Mandriva Linux Security Advisory : nss (MDVSA-2013:257)
Medium Nessus Plugin ID 70573
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in mozilla NSS :
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure (CVE-2013-1739).
The updated mozilla NSS and NSPR packages have been upgraded to the latest versions where the CVE-2013-1739 flaw has been fixed in NSS.
The rootcerts packages have been upgraded providing the latest root CA certs from mozilla as of 2013/04/11.
The sqlite3 packages for mes5 have been upgraded to the 3.7.17 version to satisfy the requirements for a future upcoming Firefox 24 ESR advisory.
SolutionUpdate the affected packages.