Patch-ID# 115926-10 Keywords: nspr nss security jss Synopsis: SunOS 5.9: NSPR 4.1.6 / NSS 3.3.11 / JSS 3.1.4 Date: Aug/09/2004 Install Requirements: None Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: NSS/JSS/NSPR Unbundled Release: 3.3.11 Xref: This patch available for i386 as patch 115927 Topic: Relevant Architectures: sparc BugId's fixed with this patch: 4877287 4885952 4886464 4888311 4903564 4933535 4945089 4961743 4972840 4991529 5004563 5009031 5011517 5016209 5016498 5044857 5069683 5083437 Changes incorporated in this version: 5083437 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/lib/mps/secv1/64 /usr/lib/mps/secv1/cpu/sparcv8plus/libnspr_flt4.so /usr/lib/mps/secv1/libfreebl_hybrid_3.so /usr/lib/mps/secv1/libfreebl_pure32_3.so /usr/lib/mps/secv1/libjss3.so /usr/lib/mps/secv1/libnspr4.so /usr/lib/mps/secv1/libnss3.so /usr/lib/mps/secv1/libnssckbi.so /usr/lib/mps/secv1/libplc4.so /usr/lib/mps/secv1/libplds4.so /usr/lib/mps/secv1/libsmime3.so /usr/lib/mps/secv1/libssl3.so /usr/lib/mps/secv1/sparcv9/libjss3.so /usr/lib/mps/secv1/sparcv9/libnspr4.so /usr/lib/mps/secv1/sparcv9/libnss3.so /usr/lib/mps/secv1/sparcv9/libnssckbi.so /usr/lib/mps/secv1/sparcv9/libplc4.so /usr/lib/mps/secv1/sparcv9/libplds4.so /usr/lib/mps/secv1/sparcv9/libsmime3.so /usr/lib/mps/secv1/sparcv9/libssl3.so /usr/sfw/bin/64 /usr/sfw/bin/certutil /usr/sfw/bin/cmsutil /usr/sfw/bin/crlutil /usr/sfw/bin/modutil /usr/sfw/bin/pk12util /usr/sfw/bin/signtool /usr/sfw/bin/signver /usr/sfw/bin/sparcv9/certutil /usr/sfw/bin/sparcv9/cmsutil /usr/sfw/bin/sparcv9/crlutil /usr/sfw/bin/sparcv9/modutil /usr/sfw/bin/sparcv9/pk12util /usr/sfw/bin/sparcv9/signtool /usr/sfw/bin/sparcv9/signver /usr/sfw/bin/sparcv9/ssltap /usr/sfw/bin/ssltap /usr/share/lib/mps/secv1/jss3.jar /usr/share/lib/mps/secv1/sparcv9/jss3.jar Problem Description: 5083437 Regression in JSS asserts breaks SSLSockets in PS 6.1 (from 115926-09) 5069683 SSL2 exploitable buffer overflow 4877287 NSS / JSS : Library crash in SSL Handshaking if certificate has AIAExtension 5044857 null pointer dereference causes crash in CERT_NameToAscii 5009031 Build 0303.5: amadmin based acceptance tests fail with JVM abort on Linux 4961743 Gateway crashes with OOMErrors with AS 7.0 U1/ WS 6.1 and NSS Package 3.3.7 (from 115926-08) 5016209 Crash in DER_UTCTimeToTime with corrupt certificate (from 115926-07) 5016498 JES 2 Build 8 has incorrect Security 115924 and 115926 patches (from 115926-06) 5011517 SUNWtlsu tools are missing/corrupt on SPARC and x86 Solaris (from 115926-05) 4991529 - improve NSS error messages - serviceability issue 5004563 - Web Server crashes when client presents an invalid cert (from 115926-04) 4972840 - potential DOS target on NSS libraries (from 115926-03) 4933535 - JSS client certificate callback API allows one to have a successful handshake 4945089 - ASN1 Decoder can suffer denial of service attacks (from 115926-02) 4888311 CertStore.delete certificate does not work for CA certificate 4886464 SSL Client authentication is not working 4885952 JVM crash occuring during SSLSocket.read() (from 115926-01) 4903564 Security libraries (3.3.5+) for Orion should install in new location Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- None. README -- Last modified date: Friday, August 27, 2004