Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 551
Alerts This Week
Warning Icon 1 551

Scientific Linux: 2014-1948-1 important: nss Upgrade Prevents DoS Attack

Scientific Large Esm H446
Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update
Date: Tue, 2 Dec 2014 09:22:55 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 7x x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

x86_64:
 harfbuzz-0.9.20-4.el7.i686.rpm
 harfbuzz-0.9.20-4.el7.x86_64.rpm
 harfbuzz-devel-0.9.20-4.el7.i686.rpm
 harfbuzz-devel-0.9.20-4.el7.x86_64.rpm
 harfbuzz-icu-0.9.20-4.el7.i686.rpm
 harfbuzz-icu-0.9.20-4.el7.x86_64.rpm
 ibus-hangul-1.4.2-10.el7.x86_64.rpm
 kde-settings-19-23.5.el7.noarch.rpm
 kde-settings-ksplash-19-23.5.el7.noarch.rpm
 kde-settings-minimal-19-23.5.el7.noarch.rpm
 kde-settings-plasma-19-23.5.el7.noarch.rpm
 kde-settings-pulseaudio-19-23.5.el7.noarch.rpm
 qt-settings-19-23.5.el7.noarch.rpm
 selinux-policy-3.12.1-153.el7_0.12.noarch.rpm
 selinux-policy-devel-3.12.1-153.el7_0.12.noarch.rpm
 selinux-policy-doc-3.12.1-153.el7_0.12.noarch.rpm
 selinux-policy-minimum-3.12.1-153.el7_0.12.noarch.rpm
 selinux-policy-mls-3.12.1-153.el7_0.12.noarch.rpm
 selinux-policy-sandbox-3.12.1-153.el7_0.12.noarch.rpm
 selinux-policy-targeted-3.12.1-153.el7_0.12.noarch.rpm
 setroubleshoot-3.2.17-3.el7.x86_64.rpm
 setroubleshoot-server-3.2.17-3.el7.x86_64.rpm
Date: Wed, 3 Dec 2014 19:39:25 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: nss, nss-util,
 and nss-softokn on SL5.x, SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update
Advisory ID: SLSA-2014:1948-1
Issue Date: 2014-12-02
CVE Numbers: CVE-2014-3566
--

This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.

This can prevent a forceful downgrade of the communication to SSL 3.0. The
SSL 3.0 protocol was found to be vulnerable to the padding oracle attack
when using block cipher suites in cipher block chaining (CBC) mode. This
issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.

The nss, nss-util, and nss-softokn packages have been upgraded to upstream
version 3.16.2.3, which provides a number of bug fixes and enhancements
over the previous version, and adds the support for Mozilla Firefox 31.3.

After installing this update, applications using NSS or NSPR must be
restarted for this update to take effect.
--

