ID

VAR-201302-0332

CVE

CVE-2013-1620

TITLE

Mozilla Network Security Services of TLS Vulnerabilities that trigger identity attacks and plain text recovery attacks

DESCRIPTION

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. This vulnerability CVE-2013-0169 And related issues.A third party may be able to trigger identification and plain text recovery attacks through statistical analysis of timing data for crafted packets. Mozilla Network Security Services (NSS) is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Relevant releases VMware ESX 4.1 without patch ESX410-201312001 3. Problem Description a. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-2372, CVE-2012-3552, CVE-2013-2147, CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2234, CVE-2013-2237, CVE-2013-2232 to these issues. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201312401-SG ESX 4.0 ESX patch pending b. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0791 and CVE-2013-1620 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201312403-SG ESX 4.0 ESX patch pending 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESX 4.1 ------- File: ESX410-201312001.zip md5sum: c35763a84db169dd0285442d4129cc18 sha1sum: ee8e1b8d2d383422ff0dde04749c5d89e77d8e40 http://kb.vmware.com/kb/2061209 ESX410-201312001 contains ESX410-201312401-SG and ESX410-201312403-SG. References --- kernel (service console) --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232 --- NSPR and NSS (service console) --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1620 - ------------------------------------------------------------------------- 6. Change log 2013-12-05 VMSA-2013-0015 Initial security advisory in conjunction with the release of ESX 4.1 patches on 2013-12-05. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2013 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nss, nss-util, nss-softokn, and nspr security update Advisory ID: RHSA-2013:1144-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1144.html Issue date: 2013-08-07 CVE Names: CVE-2013-0791 CVE-2013-1620 ===================================================================== 1. Summary: Updated nss, nss-util, nss-softokn, and nspr packages that fix two security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. nss-softokn provides an NSS softoken cryptographic module. It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-1620) An out-of-bounds memory read flaw was found in the way NSS decoded certain certificates. If an application using NSS decoded a malformed certificate, it could cause the application to crash. (CVE-2013-0791) Red Hat would like to thank the Mozilla project for reporting CVE-2013-0791. Upstream acknowledges Ambroz Bizjak as the original reporter of CVE-2013-0791. This update also fixes the following bugs: * The RHBA-2013:0445 update (which upgraded NSS to version 3.14) prevented the use of certificates that have an MD5 signature. This caused problems in certain environments. With this update, certificates that have an MD5 signature are once again allowed. To prevent the use of certificates that have an MD5 signature, set the "NSS_HASH_ALG_SUPPORT" environment variable to "-MD5". (BZ#957603) * Previously, the sechash.h header file was missing, preventing certain source RPMs (such as firefox and xulrunner) from building. (BZ#948715) * A memory leak in the nssutil_ReadSecmodDB() function has been fixed. (BZ#984967) In addition, the nss package has been upgraded to upstream version 3.14.3, the nss-util package has been upgraded to upstream version 3.14.3, the nss-softokn package has been upgraded to upstream version 3.14.3, and the nspr package has been upgraded to upstream version 4.9.5. