Package name
nss
Date
2013-10-23
Advisory ID
MDVSA-2013:257
Affected versions
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problem description

A vulnerability has been discovered and corrected in mozilla NSS:

Mozilla Network Security Services (NSS) before 3.15.2 does not ensure
that data structures are initialized before read operations, which
allow remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors that trigger a decryption failure
(CVE-2013-1739).

The updated mozilla NSS and NSPR packages have been upgraded to the
latest versions where the CVE-2013-1739 flaw has been fixed in NSS.

The rootcerts packages have been upgraded providing the latest root
CA certs from mozilla as of 2013/04/11.

The sqlite3 packages for mes5 have been upgraded to the 3.7.17
version to satisfy the requirements for a future upcoming Firefox 24
ESR advisory.

Updated packages

MES5 i586

 587019df50bb6ef8753566cf2a8cb4de  mes5/i586/lemon-3.7.17-0.1mdvmes5.2.i586.rpm
 82008150781f6d5f23553b162a753c79  mes5/i586/libnspr4-4.10.1-0.1mdvmes5.2.i586.rpm
 9ff3b9941e2fd1dbb0cfa1cd58f09609  mes5/i586/libnspr-devel-4.10.1-0.1mdvmes5.2.i586.rpm
 8a8107bad2958256418cb60c4e8062a5  mes5/i586/libnss3-3.15.2-0.1mdvmes5.2.i586.rpm
 a7b0f150d386cddbdf4ed8af22f40302  mes5/i586/libnss-devel-3.15.2-0.1mdvmes5.2.i586.rpm
 d5a8d29bd68428fba07fdd5f831e34a0  mes5/i586/libnss-static-devel-3.15.2-0.1mdvmes5.2.i586.rpm
 57c7a509496c35f378854cba4948c46e  mes5/i586/libsqlite3_0-3.7.17-0.1mdvmes5.2.i586.rpm
 f02fe8f3d3fb794c2be28b42d3d1089a  mes5/i586/libsqlite3-devel-3.7.17-0.1mdvmes5.2.i586.rpm
 2faafb664205b424d525bedbdc54392a  mes5/i586/libsqlite3-static-devel-3.7.17-0.1mdvmes5.2.i586.rpm
 f2682f1c278247418c666a2a8fefb2c8  mes5/i586/nss-3.15.2-0.1mdvmes5.2.i586.rpm
 fca6f06e016af9ff9e844d37abfb9601  mes5/i586/nss-doc-3.15.2-0.1mdvmes5.2.i586.rpm
 ae326abf0a69ac6ab4bc5ee4550cc19c  mes5/i586/rootcerts-20130411.00-1mdvmes5.2.i586.rpm
 33ddec006b6c5370bd1b693eb5721b06  mes5/i586/rootcerts-java-20130411.00-1mdvmes5.2.i586.rpm
 47601080d70c2a456ca46fd98fa4a8b0  mes5/i586/sqlite3-tcl-3.7.17-0.1mdvmes5.2.i586.rpm
 7b8e73e484857f6ad66a1ba2757e1a25  mes5/i586/sqlite3-tools-3.7.17-0.1mdvmes5.2.i586.rpm 
 384b405ffe3c7ea9bcd7b51aaa6d2835  mes5/SRPMS/nspr-4.10.1-0.1mdvmes5.2.src.rpm
 e433c4a380791da522b2198de6418328  mes5/SRPMS/nss-3.15.2-0.1mdvmes5.2.src.rpm
 f2760a11ee4ce795f7ff3c143db5f32d  mes5/SRPMS/rootcerts-20130411.00-1mdvmes5.2.src.rpm
 1f361abd2225db81b21a359ccd44cd65  mes5/SRPMS/sqlite3-3.7.17-0.1mdvmes5.2.src.rpm

