[Oraclevm-errata] OVMSA-2015-0145 Critical: Oracle VM 3.3 nss, nss-util, and nspr security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu Nov 5 07:09:59 PST 2015


Oracle VM Security Advisory OVMSA-2015-0145

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
nspr-4.10.8-2.el6_7.x86_64.rpm
nss-3.19.1-5.0.1.el6_7.x86_64.rpm
nss-sysinit-3.19.1-5.0.1.el6_7.x86_64.rpm
nss-tools-3.19.1-5.0.1.el6_7.x86_64.rpm
nss-util-3.19.1-2.el6_7.x86_64.rpm

SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/nspr-4.10.8-2.el6_7.src.rpm
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/nss-3.19.1-5.0.1.el6_7.src.rpm
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/nss-util-3.19.1-2.el6_7.src.rpm



Description of changes:

nspr
[4.10.8-2]
- Resolves: Bug 1269360 - CVE-2015-7183
- nspr: heap-buffer overflow in PL_ARENA_ALLOCATE can lead to crash 
(under ASAN), potential memory corruption

nss
[3.19.1-5.0.1]
- Added nss-vendor.patch to change vendor

[3.19.1-5]
- Rebuild against updated NSPR

[3.19.1-4]
- Sync up with the rhel-6.6 branch
- Resolves: Bug 1224450

nss-util
[3.19.1-2]
- Resolves: Bug 1269355 - CVE-2015-7182 CVE-2015-7181




More information about the Oraclevm-errata mailing list