drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in nss
Name: |
Mehrere Probleme in nss |
|
ID: |
FEDORA-2011-17399 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 15 |
|
Datum: |
So, 22. Januar 2012, 12:43 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389 |
|
Applikationen: |
NSS |
|
Originalnachricht |
Name : nss Product : Fedora 15 Version : 3.13.1 Release : 10.fc15 URL : http://www.mozilla.org/projects/security/pki/nss/ Summary : Network Security Services Description : Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
------------------------------------------------------------------------------- - Update Information:
The latest version of Firefox and Thunderbird have the following changes:
* Added Type Inference, significantly improving JavaScript performance
* Added support for querying Do Not Track status via JavaScript
* Added support for font-stretch
* Improved support for text-overflow
* Improved standards support for HTML5, MathML, and CSS
* Fixed several stability issues
* Fixed several security issues
Notable nss changes include:
1. SSL 2.0 is disabled by default.
2. A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack
demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default.
Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.
3. SHA-224 is supported.
4. Added PORT_ErrorToString and PORT_ErrorToName to return the
error message and symbolic name of an NSS error code.
5. Added NSS_GetVersion to return the NSS version string.
6. Added experimental support of RSA-PSS to the softoken only
(contributed by Hanno Böck, http://rsapss.hboeck.de/).
------------------------------------------------------------------------------- - ChangeLog:
* Fri Jan 6 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.1-10 - Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity - NSS_SSL_CBC_RANDOM_IV set to 0 by default and changed to 1 on user request * Tue Dec 13 2011 elio maldonado <emaldona@redhat.com> - 3.13.1-9 - Revert to using current nss_softokn_version - Patch to deal with lack of sha224 is no longer needed * Tue Dec 13 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-8 - Resolves: Bug 754771 - [PEM] an unregistered callback causes a SIGSEGV * Mon Dec 12 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-7 - Resolves: Bug 750376 - nss 3.13 breaks sssd TLS - Fix how pem is built so that nss-3.13.x works with nss-softokn-3.12.y - Only patch blapitest for the lack of sha224 on system freebl - Completed the patch to make pem link against system freebl * Mon Dec 5 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-6 - Removed unwanted /usr/include/nss3 in front of the normal cflags include path - Removed unnecessary patch dealing with CERTDB_TERMINAL_RECORD, it's visible * Sun Dec 4 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-5 - Statically link the pem module against system freebl found in buildroot - Disabling sha224-related powerup selftest until we update softokn - Disable sha224 and pss tests which nss-softokn 3.12.x doesn't support * Fri Dec 2 2011 Elio Maldonado Batiz <emaldona@redhat.com> - 3.13.1-4 - Rebuild with nss-softokn from 3.12 in the buildroot - Allows the pem module to statically link against 3.12.x freebl - Required for using nss-3.13.x with nss-softokn-3.12.y for a merge inrto rhel git repo - Build will be temprarily placed on buildroot override but not pushed in bodhi * Fri Nov 4 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-2 - Fix broken dependencies by updating the nss-util and nss-softokn versions * Thu Nov 3 2011 Elio Maldonado <emaldona@redhat.com> - 3.13.1-1 - Update to NSS_3_13_1_RTM - Update builtin certs to those from NSSCKBI_1_88_RTM * Sat Oct 15 2011 Elio Maldonado <emaldona@redhat.com> - 3.13-1 - Update to NSS_3_13_RTM * Sat Oct 8 2011 Elio Maldonado <emaldona@redhat.com> - 3.13-0.1.rc0.1 - Update to NSS_3_13_RC0 * Wed Sep 14 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.11-3 - Fix attempt to free initilized pointer (#717338) - Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410) * Tue Sep 6 2011 Kai Engert <kaie@redhat.com> - 3.12.11-2 - Update builtins certs to those from NSSCKBI_1_87_RTM * Tue Aug 9 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.11-1 - Update to NSS_3_12_11_RTM * Sat Jul 23 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-6 - Indicate the provenance of stripped source tarball (#688015) * Mon Jun 27 2011 Michael Schwendt <mschwendt@fedoraproject.org> - 3.12.10-5 - Provide virtual -static package to meet guidelines (#609612). * Fri Jun 10 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-4 - Enable pluggable ecc support (#712556) - Disable the nssdb write-access-on-read-only-dir tests when user is root (#646045) * Fri May 20 2011 Dennis Gilmore <dennis@ausil.us> - 3.12.10-3 - make the testsuite non fatal on arm arches * Tue May 17 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-2 - Fix crmf hard-coded maximum size for wrapped private keys (#703656) * Fri May 6 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-1 - Update to NSS_3_12_10_RTM * Wed Apr 27 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-0.1.beta1 - Update to NSS_3_12_10_BETA1 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update nss' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|