Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29969
HistoryOct 28, 2013 - 12:00 a.m.

[ MDVSA-2013:257 ] nss

2013-10-2800:00:00
vulners.com
21
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2013:257
http://www.mandriva.com/en/support/security/

Package : nss
Date : October 23, 2013
Affected: Business Server 1.0, Enterprise Server 5.0

Problem Description:

A vulnerability has been discovered and corrected in mozilla NSS:

Mozilla Network Security Services (NSS) before 3.15.2 does not ensure
that data structures are initialized before read operations, which
allow remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors that trigger a decryption failure
(CVE-2013-1739).

The updated mozilla NSS and NSPR packages have been upgraded to the
latest versions where the CVE-2013-1739 flaw has been fixed in NSS.

The rootcerts packages have been upgraded providing the latest root
CA certs from mozilla as of 2013/04/11.

The sqlite3 packages for mes5 have been upgraded to the 3.7.17
version to satisfy the requirements for a future upcoming Firefox 24
ESR advisory.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739

Updated Packages:

Mandriva Enterprise Server 5:
587019df50bb6ef8753566cf2a8cb4de mes5/i586/lemon-3.7.17-0.1mdvmes5.2.i586.rpm
82008150781f6d5f23553b162a753c79 mes5/i586/libnspr4-4.10.1-0.1mdvmes5.2.i586.rpm
9ff3b9941e2fd1dbb0cfa1cd58f09609 mes5/i586/libnspr-devel-4.10.1-0.1mdvmes5.2.i586.rpm
8a8107bad2958256418cb60c4e8062a5 mes5/i586/libnss3-3.15.2-0.1mdvmes5.2.i586.rpm
a7b0f150d386cddbdf4ed8af22f40302 mes5/i586/libnss-devel-3.15.2-0.1mdvmes5.2.i586.rpm
d5a8d29bd68428fba07fdd5f831e34a0 mes5/i586/libnss-static-devel-3.15.2-0.1mdvmes5.2.i586.rpm
57c7a509496c35f378854cba4948c46e mes5/i586/libsqlite3_0-3.7.17-0.1mdvmes5.2.i586.rpm
f02fe8f3d3fb794c2be28b42d3d1089a mes5/i586/libsqlite3-devel-3.7.17-0.1mdvmes5.2.i586.rpm
2faafb664205b424d525bedbdc54392a mes5/i586/libsqlite3-static-devel-3.7.17-0.1mdvmes5.2.i586.rpm
f2682f1c278247418c666a2a8fefb2c8 mes5/i586/nss-3.15.2-0.1mdvmes5.2.i586.rpm
fca6f06e016af9ff9e844d37abfb9601 mes5/i586/nss-doc-3.15.2-0.1mdvmes5.2.i586.rpm
ae326abf0a69ac6ab4bc5ee4550cc19c mes5/i586/rootcerts-20130411.00-1mdvmes5.2.i586.rpm
33ddec006b6c5370bd1b693eb5721b06 mes5/i586/rootcerts-java-20130411.00-1mdvmes5.2.i586.rpm
47601080d70c2a456ca46fd98fa4a8b0 mes5/i586/sqlite3-tcl-3.7.17-0.1mdvmes5.2.i586.rpm
7b8e73e484857f6ad66a1ba2757e1a25 mes5/i586/sqlite3-tools-3.7.17-0.1mdvmes5.2.i586.rpm
384b405ffe3c7ea9bcd7b51aaa6d2835 mes5/SRPMS/nspr-4.10.1-0.1mdvmes5.2.src.rpm
e433c4a380791da522b2198de6418328 mes5/SRPMS/nss-3.15.2-0.1mdvmes5.2.src.rpm
f2760a11ee4ce795f7ff3c143db5f32d mes5/SRPMS/rootcerts-20130411.00-1mdvmes5.2.src.rpm
1f361abd2225db81b21a359ccd44cd65 mes5/SRPMS/sqlite3-3.7.17-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
