Mehrere Probleme in nspr
ID: | FEDORA-2011-17399 |
Distribution: | Fedora |
Plattformen: | Fedora 15 |
Datum: | So, 22. Januar 2012, 12:42 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389 |
Applikationen: | NSPR |
Originalnachricht |
|
Name : nspr Product : Fedora 15 Version : 4.8.9 Release : 2.fc15 URL : http://www.mozilla.org/projects/nspr/ Summary : Netscape Portable Runtime Description : NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management (malloc and free) and shared library linking. -------------------------------------------------------------------------------- Update Information: The latest version of Firefox and Thunderbird have the following changes: * Added Type Inference, significantly improving JavaScript performance * Added support for querying Do Not Track status via JavaScript * Added support for font-stretch * Improved support for text-overflow * Improved standards support for HTML5, MathML, and CSS * Fixed several stability issues * Fixed several security issues Notable nss changes include: 1. SSL 2.0 is disabled by default. 2. A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. 3. SHA-224 is supported. 4. Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code. 5. Added NSS_GetVersion to return the NSS version string. 6. Added experimental support of RSA-PSS to the softoken only (contributed by Hanno Böck, http://rsapss.hboeck.de/). -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 8 2011 Ville Skyttä |