BugTraq
[ MDVSA-2014:125 ] nspr Jun 13 2014 06:33PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:125
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : nspr
Date : June 13, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been discovered and corrected in nspr:

Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote
attackers to execute arbitrary code or cause a denial of service
(out-of-bounds write) via vectors involving the sprintf and console
functions (CVE-2014-1545).

The updated nspr packages have been upgraded to the 4.10.6 version
which is unaffected by this issue.

Additionally:

* The rootcerts package have been upgraded to the latest version as
of 2014-04-01.

* The nss packages have been upgraded to the latest 3.16.1 version
which resolves various bugs.

* The sqlite3 packages have been upgraded to the 3.7.17 version for
mbs1 due to an prerequisite to nss-3.16.1.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545
http://www.mozilla.org/security/announce/2014/mfsa2014-55.html
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1
_release_notes
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
871b7828588ddba14fe5a3fa63353872 mes5/i586/libnspr4-4.10.6-0.1mdvmes5.2.i586.rpm
a2c0b64bc6cd6e64aacf08e403c904be mes5/i586/libnspr-devel-4.10.6-0.1mdvmes5.2.i586.rpm
7e5de8bd72b992637677b8f0e785cd70 mes5/i586/libnss3-3.16.1-0.1mdvmes5.2.i586.rpm
59a76907525859e8c5abb08af67db573 mes5/i586/libnss-devel-3.16.1-0.1mdvmes5.2.i586.rpm
ca78336fa128083dafc47d99a5327d4f mes5/i586/libnss-static-devel-3.16.1-0.1mdvmes5.2.i586.rpm
aa17566d41af3c754cd33c51408542e8 mes5/i586/nss-3.16.1-0.1mdvmes5.2.i586.rpm
8fc865c9d74bb3acb6c39e780c555388 mes5/i586/nss-doc-3.16.1-0.1mdvmes5.2.i586.rpm
2622f5d0951a9e82726f18ac0c870797 mes5/i586/rootcerts-20140401.00-1mdvmes5.2.i586.rpm
a452214d3dbdd48f67e51a0f60d9a0d1 mes5/i586/rootcerts-java-20140401.00-1mdvmes5.2.i586.rpm
2e37cefc0d57e66c496117eef3f8b64e mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm
d81f1303fee6dda1d9931194434a72cd mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm
1693219abe0845f4b277b5ce0af65864 mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
fefb6ed175ff09964d4289dd2e35e4e2 mes5/x86_64/lib64nspr4-4.10.6-0.1mdvmes5.2.x86_64.rpm
a742bdf485719a4241232ead1aa58d79 mes5/x86_64/lib64nspr-devel-4.10.6-0.1mdvmes5.2.x86_64.rpm
e6c55cec0b0c593eed088947cedeafcc mes5/x86_64/lib64nss3-3.16.1-0.1mdvmes5.2.x86_64.rpm
e4d27cd845a04e8f20ade562131166bb mes5/x86_64/lib64nss-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm
6aa535f37bb44453f2ffb9e2c6300866 mes5/x86_64/lib64nss-static-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm
85881c197e866031457d0c5e838c7130 mes5/x86_64/nss-3.16.1-0.1mdvmes5.2.x86_64.rpm
daf3b5119cb885652bed0daf79a3b843 mes5/x86_64/nss-doc-3.16.1-0.1mdvmes5.2.x86_64.rpm
22bcfc38fe4353ab329be15779ccbc4f mes5/x86_64/rootcerts-20140401.00-1mdvmes5.2.x86_64.rpm
7f53efea4b3bb272b1bd282aecbbe189 mes5/x86_64/rootcerts-java-20140401.00-1mdvmes5.2.x86_64.rpm
2e37cefc0d57e66c496117eef3f8b64e mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm
d81f1303fee6dda1d9931194434a72cd mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm
1693219abe0845f4b277b5ce0af65864 mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
971ca03b751a5b3e6d3afefdc8ebf02b mbs1/x86_64/lemon-3.7.17-1.mbs1.x86_64.rpm
a217173e1ad73f0e3fa53e3fa6f64846 mbs1/x86_64/lib64nspr4-4.10.6-1.mbs1.x86_64.rpm
e2ec066d21ebcbf33610694b484a8dc5 mbs1/x86_64/lib64nspr-devel-4.10.6-1.mbs1.x86_64.rpm
b72f56cea5af20b689605f8608bd4e43 mbs1/x86_64/lib64nss3-3.16.1-1.mbs1.x86_64.rpm
d88bf2c9244bae5bf3eae084d59b2603 mbs1/x86_64/lib64nss-devel-3.16.1-1.mbs1.x86_64.rpm
b0962cfd80a4b2ca46dab9daa6f6a7e0 mbs1/x86_64/lib64nss-static-devel-3.16.1-1.mbs1.x86_64.rpm
0b334598f4f234861b4fbfb6f42467ec mbs1/x86_64/lib64sqlite3_0-3.7.17-1.mbs1.x86_64.rpm
55b279bec9fc53e46212df18367cdea6 mbs1/x86_64/lib64sqlite3-devel-3.7.17-1.mbs1.x86_64.rpm
b21fb9c68187079fb0a14f2d7a5874f2 mbs1/x86_64/lib64sqlite3-static-devel-3.7.17-1.mbs1.x86_64.rpm
725ad41fdbc1c547f2c1283c1c855f1a mbs1/x86_64/nss-3.16.1-1.mbs1.x86_64.rpm
45838333e5000ae1064c93697b67d110 mbs1/x86_64/nss-doc-3.16.1-1.mbs1.noarch.rpm
ef3993eb75903e2da63133926a05bb93 mbs1/x86_64/rootcerts-20140401.00-1.mbs1.x86_64.rpm
8ac879f760d140f51fa7a7b924530d94 mbs1/x86_64/rootcerts-java-20140401.00-1.mbs1.x86_64.rpm
fac1dec8bb96d10acc8562afa5836943 mbs1/x86_64/sqlite3-tcl-3.7.17-1.mbs1.x86_64.rpm
f78b319fc6f6e236c41bb6236f227afe mbs1/x86_64/sqlite3-tools-3.7.17-1.mbs1.x86_64.rpm
65bf32ce4c4bcf079599cd8a87048e22 mbs1/SRPMS/nspr-4.10.6-1.mbs1.src.rpm
5d15ba18cb5a6ce74922f332aff834dc mbs1/SRPMS/nss-3.16.1-1.mbs1.src.rpm
d38697d45661b225754d9cabbb314e3d mbs1/SRPMS/rootcerts-20140401.00-1.mbs1.src.rpm
d0f6f79de5b2fc80fdb420c8131dd73e mbs1/SRPMS/sqlite3-3.7.17-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTmxfpmqjQ0CJFipgRAqKpAKCRDRLgX1XoAjq3M//3sJ1QiTljQgCgzvik
BunG6xas4C6dR9qp4MF9u7I=
=C4xJ
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus