ELSA-2012-0973 Moderate: Oracle Linux nss, nss-util, and nspr security, bug fix, and enhancement update
Description
Oracle Linux Security Advisory ELSA-2012-0973 https://rhn.redhat.com/errata/RHSA-2012-0973.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: nspr-4.9-1.el6.i686.rpm nspr-devel-4.9-1.el6.i686.rpm nss-3.13.3-6.0.1.el6.i686.rpm nss-devel-3.13.3-6.0.1.el6.i686.rpm nss-pkcs11-devel-3.13.3-6.0.1.el6.i686.rpm nss-sysinit-3.13.3-6.0.1.el6.i686.rpm nss-tools-3.13.3-6.0.1.el6.i686.rpm nss-util-3.13.3-2.el6.i686.rpm nss-util-devel-3.13.3-2.el6.i686.rpm x86_64: nspr-4.9-1.el6.i686.rpm nspr-4.9-1.el6.x86_64.rpm nspr-devel-4.9-1.el6.i686.rpm nspr-devel-4.9-1.el6.x86_64.rpm nss-3.13.3-6.0.1.el6.i686.rpm nss-3.13.3-6.0.1.el6.x86_64.rpm nss-devel-3.13.3-6.0.1.el6.i686.rpm nss-devel-3.13.3-6.0.1.el6.x86_64.rpm nss-pkcs11-devel-3.13.3-6.0.1.el6.i686.rpm nss-pkcs11-devel-3.13.3-6.0.1.el6.x86_64.rpm nss-sysinit-3.13.3-6.0.1.el6.x86_64.rpm nss-tools-3.13.3-6.0.1.el6.x86_64.rpm nss-util-3.13.3-2.el6.i686.rpm nss-util-3.13.3-2.el6.x86_64.rpm nss-util-devel-3.13.3-2.el6.i686.rpm nss-util-devel-3.13.3-2.el6.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/nspr-4.9-1.el6.src.rpm http://oss.oracle.com/ol6/SRPMS-updates/nss-3.13.3-6.0.1.el6.src.rpm http://oss.oracle.com/ol6/SRPMS-updates/nss-util-3.13.3-2.el6.src.rpm Description of changes: nspr [4.9-1] - Resolves: rhbz#799193 - Update to 4.9 nss [3.13.3-6.0.1.el6] - Added nss-vendor.patch to change vendor - Use blank image instead of clean.gif in tar ball [3.13.3-6] - Resolves: #rhbz#805232 PEM module may attempt to free uninitialized pointer [3.13.3-5] - Resolves: rhbz#717913 - [PEM] various flaws detected by Coverity - Require nss-util 3.13.3 [3.13.3-4] - Resolves: rhbz#772628 nss_Init leaks memory [3.13.3-3] - Resolves: rhbz#746632 - pem_CreateObject mem leak on non existing file name - Use completed patch per code review [3.13.3-2] - Resolves: rhbz#746632 - pem_CreateObject mem leak on non existing file name - Resolves: rhbz#768669 - PEM unregistered callback causes SIGSEGV [3.13.3-1] - Update to 3.13.3 - Resolves: rhbz#798539 - Distrust MITM subCAs issued by TrustWave - Remove builtins-nssckbi_1_88_rtm.patch which the rebase obsoletes nss-util [3.13.3-2] - Resolves: rhbz#799192 - Update to 3.13.3 - Update minimum nspr version for Requires and BuildRequires to 4.9 - Fix version/release in changelog to match the Version and Release tags, now 3.13.3-2 [3.13.1-5] - Resolves: rhbz#799192 - Update to 3.13.3
Solution(s)
- oracle-linux-upgrade-nspr
- oracle-linux-upgrade-nspr-devel
- oracle-linux-upgrade-nss
- oracle-linux-upgrade-nss-devel
- oracle-linux-upgrade-nss-pkcs11-devel
- oracle-linux-upgrade-nss-sysinit
- oracle-linux-upgrade-nss-tools
- oracle-linux-upgrade-nss-util
- oracle-linux-upgrade-nss-util-devel
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center