1d98b3083fada8ad644f4c51e2b6aa03 mes5/x86_64/lemon-3.7.17-0.1mdvmes5.2.x86_64.rpm
7bf3b9072f8f3a6097f1462176962f02 mes5/x86_64/lib64nspr4-4.10.1-0.1mdvmes5.2.x86_64.rpm
2690833d5e1972b1baa9849dd5a8a96d mes5/x86_64/lib64nspr-devel-4.10.1-0.1mdvmes5.2.x86_64.rpm
3715d923c9fb69dee65b5e23363d62b6 mes5/x86_64/lib64nss3-3.15.2-0.1mdvmes5.2.x86_64.rpm
1c6a20d0612ff100e77ed4bc1f69f15f mes5/x86_64/lib64nss-devel-3.15.2-0.1mdvmes5.2.x86_64.rpm
f15d15e29c982e314fb3d48c3e1f6b99 mes5/x86_64/lib64nss-static-devel-3.15.2-0.1mdvmes5.2.x86_64.rpm
55fad65e1cdcaf9351375a8ab8728668 mes5/x86_64/lib64sqlite3_0-3.7.17-0.1mdvmes5.2.x86_64.rpm
a76a8be2ab8412541695bd00b7beea83 mes5/x86_64/lib64sqlite3-devel-3.7.17-0.1mdvmes5.2.x86_64.rpm
e8a235871039b91d399b4608f2fbc8ce mes5/x86_64/lib64sqlite3-static-devel-3.7.17-0.1mdvmes5.2.x86_64.rpm
2abb704cc2806c97c534feb14c98d419 mes5/x86_64/nss-3.15.2-0.1mdvmes5.2.x86_64.rpm
70247384c252e09c2033a4651dbe7629 mes5/x86_64/nss-doc-3.15.2-0.1mdvmes5.2.x86_64.rpm
92530d8a7db00374f6b33ad56a4d5b48 mes5/x86_64/rootcerts-20130411.00-1mdvmes5.2.x86_64.rpm
5aeed38e9df38304330331a38c92a6e4 mes5/x86_64/rootcerts-java-20130411.00-1mdvmes5.2.x86_64.rpm
32c192e5eb1e361eb1dfbcd2d73006a1 mes5/x86_64/sqlite3-tcl-3.7.17-0.1mdvmes5.2.x86_64.rpm
366810425a1fd0cf72264d3a2a5c3b5e mes5/x86_64/sqlite3-tools-3.7.17-0.1mdvmes5.2.x86_64.rpm
384b405ffe3c7ea9bcd7b51aaa6d2835 mes5/SRPMS/nspr-4.10.1-0.1mdvmes5.2.src.rpm
e433c4a380791da522b2198de6418328 mes5/SRPMS/nss-3.15.2-0.1mdvmes5.2.src.rpm
f2760a11ee4ce795f7ff3c143db5f32d mes5/SRPMS/rootcerts-20130411.00-1mdvmes5.2.src.rpm
1f361abd2225db81b21a359ccd44cd65 mes5/SRPMS/sqlite3-3.7.17-0.1mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
f94509f81408f107c495dbe1a10f7c8d mbs1/x86_64/lib64nspr4-4.10.1-1.mbs1.x86_64.rpm
51fe851d5b93eede85715d8141ae386c mbs1/x86_64/lib64nspr-devel-4.10.1-1.mbs1.x86_64.rpm
2fc980b35d3b868850f59a557c9d76dd mbs1/x86_64/lib64nss3-3.15.2-1.mbs1.x86_64.rpm
48491aff7b534d29c456c83a3efd30f8 mbs1/x86_64/lib64nss-devel-3.15.2-1.mbs1.x86_64.rpm
365cb054fc0dda3e09c56477f2359166 mbs1/x86_64/lib64nss-static-devel-3.15.2-1.mbs1.x86_64.rpm
d4942a9a039c245d881641a41fa7639d mbs1/x86_64/nss-3.15.2-1.mbs1.x86_64.rpm
30fd49690e3d78fa976b3acc70bd3a61 mbs1/x86_64/nss-doc-3.15.2-1.mbs1.noarch.rpm
e082d21b5bd53a38be220b4d033b0922 mbs1/x86_64/rootcerts-20130411.00-1.mbs1.x86_64.rpm
54a1661464b62db879a95b8dc14d4662 mbs1/x86_64/rootcerts-java-20130411.00-1.mbs1.x86_64.rpm
d1eb79e5183c02465f20df148da90ed0 mbs1/SRPMS/nspr-4.10.1-1.mbs1.src.rpm
936ddd455f27b802e42b360440fa7514 mbs1/SRPMS/nss-3.15.2-1.mbs1.src.rpm
a2c2fe7591e999e8e1354d2dee1c1dbd mbs1/SRPMS/rootcerts-20130411.00-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSZ3A/mqjQ0CJFipgRAuayAJwOKuFgVWA0AZ2GPFdFHRchHvgvRQCfaxg/
ZYbVRZbcud6QvL0nYKzoPm4=
=EwpK
-----END PGP SIGNATURE-----

