Overview Repositories Revisions Requests Users Attributes Meta
mozilla-nss: Security update to 3.13.1

The Mozilla NSS libraries were updated to version 3.13.1
to fix various bugs and security problems.

Following security issues were fixed:
* SSL 2.0 is disabled by default
* A defense against the SSL 3.0 and TLS 1.0 CBC chosen
plaintext attack demonstrated by Rizzo and Duong
(CVE-2011-3389) is enabled by default. Set the
SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.
bnc#
* SHA-224 is supported
* NSS_NoDB_Init does not try to open /pkcs11.txt and
/secmod.db anymore (bmo#641052, bnc#726096)
(CVE-2011-3640)

Also following bugs were fixed:
* fix spec file syntax for qemu-workaround
* Added a patch to fix errors in the pkcs11n.h header file.
(bmo#702090)
* better SHA-224 support (bmo#647706)
* SHA-224 is supported
* Added PORT_ErrorToString and PORT_ErrorToName to return
the error message and symbolic name of an NSS error code
* Added NSS_GetVersion to return the NSS version string
* Added experimental support of RSA-PSS to the softoken only

Fixed bugs
bnc#726096
VUL-0: mozilla-nss: Did honour /pkcs11.txt and /secmod.db files by initialization
CVE#CVE-2011-3389
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-t
CVE#CVE-2011-3640
** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directo
Selected Binaries
openSUSE Build Service is sponsored by
Places