Mailinglist Archive: opensuse-updates (120 mails)

< Previous Next >
openSUSE-SU-2013:1732-1: moderate: update for mozilla-nss
openSUSE Security Update: update for mozilla-nss
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1732-1
Rating: moderate
References: #850148
Cross-References: CVE-2013-1741 CVE-2013-5605 CVE-2013-5606
CVE-2013-5607
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

update NSPR to version 4.10.2
* bmo#770534: possible pointer overflow in
PL_ArenaAllocate()
* bmo#888546: ptio.c:PR_ImportUDPSocket doesn't work
* bmo#927687: (CVE-2013-5607) Avoid unsigned integer
wrapping in PL_ArenaAllocate.

update NSS to version 3.15.3
* Bug 925100 - (CVE-2013-1741) Ensure a size is <= half of
the maximum PRUint32 value
* Bug 934016 - (CVE-2013-5605) Handle invalid handshake
packets
* Bug 910438 - (CVE-2013-5606) Return the correct result
in CERT_VerifyCert on failure, if a verifyLog isn't used


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2013-163

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64):

libfreebl3-3.15.3-70.1
libfreebl3-debuginfo-3.15.3-70.1
libsoftokn3-3.15.3-70.1
libsoftokn3-debuginfo-3.15.3-70.1
mozilla-nspr-4.10.2-36.1
mozilla-nspr-debuginfo-4.10.2-36.1
mozilla-nspr-debugsource-4.10.2-36.1
mozilla-nspr-devel-4.10.2-36.1
mozilla-nss-3.15.3-70.1
mozilla-nss-certs-3.15.3-70.1
mozilla-nss-certs-debuginfo-3.15.3-70.1
mozilla-nss-debuginfo-3.15.3-70.1
mozilla-nss-debugsource-3.15.3-70.1
mozilla-nss-devel-3.15.3-70.1
mozilla-nss-sysinit-3.15.3-70.1
mozilla-nss-sysinit-debuginfo-3.15.3-70.1
mozilla-nss-tools-3.15.3-70.1
mozilla-nss-tools-debuginfo-3.15.3-70.1

- openSUSE 11.4 (x86_64):

libfreebl3-32bit-3.15.3-70.1
libfreebl3-debuginfo-32bit-3.15.3-70.1
libsoftokn3-32bit-3.15.3-70.1
libsoftokn3-debuginfo-32bit-3.15.3-70.1
mozilla-nspr-32bit-4.10.2-36.1
mozilla-nspr-debuginfo-32bit-4.10.2-36.1
mozilla-nss-32bit-3.15.3-70.1
mozilla-nss-certs-32bit-3.15.3-70.1
mozilla-nss-certs-debuginfo-32bit-3.15.3-70.1
mozilla-nss-debuginfo-32bit-3.15.3-70.1
mozilla-nss-sysinit-32bit-3.15.3-70.1
mozilla-nss-sysinit-debuginfo-32bit-3.15.3-70.1

- openSUSE 11.4 (ia64):

libfreebl3-debuginfo-x86-3.15.3-70.1
libfreebl3-x86-3.15.3-70.1
libsoftokn3-debuginfo-x86-3.15.3-70.1
libsoftokn3-x86-3.15.3-70.1
mozilla-nspr-debuginfo-x86-4.10.2-36.1
mozilla-nspr-x86-4.10.2-36.1
mozilla-nss-certs-debuginfo-x86-3.15.3-70.1
mozilla-nss-certs-x86-3.15.3-70.1
mozilla-nss-debuginfo-x86-3.15.3-70.1
mozilla-nss-sysinit-debuginfo-x86-3.15.3-70.1
mozilla-nss-sysinit-x86-3.15.3-70.1
mozilla-nss-x86-3.15.3-70.1


References:

http://support.novell.com/security/cve/CVE-2013-1741.html
http://support.novell.com/security/cve/CVE-2013-5605.html
http://support.novell.com/security/cve/CVE-2013-5606.html
http://support.novell.com/security/cve/CVE-2013-5607.html
https://bugzilla.novell.com/850148


< Previous Next >
This Thread
  • No further messages