Synopsis:          Critical: nss and nspr security update
Advisory ID:       SLSA-2014:0916-1
Issue Date:        2014-07-22
CVE Numbers:       CVE-2014-1544
--

A race condition was found in the way NSS verified certain certificates. A
remote attacker could use this flaw to crash an application using NSS or,
possibly, execute arbitrary code with the privileges of the user running
that application. (CVE-2014-1544)

After installing this update, applications using NSS or NSPR must be
restarted for this update to take effect.
--

SL5
  x86_64
    nspr-4.10.6-1.el5_10.i386.rpm
    nspr-4.10.6-1.el5_10.x86_64.rpm
    nspr-debuginfo-4.10.6-1.el5_10.i386.rpm
    nspr-debuginfo-4.10.6-1.el5_10.x86_64.rpm
    nss-3.15.3-7.el5_10.i386.rpm
    nss-3.15.3-7.el5_10.x86_64.rpm
    nss-debuginfo-3.15.3-7.el5_10.i386.rpm
    nss-debuginfo-3.15.3-7.el5_10.x86_64.rpm
    nss-tools-3.15.3-7.el5_10.x86_64.rpm
    nspr-devel-4.10.6-1.el5_10.i386.rpm
    nspr-devel-4.10.6-1.el5_10.x86_64.rpm
    nss-devel-3.15.3-7.el5_10.i386.rpm
    nss-devel-3.15.3-7.el5_10.x86_64.rpm
    nss-pkcs11-devel-3.15.3-7.el5_10.i386.rpm
    nss-pkcs11-devel-3.15.3-7.el5_10.x86_64.rpm
  i386
    nspr-4.10.6-1.el5_10.i386.rpm
    nspr-debuginfo-4.10.6-1.el5_10.i386.rpm
    nss-3.15.3-7.el5_10.i386.rpm
    nss-debuginfo-3.15.3-7.el5_10.i386.rpm
    nss-tools-3.15.3-7.el5_10.i386.rpm
    nspr-devel-4.10.6-1.el5_10.i386.rpm
    nss-devel-3.15.3-7.el5_10.i386.rpm
    nss-pkcs11-devel-3.15.3-7.el5_10.i386.rpm

- Scientific Linux Development Team