openSUSE alert openSUSE-SU-2012:0030-1 (mozilla-nss) [LWN.net]


From:
    	       opensuse-security@opensuse.org 
To:
    	       opensuse-updates@opensuse.org 
Subject:
    	       openSUSE-SU-2012:0030-1: moderate: mozilla-nss to 3.13.1 
Date:
    	       Thu,  5 Jan 2012 12:09:23 +0100 (CET)
Message-ID:
    	       <20120105110923.1CC1632299@maintenance.suse.de>
Archive-link:
    	       Article, Thread
              
   openSUSE Security Update: mozilla-nss to 3.13.1
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0030-1
Rating:             moderate
References:         #726096 
Cross-References:   CVE-2011-3389 CVE-2011-3640
Affected Products:
                    openSUSE 11.4
                    openSUSE 11.3
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.
   It includes one version update.

Description:

   The Mozilla NSS libraries were updated to version  3.13.1
   to fix various bugs and security problems.

   Following security issues were fixed:
   * SSL 2.0 is disabled by default
   * A defense against the SSL 3.0 and TLS 1.0 CBC chosen
   plaintext attack demonstrated by Rizzo and Duong
   (CVE-2011-3389) is enabled by default. Set the
   SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.
   bnc#
   * SHA-224 is supported
   * NSS_NoDB_Init does not try to open /pkcs11.txt and
   /secmod.db anymore (bmo#641052, bnc#726096)
   (CVE-2011-3640)

   Also following bugs were fixed:
   * fix spec file syntax for qemu-workaround
   * Added a patch to fix errors in the pkcs11n.h header file.
   (bmo#702090)
   * better SHA-224 support (bmo#647706)
   * SHA-224 is supported
   * Added PORT_ErrorToString and PORT_ErrorToName to return
   the error message and symbolic name of an NSS error code
   * Added NSS_GetVersion to return the NSS version string
   * Added experimental support of RSA-PSS to the softoken only


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch nss-201112-5564

   - openSUSE 11.3:

      zypper in -t patch nss-201112-5564

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64) [New Version: 3.13.1]:

      libfreebl3-3.13.1-0.2.1
      libsoftokn3-3.13.1-0.2.1
      mozilla-nss-3.13.1-0.2.1
      mozilla-nss-certs-3.13.1-0.2.1
      mozilla-nss-devel-3.13.1-0.2.1
      mozilla-nss-sysinit-3.13.1-0.2.1
      mozilla-nss-tools-3.13.1-0.2.1

   - openSUSE 11.4 (x86_64) [New Version: 3.13.1]:

      libfreebl3-32bit-3.13.1-0.2.1
      libsoftokn3-32bit-3.13.1-0.2.1
      mozilla-nss-32bit-3.13.1-0.2.1
      mozilla-nss-certs-32bit-3.13.1-0.2.1
      mozilla-nss-sysinit-32bit-3.13.1-0.2.1

   - openSUSE 11.3 (i586 x86_64) [New Version: 3.13.1]:

      libfreebl3-3.13.1-0.2.1
      libsoftokn3-3.13.1-0.2.1
      mozilla-nss-3.13.1-0.2.1
      mozilla-nss-certs-3.13.1-0.2.1
      mozilla-nss-devel-3.13.1-0.2.1
      mozilla-nss-sysinit-3.13.1-0.2.1
      mozilla-nss-tools-3.13.1-0.2.1

   - openSUSE 11.3 (x86_64) [New Version: 3.13.1]:

      libfreebl3-32bit-3.13.1-0.2.1
      libsoftokn3-32bit-3.13.1-0.2.1
      mozilla-nss-32bit-3.13.1-0.2.1
      mozilla-nss-certs-32bit-3.13.1-0.2.1
      mozilla-nss-sysinit-32bit-3.13.1-0.2.1


References:

   http://support.novell.com/security/cve/CVE-2011-3389.html
   http://support.novell.com/security/cve/CVE-2011-3640.html
   https://bugzilla.novell.com/726096
(Log in to post comments)