SL5
 x86_64
 nss-3.16.2.3-1.el5_11.i386.rpm
 nss-3.16.2.3-1.el5_11.x86_64.rpm
 nss-debuginfo-3.16.2.3-1.el5_11.i386.rpm
 nss-debuginfo-3.16.2.3-1.el5_11.x86_64.rpm
 nss-tools-3.16.2.3-1.el5_11.x86_64.rpm
 nss-devel-3.16.2.3-1.el5_11.i386.rpm
 nss-devel-3.16.2.3-1.el5_11.x86_64.rpm
 nss-pkcs11-devel-3.16.2.3-1.el5_11.i386.rpm
 nss-pkcs11-devel-3.16.2.3-1.el5_11.x86_64.rpm
 i386
 nss-3.16.2.3-1.el5_11.i386.rpm
 nss-debuginfo-3.16.2.3-1.el5_11.i386.rpm
 nss-tools-3.16.2.3-1.el5_11.i386.rpm
 nss-devel-3.16.2.3-1.el5_11.i386.rpm
 nss-pkcs11-devel-3.16.2.3-1.el5_11.i386.rpm
SL6
 x86_64
 nss-3.16.2.3-3.el6_6.i686.rpm
 nss-3.16.2.3-3.el6_6.x86_64.rpm
 nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm
 nss-debuginfo-3.16.2.3-3.el6_6.x86_64.rpm
 nss-sysinit-3.16.2.3-3.el6_6.x86_64.rpm
 nss-tools-3.16.2.3-3.el6_6.x86_64.rpm
 nss-util-3.16.2.3-2.el6_6.i686.rpm
 nss-util-3.16.2.3-2.el6_6.x86_64.rpm
 nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm
 nss-util-debuginfo-3.16.2.3-2.el6_6.x86_64.rpm
 nss-devel-3.16.2.3-3.el6_6.i686.rpm
 nss-devel-3.16.2.3-3.el6_6.x86_64.rpm
 nss-pkcs11-devel-3.16.2.3-3.el6_6.i686.rpm
 nss-pkcs11-devel-3.16.2.3-3.el6_6.x86_64.rpm
 nss-util-devel-3.16.2.3-2.el6_6.i686.rpm
 nss-util-devel-3.16.2.3-2.el6_6.x86_64.rpm
 i386
 nss-3.16.2.3-3.el6_6.i686.rpm
 nss-debuginfo-3.16.2.3-3.el6_6.i686.rpm
 nss-sysinit-3.16.2.3-3.el6_6.i686.rpm
 nss-tools-3.16.2.3-3.el6_6.i686.rpm
 nss-util-3.16.2.3-2.el6_6.i686.rpm
 nss-util-debuginfo-3.16.2.3-2.el6_6.i686.rpm
 nss-devel-3.16.2.3-3.el6_6.i686.rpm
 nss-pkcs11-devel-3.16.2.3-3.el6_6.i686.rpm
 nss-util-devel-3.16.2.3-2.el6_6.i686.rpm
SL7
 x86_64
 nss-3.16.2.3-2.el7_0.i686.rpm
 nss-3.16.2.3-2.el7_0.x86_64.rpm
 nss-debuginfo-3.16.2.3-2.el7_0.i686.rpm
 nss-debuginfo-3.16.2.3-2.el7_0.x86_64.rpm
 nss-softokn-3.16.2.3-1.el7_0.i686.rpm
 nss-softokn-3.16.2.3-1.el7_0.x86_64.rpm
 nss-softokn-debuginfo-3.16.2.3-1.el7_0.i686.rpm
 nss-softokn-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm
 nss-softokn-freebl-3.16.2.3-1.el7_0.i686.rpm
 nss-softokn-freebl-3.16.2.3-1.el7_0.x86_64.rpm
 nss-sysinit-3.16.2.3-2.el7_0.x86_64.rpm
 nss-tools-3.16.2.3-2.el7_0.x86_64.rpm
 nss-util-3.16.2.3-1.el7_0.i686.rpm
 nss-util-3.16.2.3-1.el7_0.x86_64.rpm
 nss-util-debuginfo-3.16.2.3-1.el7_0.i686.rpm
 nss-util-debuginfo-3.16.2.3-1.el7_0.x86_64.rpm
 nss-devel-3.16.2.3-2.el7_0.i686.rpm
 nss-devel-3.16.2.3-2.el7_0.x86_64.rpm
 nss-pkcs11-devel-3.16.2.3-2.el7_0.i686.rpm
 nss-pkcs11-devel-3.16.2.3-2.el7_0.x86_64.rpm
 nss-softokn-devel-3.16.2.3-1.el7_0.i686.rpm
 nss-softokn-devel-3.16.2.3-1.el7_0.x86_64.rpm
 nss-softokn-freebl-devel-3.16.2.3-1.el7_0.i686.rpm
 nss-softokn-freebl-devel-3.16.2.3-1.el7_0.x86_64.rpm
 nss-util-devel-3.16.2.3-1.el7_0.i686.rpm
 nss-util-devel-3.16.2.3-1.el7_0.x86_64.rpm

- Scientific Linux Development Team