Mailinglist Archive: opensuse-updates (64 mails)

< Previous Next >
openSUSE-SU-2013:1539-1: moderate: update for mozilla-nss
openSUSE Security Update: update for mozilla-nss
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1539-1
Rating: moderate
References: #842979
Cross-References: CVE-2013-1739
Affected Products:
openSUSE 12.3
openSUSE 12.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:


Mozilla NSS was updated to 3.15.2 (bnc#842979)
* Support for AES-GCM ciphersuites that use the SHA-256 PRF
* MD2, MD4, and MD5 signatures are no longer accepted for
OCSP or CRLs
* Add PK11_CipherFinal macro
* sizeof() used incorrectly
* nssutil_ReadSecmodDB() leaks memory
* Allow SSL_HandshakeNegotiatedExtension to be called
before the handshake is finished.
* Deprecate the SSL cipher policy code
* Avoid uninitialized data read in the event of a
decryption failure. (CVE-2013-1739)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-749

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-749

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

libfreebl3-3.15.2-1.16.1
libfreebl3-debuginfo-3.15.2-1.16.1
libsoftokn3-3.15.2-1.16.1
libsoftokn3-debuginfo-3.15.2-1.16.1
mozilla-nss-3.15.2-1.16.1
mozilla-nss-certs-3.15.2-1.16.1
mozilla-nss-certs-debuginfo-3.15.2-1.16.1
mozilla-nss-debuginfo-3.15.2-1.16.1
mozilla-nss-debugsource-3.15.2-1.16.1
mozilla-nss-devel-3.15.2-1.16.1
mozilla-nss-sysinit-3.15.2-1.16.1
mozilla-nss-sysinit-debuginfo-3.15.2-1.16.1
mozilla-nss-tools-3.15.2-1.16.1
mozilla-nss-tools-debuginfo-3.15.2-1.16.1

- openSUSE 12.3 (x86_64):

libfreebl3-32bit-3.15.2-1.16.1
libfreebl3-debuginfo-32bit-3.15.2-1.16.1
libsoftokn3-32bit-3.15.2-1.16.1
libsoftokn3-debuginfo-32bit-3.15.2-1.16.1
mozilla-nss-32bit-3.15.2-1.16.1
mozilla-nss-certs-32bit-3.15.2-1.16.1
mozilla-nss-certs-debuginfo-32bit-3.15.2-1.16.1
mozilla-nss-debuginfo-32bit-3.15.2-1.16.1
mozilla-nss-sysinit-32bit-3.15.2-1.16.1
mozilla-nss-sysinit-debuginfo-32bit-3.15.2-1.16.1

- openSUSE 12.2 (i586 x86_64):

libfreebl3-3.15.2-2.27.1
libfreebl3-debuginfo-3.15.2-2.27.1
libsoftokn3-3.15.2-2.27.1
libsoftokn3-debuginfo-3.15.2-2.27.1
mozilla-nss-3.15.2-2.27.1
mozilla-nss-certs-3.15.2-2.27.1
mozilla-nss-certs-debuginfo-3.15.2-2.27.1
mozilla-nss-debuginfo-3.15.2-2.27.1
mozilla-nss-debugsource-3.15.2-2.27.1
mozilla-nss-devel-3.15.2-2.27.1
mozilla-nss-sysinit-3.15.2-2.27.1
mozilla-nss-sysinit-debuginfo-3.15.2-2.27.1
mozilla-nss-tools-3.15.2-2.27.1
mozilla-nss-tools-debuginfo-3.15.2-2.27.1

- openSUSE 12.2 (x86_64):

libfreebl3-32bit-3.15.2-2.27.1
libfreebl3-debuginfo-32bit-3.15.2-2.27.1
libsoftokn3-32bit-3.15.2-2.27.1
libsoftokn3-debuginfo-32bit-3.15.2-2.27.1
mozilla-nss-32bit-3.15.2-2.27.1
mozilla-nss-certs-32bit-3.15.2-2.27.1
mozilla-nss-certs-debuginfo-32bit-3.15.2-2.27.1
mozilla-nss-debuginfo-32bit-3.15.2-2.27.1
mozilla-nss-sysinit-32bit-3.15.2-2.27.1
mozilla-nss-sysinit-debuginfo-32bit-3.15.2-2.27.1


References:

http://support.novell.com/security/cve/CVE-2013-1739.html
https://bugzilla.novell.com/842979


< Previous Next >
This Thread
  • No further messages