Related

nessus 47
cve 1
debian 3
securityvulns 2
prion 1
openvas 27
ubuntucve 1
debiancve 1
veracode 4
ubuntu 3
mozilla 1
oraclelinux 2
amazon 2
centos 2
redhat 3
gentoo 1
mageia 1
suse 1
freebsd 1
oracle 4
nessus
nessus
SuSE 11.2 Security Update : Mozilla NSS (SAT Patch Number 8484)
2013-11-17 00:00:00
Debian DSA-2790-1 : nss - uninitialized memory read
2013-11-04 00:00:00
SuSE 11.2 / 11.3 Security Update : Mozilla NSS (SAT Patch Numbers 8484 / 8485)
2013-11-17 00:00:00
cve
cve
CVE-2013-1739
2013-10-22 22:55:00
debian
debian
[SECURITY] [DSA 2790-1] nss security update
2013-11-02 06:11:39
[SECURITY] [DSA 2790-1] nss security update
2013-11-02 06:11:39
[BSA-091] Security Update for nss
2014-02-09 13:55:55
securityvulns
securityvulns
Mozilla nss uninitialized memory dereference
2013-10-28 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-11-05 00:00:00
prion
prion
Design/Logic Flaw
2013-10-22 22:55:00
openvas
openvas
Debian Security Advisory DSA 2790-1 (nss - uninitialized memory read)
2013-11-02 00:00:00
Debian Security Advisory DSA 2790-1 (nss - uninitialized memory read)
2013-11-02 00:00:00
Ubuntu Update for nss USN-2030-1
2013-11-21 00:00:00
ubuntucve
ubuntucve
CVE-2013-1739
2013-10-16 00:00:00
debiancve
debiancve
CVE-2013-1739
2013-10-22 22:55:00
veracode
veracode
Denial Of Service
2019-01-15 08:52:48
Denial Of Service (DoS)
2019-05-02 05:00:20
Authentication Bypass
2019-05-02 05:00:22
ubuntu
ubuntu
NSS vulnerabilities
2013-11-18 00:00:00
Thunderbird vulnerabilities
2013-10-31 00:00:00
Firefox vulnerabilities
2013-10-29 00:00:00
mozilla
mozilla
Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10) — Mozilla
2013-10-29 00:00:00
oraclelinux
oraclelinux
nss and nspr security, bug fix, and enhancement update
2013-12-05 00:00:00
nss, nspr, and nss-util security update
2013-12-12 00:00:00
amazon
amazon
Important: nss
2013-12-17 21:31:00
Important: nspr
2013-12-17 21:31:00
centos
centos
nspr, nss security update
2013-12-13 00:04:31
nspr, nss security update
2013-12-05 17:45:58
redhat
redhat
(RHSA-2013:1829) Important: nss, nspr, and nss-util security update
2013-12-12 00:00:00
(RHSA-2013:1791) Important: nss and nspr security, bug fix, and enhancement update
2013-12-05 00:00:00
(RHSA-2014:0041) Important: rhev-hypervisor6 security update
2014-01-21 00:00:00
gentoo
gentoo
Mozilla Network Security Service: Multiple vulnerabilities
2014-06-21 00:00:00
mageia
mageia
Updated firefox & related packages fix multiple security vulnerabilities
2013-11-09 22:55:13
suse
suse
Security update for Mozilla Firefox (important)
2013-11-15 03:04:14
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-10-29 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
JSON
Related for SECURITYVULNS:DOC:29969
nessus47cve1debian3securityvulns2prion1openvas27ubuntucve1debiancve1veracode4ubuntu3mozilla1oraclelinux2amazon2centos2redhat3gentoo1mageia1suse1freebsd1oracle4