[El-errata] ELSA-2013-1829 Important: Oracle Linux 6 nss, nspr, and nss-util security update

Thu Dec 12 21:37:06 PST 2013

Oracle Linux Security Advisory ELSA-2013-1829

https://rhn.redhat.com/errata/RHSA-2013-1829.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
nspr-4.10.2-1.el6_5.i686.rpm
nspr-devel-4.10.2-1.el6_5.i686.rpm
nss-3.15.3-2.0.1.el6_5.i686.rpm
nss-devel-3.15.3-2.0.1.el6_5.i686.rpm
nss-pkcs11-devel-3.15.3-2.0.1.el6_5.i686.rpm
nss-sysinit-3.15.3-2.0.1.el6_5.i686.rpm
nss-tools-3.15.3-2.0.1.el6_5.i686.rpm
nss-util-3.15.3-1.el6_5.i686.rpm
nss-util-devel-3.15.3-1.el6_5.i686.rpm

x86_64:
nspr-4.10.2-1.el6_5.i686.rpm
nspr-4.10.2-1.el6_5.x86_64.rpm
nspr-devel-4.10.2-1.el6_5.i686.rpm
nspr-devel-4.10.2-1.el6_5.x86_64.rpm
nss-3.15.3-2.0.1.el6_5.i686.rpm
nss-3.15.3-2.0.1.el6_5.x86_64.rpm
nss-devel-3.15.3-2.0.1.el6_5.i686.rpm
nss-devel-3.15.3-2.0.1.el6_5.x86_64.rpm
nss-pkcs11-devel-3.15.3-2.0.1.el6_5.i686.rpm
nss-pkcs11-devel-3.15.3-2.0.1.el6_5.x86_64.rpm
nss-sysinit-3.15.3-2.0.1.el6_5.x86_64.rpm
nss-tools-3.15.3-2.0.1.el6_5.x86_64.rpm
nss-util-3.15.3-1.el6_5.i686.rpm
nss-util-3.15.3-1.el6_5.x86_64.rpm
nss-util-devel-3.15.3-1.el6_5.i686.rpm
nss-util-devel-3.15.3-1.el6_5.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/nspr-4.10.2-1.el6_5.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/nss-3.15.3-2.0.1.el6_5.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/nss-util-3.15.3-1.el6_5.src.rpm

Description of changes:

nspr
[4.10.0-2]
- Rebase to nspr-4.10.2
- Resolves: rhbz#1032485 - CVE-2013-5607 (MFSA 2013-103) Avoid unsigned 
integer wrapping in PL_ArenaAllocate (MFSA 2013-103)

nss
[3.15.3-2.0.1]
- Added nss-vendor.patch to change vendor

[3.15.3-2]
- Enable patch with fix for deadlock in trust domain lock and object lock
- Resolves: Bug 1036477 - deadlock in trust domain lock and object lock
- Disable hw gcm on rhel-5 based build environments where OS lacks support
- Rollback changes to build nss without softokn until Bug 689919 is approved
- Cipher suite was run as part of the nss-softokn build

[3.15.3-1]
- Update to NSS_3_15_3_RTM
- Resolves: Bug 1032470 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741

nss-util
[3.15.3-1]
- Update to NSS_3_15_3_RTM
- Resolves: rhbz#1032470 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741