|
|
ESB-2011.0952 - [SUSE] Mozilla NSS: Provide misleading information - Remote with user interaction |
|
Date: 16 September 2011 Original URL: http://www.auscert.org.au/render.html?cid=1980&it=14852 References: ESB-2011.0886.2 ESB-2011.0891 ESB-2011.0896 ESB-2011.0905 Click here for PGP verifiable version -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.0952
Security update for Mozilla NSS
16 September 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Mozilla NSS
Publisher: SUSE
Operating System: SUSE
Impact/Access: Provide Misleading Information -- Remote with User Interaction
Resolution: Patch/Upgrade
Reference: ESB-2011.0886.2
ESB-2011.0891
ESB-2011.0896
ESB-2011.0905
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for Mozilla NSS
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:1042-1
Rating: important
References: #714931
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Server 10 SP3
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
SLE SDK 10 SP3
______________________________________________________________________________
An update that contains security fixes can now be
installed. It includes four new package versions.
Description:
This update updates Mozilla NSS to 3.12.11.
The update marks the compromised DigiNotar Certificate
Authority as untrusted
For more information read:
MFSA 2011-34
<http://www.mozilla.org/security/announce/2011/mfsa2011-34.h
tml>
* update to 3.12.10 o root CA changes o filter certain
bogus certs (bmo#642815) o fix minor memory leaks o other
bugfixes
* update to 3.12.9 o fix minor memory leaks
(bmo#619268) o fix crash in nss_cms_decoder_work_data
(bmo#607058) o fix crash in certutil (bmo#620908) o handle
invalid argument in JPAKE (bmo#609068) o J-PAKE support
(API requirement for Firefox >= 4.0b8)
* replaced expired PayPal test certificate (fixing
testsuite)
* removed DigiNotar root certifiate from trusted db
(bmo#682927)
This update also brings the prerequired Mozilla NSPR to
version 4.8.9.
* update to 4.8.9
* update to 4.8.8 o support IPv6 on Android
(bmo#626866) o use AI_ADDRCONFIG for loopback hostnames
(bmo#614526) o support SDP sockets (bmo#518078) o support
m32r architecture (bmo#635667) o use atomic functions on
ARM (bmo#626309) o some other fixes not affecting the Linux
platform
Indications:
Please install this update.
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 1.9.2.22,3.12.11 and 4.8.9]:
mozilla-nspr-4.8.9-1.5.8
mozilla-nspr-devel-4.8.9-1.5.8
mozilla-nss-3.12.11-3.7.1
mozilla-nss-devel-3.12.11-3.7.1
mozilla-nss-tools-3.12.11-3.7.1
mozilla-xulrunner192-1.9.2.22-0.5.1
mozilla-xulrunner192-gnome-1.9.2.22-0.5.1
mozilla-xulrunner192-translations-1.9.2.22-0.5.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 3.6.22]:
MozillaFirefox-3.6.22-0.5.1
MozillaFirefox-translations-3.6.22-0.5.1
- SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 1.9.2.22,3.12.11 and 4.8.9]:
mozilla-nspr-32bit-4.8.9-1.5.8
mozilla-nss-32bit-3.12.11-3.7.1
mozilla-xulrunner192-32bit-1.9.2.22-0.5.1
mozilla-xulrunner192-gnome-32bit-1.9.2.22-0.5.1
mozilla-xulrunner192-translations-32bit-1.9.2.22-0.5.1
- SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.12.11 and 4.8.9]:
mozilla-nspr-x86-4.8.9-1.5.8
mozilla-nss-x86-3.12.11-3.7.1
- SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.12.11 and 4.8.9]:
mozilla-nspr-64bit-4.8.9-1.5.8
mozilla-nss-64bit-3.12.11-3.7.1
- SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64) [New Version: 1.9.2.22,3.12.11 and 4.8.9]:
mozilla-nspr-4.8.9-1.5.8
mozilla-nspr-devel-4.8.9-1.5.8
mozilla-nss-3.12.11-3.7.1
mozilla-nss-devel-3.12.11-3.7.1
mozilla-nss-tools-3.12.11-3.7.1
mozilla-xulrunner192-1.9.2.22-0.5.1
mozilla-xulrunner192-gnome-1.9.2.22-0.5.1
mozilla-xulrunner192-translations-1.9.2.22-0.5.1
- SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x) [New Version: 3.6.22]:
MozillaFirefox-3.6.22-0.5.1
MozillaFirefox-translations-3.6.22-0.5.1
- SUSE Linux Enterprise Server 10 SP3 (s390x x86_64) [New Version: 1.9.2.22,3.12.11 and 4.8.9]:
mozilla-nspr-32bit-4.8.9-1.5.8
mozilla-nss-32bit-3.12.11-3.7.1
mozilla-xulrunner192-32bit-1.9.2.22-0.5.1
mozilla-xulrunner192-gnome-32bit-1.9.2.22-0.5.1
mozilla-xulrunner192-translations-32bit-1.9.2.22-0.5.1
- SUSE Linux Enterprise Server 10 SP3 (ia64) [New Version: 3.12.11 and 4.8.9]:
mozilla-nspr-x86-4.8.9-1.5.8
mozilla-nss-x86-3.12.11-3.7.1
- SUSE Linux Enterprise Server 10 SP3 (ppc) [New Version: 3.12.11 and 4.8.9]:
mozilla-nspr-64bit-4.8.9-1.5.8
mozilla-nss-64bit-3.12.11-3.7.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 1.9.2.22,3.12.11 and 4.8.9]:
mozilla-nspr-4.8.9-1.5.8
mozilla-nspr-devel-4.8.9-1.5.8
mozilla-nss-3.12.11-3.7.1
mozilla-nss-devel-3.12.11-3.7.1
mozilla-nss-tools-3.12.11-3.7.1
mozilla-xulrunner192-1.9.2.22-0.5.1
mozilla-xulrunner192-gnome-1.9.2.22-0.5.1
mozilla-xulrunner192-translations-1.9.2.22-0.5.1
- SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 1.9.2.22,3.12.11 and 4.8.9]:
mozilla-nspr-32bit-4.8.9-1.5.8
mozilla-nss-32bit-3.12.11-3.7.1
mozilla-xulrunner192-32bit-1.9.2.22-0.5.1
mozilla-xulrunner192-gnome-32bit-1.9.2.22-0.5.1
mozilla-xulrunner192-translations-32bit-1.9.2.22-0.5.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 3.6.22]:
MozillaFirefox-3.6.22-0.5.1
MozillaFirefox-translations-3.6.22-0.5.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.12.11]:
mozilla-nss-tools-3.12.11-3.7.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x):
MozillaFirefox-branding-upstream-3.6.22-0.5.1
- SLE SDK 10 SP3 (i586 ia64 ppc s390x x86_64) [New Version: 3.12.11]:
mozilla-nss-tools-3.12.11-3.7.1
- SLE SDK 10 SP3 (i586 ia64 ppc s390x) [New Version: 3.6.22]:
MozillaFirefox-branding-upstream-3.6.22-0.5.1
References:
https://bugzilla.novell.com/714931
http://download.novell.com/patch/finder/?keywords=0cbbd57fe88e0d56f99e55b02c6dd00e
http://download.novell.com/patch/finder/?keywords=0fa2d48df2a14d895b40a98986c979d2
http://download.novell.com/patch/finder/?keywords=60cc7c3ba5950c0ed48767065adcc7ff
http://download.novell.com/patch/finder/?keywords=9ef69b89f3d89e966afa74994c2e541c
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTnKm/O4yVqjM2NGpAQLR9w//Ud6L9YhUkEdYqMTzotGxy4XRdg7o2vuA
BBSEeviscPOM3byOIhP9eUaQSJAHDPEELnlv4FsZZrdVCL66R/g9Ryo1Cu/2/bn9
kU2knB55xN59baxoqLbFSl6csDxQXGJCs7q2dLNlpdmLCCGsCHLzt8xbXvhV/agl
VqVH2IUMpx7FcQlkAMPyvNIAV6qQjYv3CWGj6ENGrMCu+wqSP3bfu7a88yENM8lf
8E/tEjjb4cmqJUqX2x79GgNGNpHdWL1BVf0iLsP07PCGO4DjTMLjAdgC9vKcy5Gq
9Pd1/qWk6AnfLZummdm59JD9k+mvW6HMn8/kjuELzi/OAum8qjZJLL0JpLolqgtL
AVlsniHwge7tKDwL3RVoQafJwTHXlWeWucVgm0ukSWzckulzGyfNhLgwK5qQA8Ux
GtHO4STifX8UVyLcvYFyTTVC9dNPSRDZvDZtcqEGxwSld/ceDVRwUhpX5HwNvqNJ
C1qtG+7oktJx5g3v+qTK5RJbVHtmAnb9vDHFHWDZkY/MbThNCrfwnCbdZtNt9NI0
z9J2xpPjYrxhA4+w/WCa0wUnN/QpSIOGKiHP1XNQDfKQglJv7Mt/RnZPooV73QPv
QRAnNt58CaYiPlq7n8zttVNwvv6/eV0njEvPXOiUR9QSIjaSBTrhgB9r7m0JCwql
ZCvr7ItxVVQ=
=jWHk
-----END PGP SIGNATURE-----
|