Patch-ID# 114050-12 Keywords: nspr nss security Synopsis: SunOS 5.9_x86: NSPR 4.1.6 / NSS 3.3.4.5 Date: Aug/24/2004 Install Requirements: None Solaris Release: 9_x86 SunOS Release: 5.9_x86 Unbundled Product: Unbundled Release: Xref: This patch available for sparc as patch 114049 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 4840298 4840300 4840303 4856631 4856633 4884151 4933535 4945089 4964119 4972840 4991529 5004563 5016209 5025584 5069683 Changes incorporated in this version: 5025584 5069683 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: 114046-02 (or newer) Patches required with this patch: Obsoleted by: Files included with this patch: /usr/lib/mps/libnspr4.so /usr/lib/mps/libnss3.so /usr/lib/mps/libnssckbi.so /usr/lib/mps/libplc4.so /usr/lib/mps/libplds4.so /usr/lib/mps/libsmime3.so /usr/lib/mps/libssl3.so Problem Description: 5069683 SSL2 exploitable buffer overflow (from 114050-11) 5025584 - SUNWprx/SUNWtlsx missing SUNW_ISA=sparcv9 due to patch 114049-09 in s9u7_03 (from 114050-10) 5016209 - Crash in DER_UTCTimeToTime with corrupt certificate (from 114050-09) 4991529 - Improve NSS error messages - serviceability issue 5004563 - Web Server crashes when client presents an invalid cert (from 114050-08) 4972840 - Potential DOS target on NSS libraries (from 114050-07) 4964119 Patch 114049-06 not built correctly (from 114050-06) 4933535 - The JSS client certificate callback API allows one to have a successful handshake 4945089 - ASN1 Decoder can suffer denial of service attacks (from 114050-05) 4884151 Tracking bug for mozilla bugs for NSS 3.3.5/NSPR 4.1.5/JSS 3.1.2.4 (from 114050-04) 4856633 Patch 114050-03 missing the 64 bit binaries (from 114050-03) 4856631 Patch 114050-02 not built correctly (from 114050-02) 4840298 IPv6 support on HPUX 11i (Bugzilla 190865) 4840300 PBE code leaks IV (Bugzilla 193380) (from 114050-01) 4840303 _USE_BIG_FDS flag needed on HPUX 11i. This bug can cause NSPR to run out of available file descriptors in the implementation of PR_Poll on HP-UX. (Bugzilla 188439) Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/114050-12 The following example removes a patch from a standalone system: example# patchrm 114050-12 For additional examples please see the appropriate man pages. Special Install Instructions: -------------------- None. README -- Last modified date: Tuesday, August 24, 2004