2011-3647 CVE-2011-3648 CVE-2011-3649 CVE-2011-3650 CVE-2011-3651 CVE-2011-3653 CVE-2011-3655 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. It includes one version update. Description: This update to version 3.13.1 of mozilla-nss fixes the following issues: * Explicitly distrust DigiCert Sdn. Bhd (bmo#698753) * Better SHA-224 support (bmo#647706) * Fix a regression (causing hangs in some situations) introduced in 3.13 (bmo#693228) * SSL 2.0 is disabled by default * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) has been enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. * Support SHA-224 * Add PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code * Add NSS_GetVersion to return the NSS version string * Add experimental support of RSA-PSS to the softoken only * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052) Security Issues: * CVE-2011-3648 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648
* CVE-2011-3000 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000
* CVE-2011-3001 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001
* CVE-2011-3647 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647
* CVE-2011-2372 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372
* CVE-2011-2999 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999
* CVE-2011-3650 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650
* CVE-2011-2998 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998
* CVE-2011-2996 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996
* CVE-2011-3655 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655
* CVE-2011-3653 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653
* CVE-2011-3649 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649
* CVE-2011-3651 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651
Indications: Everyone should install this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.1]: mozilla-nss-3.13.1-0.5.1 mozilla-nss-devel-3.13.1-0.5.1 mozilla-nss-tools-3.13.1-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 3.13.1]: mozilla-nss-32bit-3.13.1-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.13.1]: mozilla-nss-x86-3.13.1-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.13.1]: mozilla-nss-64bit-3.13.1-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 3.13.1]: mozilla-nss-3.13.1-0.5.1 mozilla-nss-devel-3.13.1-0.5.1 mozilla-nss-tools-3.13.1-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 3.13.1]: mozilla-nss-32bit-3.13.1-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.1]: mozilla-nss-tools-3.13.1-0.5.1 References: http://support.novell.com/security/cve/CVE-2011-2372.html http://support.novell.com/security/cve/CVE-2011-2996.html http://support.novell.com/security/cve/CVE-2011-2998.html http://support.novell.com/security/cve/CVE-2011-2999.html http://support.novell.com/security/cve/CVE-2011-3000.html http://support.novell.com/security/cve/CVE-2011-3001.html http://support.novell.com/security/cve/CVE-2011-3647.html http://support.novell.com/security/cve/CVE-2011-3648.html http://support.novell.com/security/cve/CVE-2011-3649.html http://support.novell.com/security/cve/CVE-2011-3650.html http://support.novell.com/security/cve/CVE-2011-3651.html http://support.novell.com/security/cve/CVE-2011-3653.html http://support.novell.com/security/cve/CVE-2011-3655.html https://bugzilla.novell.com/726096 https://bugzilla.novell.com/728520 http://download.novell.com/patch/finder/?keywords=d38a557341c2b284b12c5c1e21... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org