nspr-4.10.8-2.AXS4, nss-util-3.19.1-2.AXS4, nss-3.19.1-5.AXS4

エラータID: AXSA:2015-535:01

Release date: 
Friday, November 6, 2015 - 10:43
Subject: 
nspr-4.10.8-2.AXS4, nss-util-3.19.1-2.AXS4, nss-3.19.1-5.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

nspr
NSPR provides platform independence for non-GUI operating system
facilities. These facilities include threads, thread synchronization,
normal file and network I/O, interval timing and calendar time, basic
memory management (malloc and free) and shared library linking.

nss
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

nss-util
Utilities for Network Security Services and the Softoken module

Security issues fixed with this release:

CVE-2015-7181
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-7182
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-7183
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2015-7181
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
CVE-2015-7182
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
CVE-2015-7183
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Additional Info: 

N/A

Download: 

SRPMS
  1. nspr-4.10.8-2.AXS4.src.rpm
    MD5: ad160c1f4a7be8647bcbf5624a49ebb1
    SHA-256: 0a85d45353d32a5d0edaf92e2032b920e731f47ad40a0b06b4c1dda59a7abee6
    Size: 867.16 kB
  2. nss-util-3.19.1-2.AXS4.src.rpm
    MD5: 1dcacd85334c3dd8124981607de5c20f
    SHA-256: b3e9ac96c1055ba86d42f3dd476bd405678a569f0b1f1f58575c82bf05d7d5f1
    Size: 735.03 kB
  3. nss-3.19.1-5.AXS4.src.rpm
    MD5: 0df2c3963d4474b085eca2d3439c6863
    SHA-256: 2d3136edbfc3d61ab962a00a3559ac786c1dcddf51105af9d2e80c538c3857bb
    Size: 5.34 MB

Asianux Server 4 for x86
  1. nspr-4.10.8-2.AXS4.i686.rpm
    MD5: 95059841b70a27201e44e9d78932ef10
    SHA-256: c68fe939f7507a9a67db3c9846ee70c45bac81bcf1f85cb52895c94914458063
    Size: 115.61 kB
  2. nspr-devel-4.10.8-2.AXS4.i686.rpm
    MD5: b9352b97dfbdad76bce39fa51b0985ec
    SHA-256: 4020c1b9e4af3c23d6bce694b47fb3a592cffb45a406aa30ca0983d786072895
    Size: 110.95 kB
  3. nss-util-3.19.1-2.AXS4.i686.rpm
    MD5: cad74be1606e3cd951b34a75076fb441
    SHA-256: 17ff4a46491485043c01d9d0175649e045c94c6c6c37127fdc46e71529402fa7
    Size: 65.45 kB
  4. nss-util-devel-3.19.1-2.AXS4.i686.rpm
    MD5: 481c05c074aad9343717f00842881bda
    SHA-256: 4576e0ec96dd840d90310624bbcfd35fe54636ff7f7bbd9e2ed05a7e15b6e1c0
    Size: 67.59 kB
  5. nss-3.19.1-5.AXS4.i686.rpm
    MD5: 52e2f86e09d51b648a95e0bb38901b80
    SHA-256: c1822f11646f2855dab93147630a258be2491d35e71382414a1422f6b384f12a
    Size: 859.62 kB
  6. nss-devel-3.19.1-5.AXS4.i686.rpm
    MD5: 052b3c73c845b425f7cafd4a74b8db6f
    SHA-256: a6f61921e036d1fb343dac9c17c7aa9249b121d2ec9e798311c33acd81bcd90b
    Size: 202.02 kB
  7. nss-sysinit-3.19.1-5.AXS4.i686.rpm
    MD5: e7b8a6eefa4e7a580818eec490d6681b
    SHA-256: c6edead08d54b3d8ed94826f2b5a2312e4e820f68f6a9b52b54ede2f6e0e4bdb
    Size: 45.22 kB
  8. nss-tools-3.19.1-5.AXS4.i686.rpm
    MD5: 980f2f4d6cdc7c7eec6d4bf2c355a08e
    SHA-256: f8952edbe95d94fd5757004dfcddf84d1eb519a8e5ffddc9a7cad3b4e148b658
    Size: 441.41 kB

