Rapid7 Vulnerability & Exploit Database

ELSA-2012-0973 Moderate: Oracle Linux nss, nss-util, and nspr security, bug fix, and enhancement update

Back to Search

ELSA-2012-0973 Moderate: Oracle Linux nss, nss-util, and nspr security, bug fix, and enhancement update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
07/02/2012
Created
07/25/2018
Added
07/17/2012
Modified
07/04/2017

Description

Oracle Linux Security Advisory ELSA-2012-0973 https://rhn.redhat.com/errata/RHSA-2012-0973.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: nspr-4.9-1.el6.i686.rpm nspr-devel-4.9-1.el6.i686.rpm nss-3.13.3-6.0.1.el6.i686.rpm nss-devel-3.13.3-6.0.1.el6.i686.rpm nss-pkcs11-devel-3.13.3-6.0.1.el6.i686.rpm nss-sysinit-3.13.3-6.0.1.el6.i686.rpm nss-tools-3.13.3-6.0.1.el6.i686.rpm nss-util-3.13.3-2.el6.i686.rpm nss-util-devel-3.13.3-2.el6.i686.rpm x86_64: nspr-4.9-1.el6.i686.rpm nspr-4.9-1.el6.x86_64.rpm nspr-devel-4.9-1.el6.i686.rpm nspr-devel-4.9-1.el6.x86_64.rpm nss-3.13.3-6.0.1.el6.i686.rpm nss-3.13.3-6.0.1.el6.x86_64.rpm nss-devel-3.13.3-6.0.1.el6.i686.rpm nss-devel-3.13.3-6.0.1.el6.x86_64.rpm nss-pkcs11-devel-3.13.3-6.0.1.el6.i686.rpm nss-pkcs11-devel-3.13.3-6.0.1.el6.x86_64.rpm nss-sysinit-3.13.3-6.0.1.el6.x86_64.rpm nss-tools-3.13.3-6.0.1.el6.x86_64.rpm nss-util-3.13.3-2.el6.i686.rpm nss-util-3.13.3-2.el6.x86_64.rpm nss-util-devel-3.13.3-2.el6.i686.rpm nss-util-devel-3.13.3-2.el6.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/nspr-4.9-1.el6.src.rpm http://oss.oracle.com/ol6/SRPMS-updates/nss-3.13.3-6.0.1.el6.src.rpm http://oss.oracle.com/ol6/SRPMS-updates/nss-util-3.13.3-2.el6.src.rpm Description of changes: nspr [4.9-1] - Resolves: rhbz#799193 - Update to 4.9 nss [3.13.3-6.0.1.el6] - Added nss-vendor.patch to change vendor - Use blank image instead of clean.gif in tar ball [3.13.3-6] - Resolves: #rhbz#805232 PEM module may attempt to free uninitialized pointer [3.13.3-5] - Resolves: rhbz#717913 - [PEM] various flaws detected by Coverity - Require nss-util 3.13.3 [3.13.3-4] - Resolves: rhbz#772628 nss_Init leaks memory [3.13.3-3] - Resolves: rhbz#746632 - pem_CreateObject mem leak on non existing file name - Use completed patch per code review [3.13.3-2] - Resolves: rhbz#746632 - pem_CreateObject mem leak on non existing file name - Resolves: rhbz#768669 - PEM unregistered callback causes SIGSEGV [3.13.3-1] - Update to 3.13.3 - Resolves: rhbz#798539 - Distrust MITM subCAs issued by TrustWave - Remove builtins-nssckbi_1_88_rtm.patch which the rebase obsoletes nss-util [3.13.3-2] - Resolves: rhbz#799192 - Update to 3.13.3 - Update minimum nspr version for Requires and BuildRequires to 4.9 - Fix version/release in changelog to match the Version and Release tags, now 3.13.3-2 [3.13.1-5] - Resolves: rhbz#799192 - Update to 3.13.3

Solution(s)

  • oracle-linux-upgrade-nspr
  • oracle-linux-upgrade-nspr-devel
  • oracle-linux-upgrade-nss
  • oracle-linux-upgrade-nss-devel
  • oracle-linux-upgrade-nss-pkcs11-devel
  • oracle-linux-upgrade-nss-sysinit
  • oracle-linux-upgrade-nss-tools
  • oracle-linux-upgrade-nss-util
  • oracle-linux-upgrade-nss-util-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;