MBS1 x86_64

 f94509f81408f107c495dbe1a10f7c8d  mbs1/x86_64/lib64nspr4-4.10.1-1.mbs1.x86_64.rpm
 51fe851d5b93eede85715d8141ae386c  mbs1/x86_64/lib64nspr-devel-4.10.1-1.mbs1.x86_64.rpm
 2fc980b35d3b868850f59a557c9d76dd  mbs1/x86_64/lib64nss3-3.15.2-1.mbs1.x86_64.rpm
 48491aff7b534d29c456c83a3efd30f8  mbs1/x86_64/lib64nss-devel-3.15.2-1.mbs1.x86_64.rpm
 365cb054fc0dda3e09c56477f2359166  mbs1/x86_64/lib64nss-static-devel-3.15.2-1.mbs1.x86_64.rpm
 d4942a9a039c245d881641a41fa7639d  mbs1/x86_64/nss-3.15.2-1.mbs1.x86_64.rpm
 30fd49690e3d78fa976b3acc70bd3a61  mbs1/x86_64/nss-doc-3.15.2-1.mbs1.noarch.rpm
 e082d21b5bd53a38be220b4d033b0922  mbs1/x86_64/rootcerts-20130411.00-1.mbs1.x86_64.rpm
 54a1661464b62db879a95b8dc14d4662  mbs1/x86_64/rootcerts-java-20130411.00-1.mbs1.x86_64.rpm 
 d1eb79e5183c02465f20df148da90ed0  mbs1/SRPMS/nspr-4.10.1-1.mbs1.src.rpm
 936ddd455f27b802e42b360440fa7514  mbs1/SRPMS/nss-3.15.2-1.mbs1.src.rpm
 a2c2fe7591e999e8e1354d2dee1c1dbd  mbs1/SRPMS/rootcerts-20130411.00-1.mbs1.src.rpm

MES5 x86_64

 1d98b3083fada8ad644f4c51e2b6aa03  mes5/x86_64/lemon-3.7.17-0.1mdvmes5.2.x86_64.rpm
 7bf3b9072f8f3a6097f1462176962f02  mes5/x86_64/lib64nspr4-4.10.1-0.1mdvmes5.2.x86_64.rpm
 2690833d5e1972b1baa9849dd5a8a96d  mes5/x86_64/lib64nspr-devel-4.10.1-0.1mdvmes5.2.x86_64.rpm
 3715d923c9fb69dee65b5e23363d62b6  mes5/x86_64/lib64nss3-3.15.2-0.1mdvmes5.2.x86_64.rpm
 1c6a20d0612ff100e77ed4bc1f69f15f  mes5/x86_64/lib64nss-devel-3.15.2-0.1mdvmes5.2.x86_64.rpm
 f15d15e29c982e314fb3d48c3e1f6b99  mes5/x86_64/lib64nss-static-devel-3.15.2-0.1mdvmes5.2.x86_64.rpm
 55fad65e1cdcaf9351375a8ab8728668  mes5/x86_64/lib64sqlite3_0-3.7.17-0.1mdvmes5.2.x86_64.rpm
 a76a8be2ab8412541695bd00b7beea83  mes5/x86_64/lib64sqlite3-devel-3.7.17-0.1mdvmes5.2.x86_64.rpm
 e8a235871039b91d399b4608f2fbc8ce  mes5/x86_64/lib64sqlite3-static-devel-3.7.17-0.1mdvmes5.2.x86_64.rpm
 2abb704cc2806c97c534feb14c98d419  mes5/x86_64/nss-3.15.2-0.1mdvmes5.2.x86_64.rpm
 70247384c252e09c2033a4651dbe7629  mes5/x86_64/nss-doc-3.15.2-0.1mdvmes5.2.x86_64.rpm
 92530d8a7db00374f6b33ad56a4d5b48  mes5/x86_64/rootcerts-20130411.00-1mdvmes5.2.x86_64.rpm
 5aeed38e9df38304330331a38c92a6e4  mes5/x86_64/rootcerts-java-20130411.00-1mdvmes5.2.x86_64.rpm
 32c192e5eb1e361eb1dfbcd2d73006a1  mes5/x86_64/sqlite3-tcl-3.7.17-0.1mdvmes5.2.x86_64.rpm
 366810425a1fd0cf72264d3a2a5c3b5e  mes5/x86_64/sqlite3-tools-3.7.17-0.1mdvmes5.2.x86_64.rpm 
 384b405ffe3c7ea9bcd7b51aaa6d2835  mes5/SRPMS/nspr-4.10.1-0.1mdvmes5.2.src.rpm
 e433c4a380791da522b2198de6418328  mes5/SRPMS/nss-3.15.2-0.1mdvmes5.2.src.rpm
 f2760a11ee4ce795f7ff3c143db5f32d  mes5/SRPMS/rootcerts-20130411.00-1mdvmes5.2.src.rpm
 1f361abd2225db81b21a359ccd44cd65  mes5/SRPMS/sqlite3-3.7.17-0.1mdvmes5.2.src.rpm

References