[El-errata] ELSA-2015-1981 Critical: Oracle Linux 7 nss, nss-util, and nspr security update

Wed Nov 4 14:54:01 PST 2015

Oracle Linux Security Advisory ELSA-2015-1981

http://linux.oracle.com/errata/ELSA-2015-1981.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
nspr-4.10.8-2.el7_1.i686.rpm
nspr-4.10.8-2.el7_1.x86_64.rpm
nspr-devel-4.10.8-2.el7_1.i686.rpm
nspr-devel-4.10.8-2.el7_1.x86_64.rpm
nss-3.19.1-7.0.1.el7_1.2.i686.rpm
nss-3.19.1-7.0.1.el7_1.2.x86_64.rpm
nss-devel-3.19.1-7.0.1.el7_1.2.i686.rpm
nss-devel-3.19.1-7.0.1.el7_1.2.x86_64.rpm
nss-pkcs11-devel-3.19.1-7.0.1.el7_1.2.i686.rpm
nss-pkcs11-devel-3.19.1-7.0.1.el7_1.2.x86_64.rpm
nss-sysinit-3.19.1-7.0.1.el7_1.2.x86_64.rpm
nss-tools-3.19.1-7.0.1.el7_1.2.x86_64.rpm
nss-util-3.19.1-4.el7_1.i686.rpm
nss-util-3.19.1-4.el7_1.x86_64.rpm
nss-util-devel-3.19.1-4.el7_1.i686.rpm
nss-util-devel-3.19.1-4.el7_1.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/nspr-4.10.8-2.el7_1.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-3.19.1-7.0.1.el7_1.2.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-util-3.19.1-4.el7_1.src.rpm

Description of changes:

nspr
[4.10.8-2]
- Resolves: Bug 1269362 - CVE-2015-7183
- nspr: heap-buffer overflow in PL_ARENA_ALLOCATE can lead to crash 
(under ASAN), potential memory corruption

nss
[3.19.1-7.0.1]
- Added nss-vendor.patch to change vendor

[3.19.1-7.el7_2]
- Rebuild against updated NSPR

[3.19.1-7.el7_1.1]
- Rebuild against updated NSPR

[3.19.1-6]
- experimental build

nss-util
[3.19.1-4]
- Resolves: Bug 1269357 - CVE-2015-7182 CVE-2015-7181