Login
Newsletter
Werbung
Sicherheit: Mangelnde Eingabeprüfung in nss
Aktuelle Meldungen Distributionen
Name: Mangelnde Eingabeprüfung in nss
ID: FEDORA-2014-16530
Distribution: Fedora
Plattformen: Fedora 20
Datum: Do, 8. Januar 2015, 06:14
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569
Applikationen: NSS

Originalnachricht

 
Name        : nss
Product     : Fedora 20
Version     : 3.17.3
Release     : 2.fc20
URL         : http://www.mozilla.org/projects/security/pki/nss/
Summary     : Network Security Services
Description :
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

-------------------------------------------------------------------------------
-
Update Information:

Update the nss, nss-softokn, and nss-util packages to nss-3.17.3



For more details on the bugs fixed with this release, please see the upstream
 release notes at



https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes


-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Dec 15 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-2
- Resolves: Bug 987189 - nss-tools RPM conflicts with perl-PAR-Packer
- Install pp man page in %{_datadir}/doc/nss-tools/pp.1
- Use %{_mandir} instead of /usr/share/man as more generic
* Sat Dec  6 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.3-1
- Update to nss-3.17.3
- Resolves: Bug 1171012 - nss-3.17.3 is available
- Resolves: Bug 994599 - Enable TLS 1.2 by default
* Mon Oct 13 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.2-1
- Update to nss-3.17.2
* Wed Sep 24 2014 Kai Engert <kaie@redhat.com> - 3.17.1-1
- Update to nss-3.17.1
- Add a mechanism to skip test suite execution during development work
* Fri Aug 22 2014 Elio Maldonado <emaldona@redhat.com> - 3.17.0-1
- Update to nss-3.17.0
* Wed Jul 30 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.2-2
- Replace expired PayPal test cert with current one to prevent build failure
* Mon Jun 30 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.2-1
- Update to nss-3.16.2
- Remove unwanted source directories at end of %prep so it truly removes them
- Skip the cipher suite already run as part of the nss-softokn build
- Resolves: Bug 1114319 - nss-3.16.2 is available
* Tue May  6 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.1-1
- Update to nss-3.16.1
- Update the iquote patch on account of the rebase
- Improve test error detection in the %section
- Resolves: Bug 1094702 - nss-3.16.1 is available
* Tue Mar 18 2014 Elio Maldonado <emaldona@redhat.com> - 3.16.0-1
- Update to nss-3.16.0
- Cleanup the copying of the tools man pages
- Update the iquote.patch on account of the rebase
* Fri Feb 28 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.5-1
- Update to nss-3.15.5 - Resolves: Bug 1066877
- Pick fix for same files in two packages that can create rpm conflict
- Move cert9.db, key4.db, and pkcs11.txt and their man pages to the main
 package where they rightfully belong
* Sat Feb  8 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-3
- Revert previous change that moved some sysinit manpages
- Restore nss-sysinit manpages tar archives to %files sysinit
- Removing spurious wildcard entry was the only change needed
* Sun Feb  2 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-2
- Selective merge fom master to pick up various fixes
- Update pem sources to latest from nss-pem upstream
- Pick up pem fixes verified on RHEL and applied upstream
- Fix a problem where same files in two rpms created rpm conflict
- All man pages are listed by name so there shouldn't be wildcard inclusion
* Tue Jan  7 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-1
- Update to nss-3.15.4 (hg tag NSS_3_15_4_RTM)
- Resolves: Bug 1049229 - nss-3.15.4 is available
- Resolves: Bug 1054456 - CVE-2013-1740 nss: false start PR_Recv information
 disclosure security issue
- Update pem sources to latest from the interim upstream for pem
- Remove no longer needed patches
- Update pem/rsawrapr.c patch on account of upstream changes to freebl/softoken
- Update iquote.patch on account of upstream changes
* Wed Dec 11 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3.1-1
- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM)
- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA
 2013-117)
- Resolves: Bug 1040192 - nss-3.15.3.1 is available
* Tue Dec  3 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3-2
- Bump the release tag
* Sun Nov 24 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3-1
- Update to NSS_3_15_3_RTM
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss:
 various flaws
- Fix option descriptions for setup-nsssysinit manpage
- Fix man page of nss-sysinit wrong path and other flaws
- Document email option for certutil manpage
- Remove unused patches
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1171012 - nss-3.17.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1171012
  [ 2 ] Bug #994599 - nss: should enable TLS 1.2 by default
        https://bugzilla.redhat.com/show_bug.cgi?id=994599
  [ 3 ] Bug #1155306 - Provide sym key derive mechansm as result of encryption
 of message
        https://bugzilla.redhat.com/show_bug.cgi?id=1155306
  [ 4 ] Bug #987189 - nss-tools RPM conflicts with perl-PAR-Packer
        https://bugzilla.redhat.com/show_bug.cgi?id=987189
  [ 5 ] Bug #1174493 - CVE-2014-1569 nss: QuickDER decoder length issue
 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1174493
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use
su -c 'yum update nss' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung