LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2014:125: nspr Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been discovered and corrected in nspr: Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:125
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : nspr
 Date    : June 13, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in nspr:
 
 Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote
 attackers to execute arbitrary code or cause a denial of service
 (out-of-bounds write) via vectors involving the sprintf and console
 functions (CVE-2014-1545).
 
 The updated nspr packages have been upgraded to the 4.10.6 version
 which is unaffected by this issue.
 
 Additionally:
 
 * The rootcerts package have been upgraded to the latest version as
 of 2014-04-01.
 
 * The nss packages have been upgraded to the latest 3.16.1 version
 which resolves various bugs.
 
 * The sqlite3 packages have been upgraded to the 3.7.17 version for
 mbs1 due to an prerequisite to nss-3.16.1.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545
 http://www.mozilla.org/security/announce/2014/mfsa2014-55.html
 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1_release_notes
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 871b7828588ddba14fe5a3fa63353872  mes5/i586/libnspr4-4.10.6-0.1mdvmes5.2.i586.rpm
 a2c0b64bc6cd6e64aacf08e403c904be  mes5/i586/libnspr-devel-4.10.6-0.1mdvmes5.2.i586.rpm
 7e5de8bd72b992637677b8f0e785cd70  mes5/i586/libnss3-3.16.1-0.1mdvmes5.2.i586.rpm
 59a76907525859e8c5abb08af67db573  mes5/i586/libnss-devel-3.16.1-0.1mdvmes5.2.i586.rpm
 ca78336fa128083dafc47d99a5327d4f  mes5/i586/libnss-static-devel-3.16.1-0.1mdvmes5.2.i586.rpm
 aa17566d41af3c754cd33c51408542e8  mes5/i586/nss-3.16.1-0.1mdvmes5.2.i586.rpm
 8fc865c9d74bb3acb6c39e780c555388  mes5/i586/nss-doc-3.16.1-0.1mdvmes5.2.i586.rpm
 2622f5d0951a9e82726f18ac0c870797  mes5/i586/rootcerts-20140401.00-1mdvmes5.2.i586.rpm
 a452214d3dbdd48f67e51a0f60d9a0d1  mes5/i586/rootcerts-java-20140401.00-1mdvmes5.2.i586.rpm 
 2e37cefc0d57e66c496117eef3f8b64e  mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm
 d81f1303fee6dda1d9931194434a72cd  mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm
 1693219abe0845f4b277b5ce0af65864  mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 fefb6ed175ff09964d4289dd2e35e4e2  mes5/x86_64/lib64nspr4-4.10.6-0.1mdvmes5.2.x86_64.rpm
 a742bdf485719a4241232ead1aa58d79  mes5/x86_64/lib64nspr-devel-4.10.6-0.1mdvmes5.2.x86_64.rpm
 e6c55cec0b0c593eed088947cedeafcc  mes5/x86_64/lib64nss3-3.16.1-0.1mdvmes5.2.x86_64.rpm
 e4d27cd845a04e8f20ade562131166bb  mes5/x86_64/lib64nss-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm
 6aa535f37bb44453f2ffb9e2c6300866  mes5/x86_64/lib64nss-static-devel-3.16.1-0.1mdvmes5.2.x86_64.rpm
 85881c197e866031457d0c5e838c7130  mes5/x86_64/nss-3.16.1-0.1mdvmes5.2.x86_64.rpm
 daf3b5119cb885652bed0daf79a3b843  mes5/x86_64/nss-doc-3.16.1-0.1mdvmes5.2.x86_64.rpm
 22bcfc38fe4353ab329be15779ccbc4f  mes5/x86_64/rootcerts-20140401.00-1mdvmes5.2.x86_64.rpm
 7f53efea4b3bb272b1bd282aecbbe189  mes5/x86_64/rootcerts-java-20140401.00-1mdvmes5.2.x86_64.rpm 
 2e37cefc0d57e66c496117eef3f8b64e  mes5/SRPMS/nspr-4.10.6-0.1mdvmes5.2.src.rpm
 d81f1303fee6dda1d9931194434a72cd  mes5/SRPMS/nss-3.16.1-0.1mdvmes5.2.src.rpm
 1693219abe0845f4b277b5ce0af65864  mes5/SRPMS/rootcerts-20140401.00-1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 971ca03b751a5b3e6d3afefdc8ebf02b  mbs1/x86_64/lemon-3.7.17-1.mbs1.x86_64.rpm
 a217173e1ad73f0e3fa53e3fa6f64846  mbs1/x86_64/lib64nspr4-4.10.6-1.mbs1.x86_64.rpm
 e2ec066d21ebcbf33610694b484a8dc5  mbs1/x86_64/lib64nspr-devel-4.10.6-1.mbs1.x86_64.rpm
 b72f56cea5af20b689605f8608bd4e43  mbs1/x86_64/lib64nss3-3.16.1-1.mbs1.x86_64.rpm
 d88bf2c9244bae5bf3eae084d59b2603  mbs1/x86_64/lib64nss-devel-3.16.1-1.mbs1.x86_64.rpm
 b0962cfd80a4b2ca46dab9daa6f6a7e0  mbs1/x86_64/lib64nss-static-devel-3.16.1-1.mbs1.x86_64.rpm
 0b334598f4f234861b4fbfb6f42467ec  mbs1/x86_64/lib64sqlite3_0-3.7.17-1.mbs1.x86_64.rpm
 55b279bec9fc53e46212df18367cdea6  mbs1/x86_64/lib64sqlite3-devel-3.7.17-1.mbs1.x86_64.rpm
 b21fb9c68187079fb0a14f2d7a5874f2  mbs1/x86_64/lib64sqlite3-static-devel-3.7.17-1.mbs1.x86_64.rpm
 725ad41fdbc1c547f2c1283c1c855f1a  mbs1/x86_64/nss-3.16.1-1.mbs1.x86_64.rpm
 45838333e5000ae1064c93697b67d110  mbs1/x86_64/nss-doc-3.16.1-1.mbs1.noarch.rpm
 ef3993eb75903e2da63133926a05bb93  mbs1/x86_64/rootcerts-20140401.00-1.mbs1.x86_64.rpm
 8ac879f760d140f51fa7a7b924530d94  mbs1/x86_64/rootcerts-java-20140401.00-1.mbs1.x86_64.rpm
 fac1dec8bb96d10acc8562afa5836943  mbs1/x86_64/sqlite3-tcl-3.7.17-1.mbs1.x86_64.rpm
 f78b319fc6f6e236c41bb6236f227afe  mbs1/x86_64/sqlite3-tools-3.7.17-1.mbs1.x86_64.rpm 
 65bf32ce4c4bcf079599cd8a87048e22  mbs1/SRPMS/nspr-4.10.6-1.mbs1.src.rpm
 5d15ba18cb5a6ce74922f332aff834dc  mbs1/SRPMS/nss-3.16.1-1.mbs1.src.rpm
 d38697d45661b225754d9cabbb314e3d  mbs1/SRPMS/rootcerts-20140401.00-1.mbs1.src.rpm
 d0f6f79de5b2fc80fdb420c8131dd73e  mbs1/SRPMS/sqlite3-3.7.17-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.