Mageia alert MGASA-2014-0293 (nss, firefox, thunderbird)


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2014-0293: Updated nss, firefox and thunderbird packages fix security vulnerabilities 
Date:
    	       Sat, 26 Jul 2014 13:32:25 +0200
Message-ID:
    	       <20140726113226.128A85C684@valstar.mageia.org>
MGASA-2014-0293 - Updated nss, firefox and thunderbird packages fix security vulnerabilities

Publication date: 26 Jul 2014
URL: http://advisories.mageia.org/MGASA-2014-0293.html
Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2014-1544,
     CVE-2014-1547,
     CVE-2014-1555,
     CVE-2014-1556,
     CVE-2014-1557

Description:
A race condition was found in the way NSS verified certain certificates.
A remote attacker could use this flaw to crash an application using NSS or,
possibly, execute arbitrary code with the privileges of the user running
that application (CVE-2014-1544).

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the user
running it (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557).

The rootcerts and nss packages have been updated to NSS 3.16.3, and the
firefox and thunderbird packages have been updated to version 24.7.0, fixing
these issues.

References:
- https://bugs.mageia.org/show_bug.cgi?id=13790
- https://www.mozilla.org/security/announce/2014/mfsa2014-5...
- https://www.mozilla.org/security/announce/2014/mfsa2014-6...
- https://www.mozilla.org/security/announce/2014/mfsa2014-6...
- https://www.mozilla.org/security/announce/2014/mfsa2014-6...
- https://www.mozilla.org/security/announce/2014/mfsa2014-6...
- http://www.mozilla.org/security/known-vulnerabilities/fir...
- http://www.mozilla.org/security/known-vulnerabilities/thu...
- https://rhn.redhat.com/errata/RHSA-2014-0919.html
- https://rhn.redhat.com/errata/RHSA-2014-0918.html
- https://rhn.redhat.com/errata/RHSA-2014-0917.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557

SRPMS:
- 4/core/firefox-24.7.0-1.mga4
- 4/core/firefox-l10n-24.7.0-1.mga4
- 4/core/nss-3.16.3-1.mga4
- 4/core/rootcerts-20140703.00-1.mga4
- 4/core/thunderbird-24.7.0-1.mga4
- 4/core/thunderbird-l10n-24.7.0-1.mga4
- 3/core/firefox-24.7.0-1.mga3
- 3/core/firefox-l10n-24.7.0-1.mga3
- 3/core/nss-3.16.3-1.mga3
- 3/core/rootcerts-20140703.00-1.mga3
- 3/core/thunderbird-24.7.0-1.mga3
- 3/core/thunderbird-l10n-24.7.0-1.mga3

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2014-0293: Updated nss, firefox and thunderbird packages fix security vulnerabilities
Date:		Sat, 26 Jul 2014 13:32:25 +0200
Message-ID:		<20140726113226.128A85C684@valstar.mageia.org>