Asianux Server 4 for x86_64
  1. nspr-4.10.8-2.AXS4.x86_64.rpm
    MD5: 8ffb322e21f930ec1787eb160d856a1f
    SHA-256: 32b0ba5d41e1d395021b3308ebabb862d0a7d0dc36f7f9d3a2e5a88aff859a41
    Size: 112.56 kB
  2. nspr-devel-4.10.8-2.AXS4.x86_64.rpm
    MD5: d56a7f504340c93b7d2cec26ab0781d5
    SHA-256: 4ada70496afd4ec6a2225ec3b16afd0eaec70c99f9bdefd6f22449956494833b
    Size: 110.54 kB
  3. nspr-4.10.8-2.AXS4.i686.rpm
    MD5: 95059841b70a27201e44e9d78932ef10
    SHA-256: c68fe939f7507a9a67db3c9846ee70c45bac81bcf1f85cb52895c94914458063
    Size: 115.61 kB
  4. nspr-devel-4.10.8-2.AXS4.i686.rpm
    MD5: b9352b97dfbdad76bce39fa51b0985ec
    SHA-256: 4020c1b9e4af3c23d6bce694b47fb3a592cffb45a406aa30ca0983d786072895
    Size: 110.95 kB
  5. nss-util-3.19.1-2.AXS4.x86_64.rpm
    MD5: 62bfe4ae5fc21d0d9ad32e0a57aeba4f
    SHA-256: f1038d324c35ccdd4388dff56552a74ec36ad7b71076c4503d688ee740db630c
    Size: 65.52 kB
  6. nss-util-devel-3.19.1-2.AXS4.x86_64.rpm
    MD5: 352921b0943d682607f6b1d2a391ebb6
    SHA-256: e8ead7d6ba812b7f0515d97a8a8319c2ecea2bf87cd4fbace2f56c24f4f4cc85
    Size: 67.15 kB
  7. nss-util-3.19.1-2.AXS4.i686.rpm
    MD5: cad74be1606e3cd951b34a75076fb441
    SHA-256: 17ff4a46491485043c01d9d0175649e045c94c6c6c37127fdc46e71529402fa7
    Size: 65.45 kB
  8. nss-util-devel-3.19.1-2.AXS4.i686.rpm
    MD5: 481c05c074aad9343717f00842881bda
    SHA-256: 4576e0ec96dd840d90310624bbcfd35fe54636ff7f7bbd9e2ed05a7e15b6e1c0
    Size: 67.59 kB
  9. nss-3.19.1-5.AXS4.x86_64.rpm
    MD5: 62d8770dd87e0e39b7a888fc1bb50f37
    SHA-256: 399eb249b91f610a17f22101ffa552af0110dfbd6a39a507e91b02f8e154e095
    Size: 855.68 kB
  10. nss-devel-3.19.1-5.AXS4.x86_64.rpm
    MD5: 597553bb7f6eeca851cc479e9378dd9b
    SHA-256: 921e9f9396652d370c6fcfd463de01c7dd79e1a01ed42c7848e827cd7c06a1cb
    Size: 200.14 kB
  11. nss-sysinit-3.19.1-5.AXS4.x86_64.rpm
    MD5: d1daa2160f5b48753f4b75d951d548d0
    SHA-256: 0e63390e830a14fcec44bca66fa06c6b4169d425b502b28080508cd34c83ce63
    Size: 44.84 kB
  12. nss-tools-3.19.1-5.AXS4.x86_64.rpm
    MD5: 325e923b65bfa74fb6d29e5832b07174
    SHA-256: 73be6c7261827d3f802471b11559f6db3e7e482a1ef574096844873ef40f7af8
    Size: 432.42 kB
  13. nss-3.19.1-5.AXS4.i686.rpm
    MD5: 52e2f86e09d51b648a95e0bb38901b80
    SHA-256: c1822f11646f2855dab93147630a258be2491d35e71382414a1422f6b384f12a
    Size: 859.62 kB
  14. nss-devel-3.19.1-5.AXS4.i686.rpm
    MD5: 052b3c73c845b425f7cafd4a74b8db6f
    SHA-256: a6f61921e036d1fb343dac9c17c7aa9249b121d2ec9e798311c33acd81bcd90b
    Size: 202.02 kB