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#927157, BZ#927171, BZ#927158, BZ#927186) Users of NSS, NSPR, nss-util, and nss-softokn are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS, NSPR, nss-util, or nss-softokn must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 908234 - CVE-2013-1620 nss: TLS CBC padding timing attack 927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue [6.4.z] 927158 - Rebase to nss-softokn 3.14.3 to fix the lucky-13 issue [6.4.z] 927171 - Rebase to nss-util 3.14.3 as part of the fix for the lucky-13 issue [rhel-6.4.z] 927186 - Rebase to nspr-4.9.5 946947 - CVE-2013-0791 Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40) 984967 - nssutil_ReadSecmodDB() leaks memory [6.4.z] 985955 - nss-softokn: missing partial RELRO [6.4.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm i386: nspr-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nss-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-sysinit-3.14.3-4.el6_4.i686.rpm nss-tools-3.14.3-4.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm x86_64: nspr-4.9.5-2.el6_4.i686.rpm nspr-4.9.5-2.el6_4.x86_64.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nss-3.14.3-4.el6_4.i686.rpm nss-3.14.3-4.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm nss-sysinit-3.14.3-4.el6_4.x86_64.rpm nss-tools-3.14.3-4.el6_4.x86_64.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm i386: nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm x86_64: nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm x86_64: nspr-4.9.5-2.el6_4.i686.rpm nspr-4.9.5-2.el6_4.x86_64.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nss-3.14.3-4.el6_4.i686.rpm nss-3.14.3-4.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm nss-sysinit-3.14.3-4.el6_4.x86_64.rpm nss-tools-3.14.3-4.el6_4.x86_64.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm x86_64: nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm i386: nspr-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nss-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-sysinit-3.14.3-4.el6_4.i686.rpm nss-tools-3.14.3-4.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm ppc64: nspr-4.9.5-2.el6_4.ppc.rpm nspr-4.9.5-2.el6_4.ppc64.rpm nspr-debuginfo-4.9.5-2.el6_4.ppc.rpm nspr-debuginfo-4.9.5-2.el6_4.ppc64.rpm nspr-devel-4.9.5-2.el6_4.ppc.rpm nspr-devel-4.9.5-2.el6_4.ppc64.rpm nss-3.14.3-4.el6_4.ppc.rpm nss-3.14.3-4.el6_4.ppc64.rpm nss-debuginfo-3.14.3-4.el6_4.ppc.rpm nss-debuginfo-3.14.3-4.el6_4.ppc64.rpm nss-devel-3.14.3-4.el6_4.ppc.rpm nss-devel-3.14.3-4.el6_4.ppc64.rpm nss-softokn-3.14.3-3.el6_4.ppc.rpm nss-softokn-3.14.3-3.el6_4.ppc64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.ppc.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.ppc64.rpm nss-softokn-devel-3.14.3-3.el6_4.ppc.rpm nss-softokn-devel-3.14.3-3.el6_4.ppc64.rpm nss-softokn-freebl-3.14.3-3.el6_4.ppc.rpm nss-softokn-freebl-3.14.3-3.el6_4.ppc64.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.ppc.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.ppc64.rpm nss-sysinit-3.14.3-4.el6_4.ppc64.rpm nss-tools-3.14.3-4.el6_4.ppc64.rpm nss-util-3.14.3-3.el6_4.ppc.rpm nss-util-3.14.3-3.el6_4.ppc64.rpm nss-util-debuginfo-3.14.3-3.el6_4.ppc.rpm nss-util-debuginfo-3.14.3-3.el6_4.ppc64.rpm nss-util-devel-3.14.3-3.el6_4.ppc.rpm nss-util-devel-3.14.3-3.el6_4.ppc64.rpm s390x: nspr-4.9.5-2.el6_4.s390.rpm nspr-4.9.5-2.el6_4.s390x.rpm nspr-debuginfo-4.9.5-2.el6_4.s390.rpm nspr-debuginfo-4.9.5-2.el6_4.s390x.rpm nspr-devel-4.9.5-2.el6_4.s390.rpm nspr-devel-4.9.5-2.el6_4.s390x.rpm nss-3.14.3-4.el6_4.s390.rpm nss-3.14.3-4.el6_4.s390x.rpm nss-debuginfo-3.14.3-4.el6_4.s390.rpm nss-debuginfo-3.14.3-4.el6_4.s390x.rpm nss-devel-3.14.3-4.el6_4.s390.rpm nss-devel-3.14.3-4.el6_4.s390x.rpm nss-softokn-3.14.3-3.el6_4.s390.rpm nss-softokn-3.14.3-3.el6_4.s390x.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.s390.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.s390x.rpm nss-softokn-devel-3.14.3-3.el6_4.s390.rpm nss-softokn-devel-3.14.3-3.el6_4.s390x.rpm nss-softokn-freebl-3.14.3-3.el6_4.s390.rpm nss-softokn-freebl-3.14.3-3.el6_4.s390x.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.s390.