[El-errata] ELSA-2014-1948 Important: Oracle Linux 7 nss, nss-util, and nss-softokn security, bug fix, and enhancement update

Tue Dec 2 20:42:53 PST 2014

Oracle Linux Security Advisory ELSA-2014-1948

https://rhn.redhat.com/errata/RHSA-2014-1948.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
nss-3.16.2.3-2.0.1.el7_0.i686.rpm
nss-3.16.2.3-2.0.1.el7_0.x86_64.rpm
nss-devel-3.16.2.3-2.0.1.el7_0.i686.rpm
nss-devel-3.16.2.3-2.0.1.el7_0.x86_64.rpm
nss-pkcs11-devel-3.16.2.3-2.0.1.el7_0.i686.rpm
nss-pkcs11-devel-3.16.2.3-2.0.1.el7_0.x86_64.rpm
nss-softokn-3.16.2.3-1.el7_0.i686.rpm
nss-softokn-3.16.2.3-1.el7_0.x86_64.rpm
nss-softokn-devel-3.16.2.3-1.el7_0.i686.rpm
nss-softokn-devel-3.16.2.3-1.el7_0.x86_64.rpm
nss-softokn-freebl-3.16.2.3-1.el7_0.i686.rpm
nss-softokn-freebl-3.16.2.3-1.el7_0.x86_64.rpm
nss-softokn-freebl-devel-3.16.2.3-1.el7_0.i686.rpm
nss-softokn-freebl-devel-3.16.2.3-1.el7_0.x86_64.rpm
nss-sysinit-3.16.2.3-2.0.1.el7_0.x86_64.rpm
nss-tools-3.16.2.3-2.0.1.el7_0.x86_64.rpm
nss-util-3.16.2.3-1.el7_0.i686.rpm
nss-util-3.16.2.3-1.el7_0.x86_64.rpm
nss-util-devel-3.16.2.3-1.el7_0.i686.rpm
nss-util-devel-3.16.2.3-1.el7_0.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/nss-3.16.2.3-2.0.1.el7_0.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-softokn-3.16.2.3-1.el7_0.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-util-3.16.2.3-1.el7_0.src.rpm

Description of changes:

nss
[3.16.2.3-2.0.1.el7_0]
- Added nss-vendor.patch to change vendor

[3.16.2.3-2]
- Restore patch for certutil man page
- supply missing options descriptions
- Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3

[3.16.2.3-1]
- Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3
- Support TLS_FALLBACK_SCSV in tstclnt and ssltap

[3.16.2-8]
- Fix crash in stan_GetCERTCertificate
- Resolves: Bug 1139349

nss-softokn
[3.16.2-3]
- Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3

[3.16.2-3]
- Resolves: Bug 1145433 - CVE-2014-1568

[3.16.2-1]
- Update to nss-3.16.2
- Resolves: Bug 1124659 - Rebase RHEL 7.1 to at least NSS-SOFTOKN 3.16.1 
(FF 31)

[3.15.4-2]
- Mass rebuild 2014-01-24

[3.15.3-4]
- Rebase to nss-3.15.4
- Resolves: Bug 1054457 - CVE-2013-1740
- Update softokn splitting script to oparate on the upstream pristine source
- Using the .gz archives directly, not repackaging as .bz2 ones
- Avoid unneeded manual steps that could introduce errors
- Update the iquote and build softoken only patches on account of the rebase

[3.15.3-3]
- Fix to allow level 1 fips mode if the db has no password
- Resolves: Bug 852023 - FIPS mode detection does not work

[3.15.3-2]
- Mass rebuild 2013-12-27

[3.15.3-1]
- Rebase to NSS_3_15_3_RTM
- Related: Bug 1031463 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741

[3.15.2-2]
- Resolves: rhbz#1020395 - Allow Level 1 FIPS mode if the nss db has no 
password

[3.15.2-1]
- Rebase to nss-softoken from nss-3.15.2
- Resolves: rhbz#1012679 - pick up NSS-SOFTOKN 3.15.2 (required for bug 
1012656)

[3.15.1-3]
- Add export NSS_ENABLE_ECC=1 rto the %build and %check sections
- Resolves: rhbz#752980 - [7.0 FEAT] Support ECDSA algorithm in the nss 
packag

[3.15.1-2]
- Remove an obsolete script and adjust the sources numbering accordingly

[3.15.1-1]
- Update to NSS_3_15_1_RTM

[3.15-4]
- Split off nss-softokn from the unstripped nss source tar ball

[3.15-3]
- Update to NSS_3_15_RTM
- Require nspr-4.10 or greater
- Fix patch that selects tests to run

[3.15-0.1.beta.3]
- Reverse the last changes since pk11gcmtest properly belongs to nss

[3.15-0.1.beta.2]
- Add lowhashtest and pk11gcmtest as unsupported tools
- Modify nss-softoken-split script to include them in the split

[3.15-0.1.beta.1]
- Update to NSS_3_15_BETA1
- Update spec file, patches, and helper scrips on account of a shallwer 
source tree

nss-util
[3.16.2.1-1]
- Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3