[El-errata] ELSA-2013-1144 Moderate: Oracle Linux 6 nss, nss-util, nss-softokn, and nspr security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Aug 7 17:03:28 PDT 2013
Oracle Linux Security Advisory ELSA-2013-1144
https://rhn.redhat.com/errata/RHSA-2013-1144.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
nspr-4.9.5-2.el6_4.i686.rpm
nspr-devel-4.9.5-2.el6_4.i686.rpm
nss-3.14.3-4.0.1.el6_4.i686.rpm
nss-devel-3.14.3-4.0.1.el6_4.i686.rpm
nss-pkcs11-devel-3.14.3-4.0.1.el6_4.i686.rpm
nss-softokn-3.14.3-3.el6_4.i686.rpm
nss-softokn-devel-3.14.3-3.el6_4.i686.rpm
nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm
nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm
nss-sysinit-3.14.3-4.0.1.el6_4.i686.rpm
nss-tools-3.14.3-4.0.1.el6_4.i686.rpm
nss-util-3.14.3-3.el6_4.i686.rpm
nss-util-devel-3.14.3-3.el6_4.i686.rpm
x86_64:
nspr-4.9.5-2.el6_4.i686.rpm
nspr-4.9.5-2.el6_4.x86_64.rpm
nspr-devel-4.9.5-2.el6_4.i686.rpm
nspr-devel-4.9.5-2.el6_4.x86_64.rpm
nss-3.14.3-4.0.1.el6_4.i686.rpm
nss-3.14.3-4.0.1.el6_4.x86_64.rpm
nss-devel-3.14.3-4.0.1.el6_4.i686.rpm
nss-devel-3.14.3-4.0.1.el6_4.x86_64.rpm
nss-pkcs11-devel-3.14.3-4.0.1.el6_4.i686.rpm
nss-pkcs11-devel-3.14.3-4.0.1.el6_4.x86_64.rpm
nss-softokn-3.14.3-3.el6_4.i686.rpm
nss-softokn-3.14.3-3.el6_4.x86_64.rpm
nss-softokn-devel-3.14.3-3.el6_4.i686.rpm
nss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm
nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm
nss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm
nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm
nss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm
nss-sysinit-3.14.3-4.0.1.el6_4.x86_64.rpm
nss-tools-3.14.3-4.0.1.el6_4.x86_64.rpm
nss-util-3.14.3-3.el6_4.i686.rpm
nss-util-3.14.3-3.el6_4.x86_64.rpm
nss-util-devel-3.14.3-3.el6_4.i686.rpm
nss-util-devel-3.14.3-3.el6_4.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/nspr-4.9.5-2.el6_4.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/nss-3.14.3-4.0.1.el6_4.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/nss-softokn-3.14.3-3.el6_4.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/nss-util-3.14.3-3.el6_4.src.rpm
Description of changes:
nspr
[4.9.5-2]
- Update to NSPR_4_9_5_RTM
- Resolves: rhbz#927186 - Rebase to nspr-4.9.5
- Add upstream URL for an existing patch per packaging guidelines
[4.9.5-1]
- Resolves: Rebase to nspr-4.9.5
[4.9.2-1]
- Update to nspr-4.9.2
- Related: rhbz#863286
nss
[3.14.3-4.0.1.el6_4]
- Added nss-vendor.patch to change vendor
[3.14.3-4]
- Revert to accepting MD5 on digital signatures by default
- Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled
[3.14.3-3]
- Ensure pem uses system freebl as with this update freebl brings in new
API's
- Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the
lucky-13 issue
[3.14.3-2]
- Install sechash.h and secmodt.h which are now provided by nss-devel
- Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the
lucky-13 issue
- Remove unsafe -r option from commands that remove headers already
shipped by nss-util and nss-softoken
[3.14.3-1]
- Update to NSS_3.14.3_RTM
- Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the
lucky-13 issue
- Update expired test certificates (fixed in upstream bug 852781)
- Sync up pem module's rsawrapr.c with softoken's upstream changes for
nss-3.14.3
- Reactivate the aia tests
nss-softokn
[3.14.3-3]
- Add patch to conditionally compile according to old or new sqlite api
- new is used on rhel-6 while rhel-5 uses old but we need the same code
for both
- Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the
lucky-13 issue
[3.14.3-2]
- Revert to using a code patch for relro support
- Related: rhbz#927158
[3.14.3-1]
- Update to NSS_3_14_3_RTM
- Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the
lucky-13 issue
- Add export LD_LIBRARY_PATH=//usr/lib before the signing commands in
__spec_install_post scriplet
to ensure signing tool links with in-tree freebl so verification uses
same algorithm as in signing
- Add %check section to run the upstream crypto reqression test suite as
per packaging guidelines
- Don't install sechash.h or secmodt.h which as per 3.14 are provided by
nss-devel
- Update the licence to MPLv2.0
[3.12.9-12]
- Bootstrapping of the builroot in preparation for rebase to 3.14.3
- Remove hasht.h from the %files devel list to prevent update conflicts
with nss-util
- With 3.14.3 hasht.h will be provided by nss-util-devel
- Related: rhbz#927158 - rebase nss-softokn to 3.14.3
nss-util
[3.14.3-3]
- Resolves: rhbz#984967 - nssutil_ReadSecmodDB leaks memory
[3.14.3-2]
- Revert to accepting MD5 on digital signatures by default
- Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled
[3.14.3-1]
- Update to NSS_3_14_3_RTM
- Resolves: rhbz#927171 - Rebase to 3.14.3 as part of the fix for the
lucky-13 issue
More information about the El-errata
mailing list