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.s390x.rpm nss-sysinit-3.14.3-4.el6_4.s390x.rpm nss-tools-3.14.3-4.el6_4.s390x.rpm nss-util-3.14.3-3.el6_4.s390.rpm nss-util-3.14.3-3.el6_4.s390x.rpm nss-util-debuginfo-3.14.3-3.el6_4.s390.rpm nss-util-debuginfo-3.14.3-3.el6_4.s390x.rpm nss-util-devel-3.14.3-3.el6_4.s390.rpm nss-util-devel-3.14.3-3.el6_4.s390x.rpm x86_64: nspr-4.9.5-2.el6_4.i686.rpm nspr-4.9.5-2.el6_4.x86_64.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.x86_64.rpm nss-3.14.3-4.el6_4.i686.rpm nss-3.14.3-4.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.x86_64.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm nss-sysinit-3.14.3-4.el6_4.x86_64.rpm nss-tools-3.14.3-4.el6_4.x86_64.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm i386: nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm ppc64: nss-debuginfo-3.14.3-4.el6_4.ppc.rpm nss-debuginfo-3.14.3-4.el6_4.ppc64.rpm nss-pkcs11-devel-3.14.3-4.el6_4.ppc.rpm nss-pkcs11-devel-3.14.3-4.el6_4.ppc64.rpm s390x: nss-debuginfo-3.14.3-4.el6_4.s390.rpm nss-debuginfo-3.14.3-4.el6_4.s390x.rpm nss-pkcs11-devel-3.14.3-4.el6_4.s390.rpm nss-pkcs11-devel-3.14.3-4.el6_4.s390x.rpm x86_64: nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm i386: nspr-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nss-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-sysinit-3.14.3-4.el6_4.i686.rpm nss-tools-3.14.3-4.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm x86_64: nspr-4.9.5-2.el6_4.i686.rpm nspr-4.9.5-2.el6_4.x86_64.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.x86_64.rpm nss-3.14.3-4.el6_4.i686.rpm nss-3.14.3-4.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.x86_64.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm nss-sysinit-3.14.3-4.el6_4.x86_64.rpm nss-tools-3.14.3-4.el6_4.x86_64.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm i386: nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm x86_64: nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0791.html https://www.redhat.com/security/data/cve/CVE-2013-1620.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHBA-2013-0445.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSAo+lXlSAg2UNWIIRAi4kAJ0cXp7GWY8zHYfxviF3R6WB3cOlaACePdnV W7Ph1SnJjPLtEtsqk+XMl68= =LOHk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures: RHEV Hypervisor for RHEL-6 - noarch 3. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state. (CVE-2013-1620) It was found that the fix for CVE-2013-0167 released via RHSA-2013:0907 was incomplete. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. This updated package provides updated components that include fixes for various security issues. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates (CVE-2013-0743). The sqlite3 update addresses a crash when using svn commit after export MALLOC_CHECK_=3. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRXs87mqjQ0CJFipgRApRiAKDfmdXjMRCxXRr7W07dZkd5EBbggACgvCFx oo9AI76kr1Dhvb157gF22Cc= =5H/+ -----END PGP SIGNATURE----- . Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/nss < 3.15.3 >= 3.15.3 Description =========== Multiple vulnerabilities have been discovered in the Mozilla Network Security Service. Please review the CVE identifiers referenced below for more details about the vulnerabilities. Impact ====== A remote attacker can cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Network Security Service users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.15.3" Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2013-1620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1620 [ 2 ] CVE-2013-1739 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1739 [ 3 ] CVE-2013-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741 [ 4 ] CVE-2013-2566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566 [ 5 ] CVE-2013-5605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605 [ 6 ] CVE-2013-5606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606 [ 7 ] CVE-2013-5607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS