[El-errata] ELSA-2013-1144 Moderate: Oracle Linux 6 nss, nss-util, nss-softokn, and nspr security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Aug 7 17:03:28 PDT 2013 

Oracle Linux Security Advisory ELSA-2013-1144

https://rhn.redhat.com/errata/RHSA-2013-1144.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
nspr-4.9.5-2.el6_4.i686.rpm
nspr-devel-4.9.5-2.el6_4.i686.rpm
nss-3.14.3-4.0.1.el6_4.i686.rpm
nss-devel-3.14.3-4.0.1.el6_4.i686.rpm
nss-pkcs11-devel-3.14.3-4.0.1.el6_4.i686.rpm
nss-softokn-3.14.3-3.el6_4.i686.rpm
nss-softokn-devel-3.14.3-3.el6_4.i686.rpm
nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm
nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm
nss-sysinit-3.14.3-4.0.1.el6_4.i686.rpm
nss-tools-3.14.3-4.0.1.el6_4.i686.rpm
nss-util-3.14.3-3.el6_4.i686.rpm
nss-util-devel-3.14.3-3.el6_4.i686.rpm

x86_64:
nspr-4.9.5-2.el6_4.i686.rpm
nspr-4.9.5-2.el6_4.x86_64.rpm
nspr-devel-4.9.5-2.el6_4.i686.rpm
nspr-devel-4.9.5-2.el6_4.x86_64.rpm
nss-3.14.3-4.0.1.el6_4.i686.rpm
nss-3.14.3-4.0.1.el6_4.x86_64.rpm
nss-devel-3.14.3-4.0.1.el6_4.i686.rpm
nss-devel-3.14.3-4.0.1.el6_4.x86_64.rpm
nss-pkcs11-devel-3.14.3-4.0.1.el6_4.i686.rpm
nss-pkcs11-devel-3.14.3-4.0.1.el6_4.x86_64.rpm
nss-softokn-3.14.3-3.el6_4.i686.rpm
nss-softokn-3.14.3-3.el6_4.x86_64.rpm
nss-softokn-devel-3.14.3-3.el6_4.i686.rpm
nss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm
nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm
nss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm
nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm
nss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm
nss-sysinit-3.14.3-4.0.1.el6_4.x86_64.rpm
nss-tools-3.14.3-4.0.1.el6_4.x86_64.rpm
nss-util-3.14.3-3.el6_4.i686.rpm
nss-util-3.14.3-3.el6_4.x86_64.rpm
nss-util-devel-3.14.3-3.el6_4.i686.rpm
nss-util-devel-3.14.3-3.el6_4.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/nspr-4.9.5-2.el6_4.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/nss-3.14.3-4.0.1.el6_4.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/nss-softokn-3.14.3-3.el6_4.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/nss-util-3.14.3-3.el6_4.src.rpm



Description of changes:

nspr
[4.9.5-2]
- Update to NSPR_4_9_5_RTM
- Resolves: rhbz#927186 - Rebase to nspr-4.9.5
- Add upstream URL for an existing patch per packaging guidelines

[4.9.5-1]
- Resolves: Rebase to nspr-4.9.5

[4.9.2-1]
- Update to nspr-4.9.2
- Related: rhbz#863286

nss
[3.14.3-4.0.1.el6_4]
- Added nss-vendor.patch to change vendor

[3.14.3-4]
- Revert to accepting MD5 on digital signatures by default
- Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled

[3.14.3-3]
- Ensure pem uses system freebl as with this update freebl brings in new 
API's
- Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the 
lucky-13 issue

[3.14.3-2]
- Install sechash.h and secmodt.h which are now provided by nss-devel
- Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the 
lucky-13 issue
- Remove unsafe -r option from commands that remove headers already 
shipped by nss-util and nss-softoken

[3.14.3-1]
- Update to NSS_3.14.3_RTM
- Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the 
lucky-13 issue
- Update expired test certificates (fixed in upstream bug 852781)
- Sync up pem module's rsawrapr.c with softoken's upstream changes for 
nss-3.14.3
- Reactivate the aia tests

nss-softokn
[3.14.3-3]
- Add patch to conditionally compile according to old or new sqlite api
- new is used on rhel-6 while rhel-5 uses old but we need the same code 
for both
- Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the 
lucky-13 issue

[3.14.3-2]
- Revert to using a code patch for relro support
- Related: rhbz#927158

[3.14.3-1]
- Update to NSS_3_14_3_RTM
- Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the 
lucky-13 issue
- Add export LD_LIBRARY_PATH=//usr/lib before the signing commands in 
__spec_install_post scriplet
to ensure signing tool links with in-tree freebl so verification uses 
same algorithm as in signing
- Add %check section to run the upstream crypto reqression test suite as 
per packaging guidelines
- Don't install sechash.h or secmodt.h which as per 3.14 are provided by 
nss-devel
- Update the licence to MPLv2.0

[3.12.9-12]
- Bootstrapping of the builroot in preparation for rebase to 3.14.3
- Remove hasht.h from the %files devel list to prevent update conflicts 
with nss-util
- With 3.14.3 hasht.h will be provided by nss-util-devel
- Related: rhbz#927158 - rebase nss-softokn to 3.14.3

nss-util
[3.14.3-3]
- Resolves: rhbz#984967 - nssutil_ReadSecmodDB leaks memory

[3.14.3-2]
- Revert to accepting MD5 on digital signatures by default
- Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled

[3.14.3-1]
- Update to NSS_3_14_3_RTM
- Resolves: rhbz#927171 - Rebase to 3.14.3 as part of the fix for the 
lucky-13 issue

More information about the El-errata mailing list