Stay Secure with the Latest Linux Advisories

security advisorymoderateupdate

Oracle Linux 6 ELSA-2013-1144 Moderate: NSS Security Fixes Released

The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2013-1144 https://access.redhat.com/errata/RHSA-2013:1144.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable LinuxNetwork: i386: nspr-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nss-3.14.3-4.0.1.el6_4.i686.rpm nss-devel-3.14.3-4.0.1.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.0.1.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-sysinit-3.14.3-4.0.1.el6_4.i686.rpm nss-tools-3.14.3-4.0.1.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm x86_64: nspr-4.9.5-2.el6_4.i686.rpm nspr-4.9.5-2.el6_4.x86_64.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.x86_64.rpm nss-3.14.3-4.0.1.el6_4.i686.rpm nss-3.14.3-4.0.1.el6_4.x86_64.rpm nss-devel-3.14.3-4.0.1.el6_4.i686.rpm nss-devel-3.14.3-4.0.1.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-4.0.1.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.0.1.el6_4.x86_64.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.x86_64.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm nss-sysinit-3.14.3-4.0.1.el6_4.x86_64.rpm nss-tools-3.14.3-4.0.1.el6_4.x86_64.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.x86_64.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol6/SRPMS-updates/nspr-4.9.5-2.el6_4.src.rpm https://oss.oracle.com:443/ol6/SRPMS-updates/nss-3.14.3-4.0.1.el6_4.src.rpm https://oss.oracle.com:443/ol6/SRPMS-updates/nss-softokn-3.14.3-3.el6_4.src.rpm https://oss.oracle.com:443/ol6/SRPMS-updates/nss-util-3.14.3-3.el6_4.src.rpm Description of changes: nspr [4.9.5-2] - Update to NSPR_4_9_5_RTM - Resolves: rhbz#927186 - Rebase to nspr-4.9.5 - Add upstream URL for an existing patch per packaging guidelines [4.9.5-1] - Resolves: Rebase to nspr-4.9.5 [4.9.2-1] - Update to nspr-4.9.2 -Related: rhbz#863286 nss [3.14.3-4.0.1.el6_4] - Added nss-vendor.patch to change vendor [3.14.3-4] - Revert to accepting MD5 on digital signatures by default - Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled [3.14.3-3] - Ensure pem uses system freebl as with this update freebl brings in new API's - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-2] - Install sechash.h and secmodt.h which are now provided by nss-devel - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue - Remove unsafe -r option from commands that remove headers already shipped by nss-util and nss-softoken [3.14.3-1] - Update to NSS_3.14.3_RTM - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue - Update expired test certificates (fixed in upstream bug 852781) - Sync up pem module's rsawrapr.c with softoken's upstream changes for nss-3.14.3 - Reactivate the aia tests nss-softokn [3.14.3-3] - Add patch to conditionally compile according to old or new sqlite api - new is used on rhel-6 while rhel-5 uses old but we need the same code for both - Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the lucky-13 issue [3.14.3-2] - Revert to using a code patch for relro support - Related: rhbz#927158 [3.14.3-1] - Update to NSS_3_14_3_RTM - Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the lucky-13 issue - Add export LD_LIBRARY_PATH=//usr/lib before the signing commands in __spec_install_post scriplet to ensure signing tool links with in-tree freebl so verification uses same algorithm as in signing - Add %check section to run the upstream crypto reqression test suite as per packaging guidelines - Don't install sechash.h or secmodt.h which as per 3.14 are provided by nss-devel - Update the licence to MPLv2.0 [3.12.9-12] - Bootstrapping of the builroot in preparation for rebase to 3.14.3 - Remove hasht.h from the %files devel list to prevent update conflicts with nss-util - With 3.14.3hasht.h will be provided by nss-util-devel - Related: rhbz#927158 - rebase nss-softokn to 3.14.3 nss-util [3.14.3-3] - Resolves: rhbz#984967 - nssutil_ReadSecmodDB leaks memory [3.14.3-2] - Revert to accepting MD5 on digital signatures by default - Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled [3.14.3-1] - Update to NSS_3_14_3_RTM - Resolves: rhbz#927171 - Rebase to 3.14.3 as part of the fix for the lucky-13 issue . The Oracle Linux Security Advisory ELSA-2013-1144 addresses key vulnerabilities in NSS, providing vital patches to enhance security and mitigate risks. Linux Security Advisory, Oracle Linux Update, NSS Patch Release. . Severity: Important. LinuxSecurity.com Team

Aug 07, 2013 •Important Oracle