[Oraclevm-errata] OVMSA-2014-0014 Important: Oracle VM 3.3 nss security update

Fri Aug 29 10:14:17 PDT 2014

Oracle VM Security Advisory OVMSA-2014-0014

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
nss-3.16.1-4.0.1.el6_5.x86_64.rpm
nss-sysinit-3.16.1-4.0.1.el6_5.x86_64.rpm
nss-tools-3.16.1-4.0.1.el6_5.x86_64.rpm

SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/nss-3.16.1-4.0.1.el6_5.src.rpm

Description of changes:

[3.16.1-4.0.1.el6_5]
- Added nss-vendor.patch to change vendor

[3.16.1-4]
- Update some patches on account of the rebase
- Resolves: Bug 1099619

[3.16.1-3]
- Backport nss-3.12.6 upstream fix required by Firefox 31
- Resolves: Bug 1099619

[3.16.1-2]
- Remove two unused patches and apply a needed one that was missed
- Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1

[3.16.1-1]
- Update to nss-3.16.1
- Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1

[3.15.3-6]
- Make pem's derEncodingsMatch function work with encrypted keys
- Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key 
ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL

[3.15.3-5]
- Remove unused patches
- Resolves: Bug 1048713

[3.15.3-4]
- Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key 
ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL

[3.15.3-3]
- Revoke trust in one mis-issued anssi certificate
- Resolves: Bug 1042685 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 
2013-117) [rhel-6.6]

[3.15.3-2]
- Enable patch with fix for deadlock in trust domain lock and object lock
- Resolves: Bug 1036477 - deadlock in trust domain lock and object lock
- Disable hw gcm on rhel-5 based build environments where OS lacks support
- Rollback changes to build nss without softokn until Bug 689919 is approved
- Cipher suite was run as part of the nss-softokn build

[3.15.3-1]
- Update to NSS_3_15_3_RTM
- Resolves: Bug 1032470 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741

[3.15.1-15]
- Using export NSS_DISABLE_HW_GCM=1 to deal with some problemmatic build 
systems
- Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must 
be /usr/lib64/libnssckbi.so

[3.15.1-14]
- Add s390x and ia64 to the %define multilib_arches list used for 
defining alt_ckbi
- Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must 
be /usr/lib64/libnssckbi.so

[3.15.1-13]
- Add zero default value to DISABLETEST check and fix the TEST_FAILURES 
check and reporting
- Resolves: rhbz#990631 - file permissions of pkcs11.txt/secmod.db must 
be kept when modified by NSS
- Related: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

[3.15.1-12]
- Add a zero default value to the DISABLETEST and TEST_FAILURES checks
- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

[3.15.1-11]
- Fix the test for zero failures in the %check section
- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

[3.15.1-10]
- Restore a mistakenly removed patch
- Resolves: rhbz#961659 - SQL backend does not reload certificates

[3.15.1-9]
- Rebuild for the pem module to link with freel from 
nss-softokn-3.14.3-6.el6
- Related: rhbz#993441 - NSS needs to conform to new FIPS standard. 
[rhel-6.5.0]
- Related: rhbz#1010224 - NSS 3.15 breaks SSL in OpenLDAP clients

[3.15.1-8]
- Don't require nss-softokn-fips
- Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. 
[rhel-6.5.0]

[3.15.1-7]
- Additional syntax fixes in nss-versus-softoken-test.patch
- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

[3.15.1-6]
- Fix all.sh test for which application was last build by updating 
nss-versus-softoken-test.path
- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

[3.15.1-5]
- Disable the cipher suite already run as part of the nss-softokn build
- Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. 
[rhel-6.5.0]

[3.15.1-4]
- Require nss-softokn-fips
- Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. 
[rhel-6.5.0]