openSUSE-SU-2013:1730-1: moderate: update for mozilla-nss and mozilla-nspr
openSUSE Security Update: update for mozilla-nss and mozilla-nspr ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1730-1 Rating: moderate References: #850148 Cross-References: CVE-2013-5605 Affected Products: openSUSE 13.1 openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: the following security issues were fixed in mozilla-nss and mozilla nspr: - mozilla-nss: + update to 3.15.3 (bnc#850148) * CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates, when the CERTVerifyLog log parameter is given (bmo#910438) * NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello (bmo#919677) * fix CVE-2013-5605 - mozilla-nspr: + update to version 4.10.2 relevant changes: * bmo#770534: possible pointer overflow in PL_ArenaAllocate() * bmo#888546: ptio.c:PR_ImportUDPSocket doesn't work Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2013-878 - openSUSE 12.3: zypper in -t patch openSUSE-2013-878 - openSUSE 12.2: zypper in -t patch openSUSE-2013-878 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libfreebl3-3.15.3-4.2 libfreebl3-debuginfo-3.15.3-4.2 libsoftokn3-3.15.3-4.2 libsoftokn3-debuginfo-3.15.3-4.2 mozilla-nspr-4.10.2-4.1 mozilla-nspr-debuginfo-4.10.2-4.1 mozilla-nspr-debugsource-4.10.2-4.1 mozilla-nspr-devel-4.10.2-4.1 mozilla-nss-3.15.3-4.2 mozilla-nss-certs-3.15.3-4.2 mozilla-nss-certs-debuginfo-3.15.3-4.2 mozilla-nss-debuginfo-3.15.3-4.2 mozilla-nss-debugsource-3.15.3-4.2 mozilla-nss-devel-3.15.3-4.2 mozilla-nss-sysinit-3.15.3-4.2 mozilla-nss-sysinit-debuginfo-3.15.3-4.2 mozilla-nss-tools-3.15.3-4.2 mozilla-nss-tools-debuginfo-3.15.3-4.2 - openSUSE 13.1 (x86_64): libfreebl3-32bit-3.15.3-4.2 libfreebl3-debuginfo-32bit-3.15.3-4.2 libsoftokn3-32bit-3.15.3-4.2 libsoftokn3-debuginfo-32bit-3.15.3-4.2 mozilla-nspr-32bit-4.10.2-4.1 mozilla-nspr-debuginfo-32bit-4.10.2-4.1 mozilla-nss-32bit-3.15.3-4.2 mozilla-nss-certs-32bit-3.15.3-4.2 mozilla-nss-certs-debuginfo-32bit-3.15.3-4.2 mozilla-nss-debuginfo-32bit-3.15.3-4.2 mozilla-nss-sysinit-32bit-3.15.3-4.2 mozilla-nss-sysinit-debuginfo-32bit-3.15.3-4.2 - openSUSE 12.3 (i586 x86_64): libfreebl3-3.15.3-1.20.2 libfreebl3-debuginfo-3.15.3-1.20.2 libsoftokn3-3.15.3-1.20.2 libsoftokn3-debuginfo-3.15.3-1.20.2 mozilla-nspr-4.10.2-1.22.1 mozilla-nspr-debuginfo-4.10.2-1.22.1 mozilla-nspr-debugsource-4.10.2-1.22.1 mozilla-nspr-devel-4.10.2-1.22.1 mozilla-nss-3.15.3-1.20.2 mozilla-nss-certs-3.15.3-1.20.2 mozilla-nss-certs-debuginfo-3.15.3-1.20.2 mozilla-nss-debuginfo-3.15.3-1.20.2 mozilla-nss-debugsource-3.15.3-1.20.2 mozilla-nss-devel-3.15.3-1.20.2 mozilla-nss-sysinit-3.15.3-1.20.2 mozilla-nss-sysinit-debuginfo-3.15.3-1.20.2 mozilla-nss-tools-3.15.3-1.20.2 mozilla-nss-tools-debuginfo-3.15.3-1.20.2 - openSUSE 12.3 (x86_64): libfreebl3-32bit-3.15.3-1.20.2 libfreebl3-debuginfo-32bit-3.15.3-1.20.2 libsoftokn3-32bit-3.15.3-1.20.2 libsoftokn3-debuginfo-32bit-3.15.3-1.20.2 mozilla-nspr-32bit-4.10.2-1.22.1 mozilla-nspr-debuginfo-32bit-4.10.2-1.22.1 mozilla-nss-32bit-3.15.3-1.20.2 mozilla-nss-certs-32bit-3.15.3-1.20.2 mozilla-nss-certs-debuginfo-32bit-3.15.3-1.20.2 mozilla-nss-debuginfo-32bit-3.15.3-1.20.2 mozilla-nss-sysinit-32bit-3.15.3-1.20.2 mozilla-nss-sysinit-debuginfo-32bit-3.15.3-1.20.2 - openSUSE 12.2 (i586 x86_64): libfreebl3-3.15.3-2.31.2 libfreebl3-debuginfo-3.15.3-2.31.2 libsoftokn3-3.15.3-2.31.2 libsoftokn3-debuginfo-3.15.3-2.31.2 mozilla-nspr-4.10.2-1.24.1 mozilla-nspr-debuginfo-4.10.2-1.24.1 mozilla-nspr-debugsource-4.10.2-1.24.1 mozilla-nspr-devel-4.10.2-1.24.1 mozilla-nss-3.15.3-2.31.2 mozilla-nss-certs-3.15.3-2.31.2 mozilla-nss-certs-debuginfo-3.15.3-2.31.2 mozilla-nss-debuginfo-3.15.3-2.31.2 mozilla-nss-debugsource-3.15.3-2.31.2 mozilla-nss-devel-3.15.3-2.31.2 mozilla-nss-sysinit-3.15.3-2.31.2 mozilla-nss-sysinit-debuginfo-3.15.3-2.31.2 mozilla-nss-tools-3.15.3-2.31.2 mozilla-nss-tools-debuginfo-3.15.3-2.31.2 - openSUSE 12.2 (x86_64): libfreebl3-32bit-3.15.3-2.31.2 libfreebl3-debuginfo-32bit-3.15.3-2.31.2 libsoftokn3-32bit-3.15.3-2.31.2 libsoftokn3-debuginfo-32bit-3.15.3-2.31.2 mozilla-nspr-32bit-4.10.2-1.24.1 mozilla-nspr-debuginfo-32bit-4.10.2-1.24.1 mozilla-nss-32bit-3.15.3-2.31.2 mozilla-nss-certs-32bit-3.15.3-2.31.2 mozilla-nss-certs-debuginfo-32bit-3.15.3-2.31.2 mozilla-nss-debuginfo-32bit-3.15.3-2.31.2 mozilla-nss-sysinit-32bit-3.15.3-2.31.2 mozilla-nss-sysinit-debuginfo-32bit-3.15.3-2.31.2 References: http://support.novell.com/security/cve/CVE-2013-5605.html https://bugzilla.novell.com/850148
participants (1)
-
opensuse-security@opensuse.org