Bug 869827 (CVE-2014-1492)

Summary: VUL-1: CVE-2014-1492: mozilla-nss: 3.16 update fixes a wildcard ipname verification issue
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Petr Cerny <pcerny>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: meissner, security-team, smash_bz, wolfgang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/97266/
Whiteboard: maint:released:sle11-sp3:57178 maint:released:sle11-sp1:57176 maint:released:sle11-sp2:57179 maint:released:sle10-sp3:57514 maint:released:sle10-sp3:57516 maint:released:sle10-sp4:57515
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2014-03-24 07:41:39 UTC
via rh bugzilla and mozilla announcement:

https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes

In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. This was not properly implemented in NSS, as a result it did not handle IDNA domain prefixes according to RFC 6125, section 6.4.3 "Checking of Wildcard Certificates". http://tools.ietf.org/html/rfc6125#section-6.4.3

Upstream patch:

https://hg.mozilla.org/projects/nss/rev/709d4e597979

This issue was fixed in nss-3.16:
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes

https://bugzilla.redhat.com/show_bug.cgi?id=1079851
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492
Comment 1 Wolfgang Rosenauer 2014-03-24 09:24:31 UTC
NSS 3.16 is in mozilla:Factory with pending request to openSUSE:Factory (also in mozilla).
Should I submit it to maintained dists?
Comment 2 Marcus Meissner 2014-03-24 16:00:10 UTC
can you enlighten me to what kind of release 3.16 is? is it a stable release?
Comment 3 Marcus Meissner 2014-03-24 16:47:07 UTC
given the certdata update we should update this sometime soon in the future.

i think it will come as a prereq for Firefox 29, right?

we could do it them.
Comment 4 Wolfgang Rosenauer 2014-03-24 18:41:38 UTC
(In reply to comment #2)
> can you enlighten me to what kind of release 3.16 is? is it a stable release?

yes, it is a stable one. It is named a "minor release" in the release announcement on the mailing list.

(In reply to comment #3)
> given the certdata update we should update this sometime soon in the future.
> 
> i think it will come as a prereq for Firefox 29, right?
> 
> we could do it them.

yes, Firefox 29 will require it
Comment 5 Swamp Workflow Management 2014-03-24 23:00:10 UTC
bugbot adjusting priority
Comment 6 Wolfgang Rosenauer 2014-04-30 07:04:08 UTC
NSS 3.16 is now submitted along with bug 875378
Comment 8 Swamp Workflow Management 2014-05-13 19:53:47 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations, libfreebl3, libfreebl3-32bit, libfreebl3-64bit, libfreebl3-x86, libsoftokn3, libsoftokn3-32bit, libsoftokn3-64bit, libsoftokn3-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-64bit, mozilla-nss-debuginfo, mozilla-nss-debuginfo-32bit, mozilla-nss-debuginfo-64bit, mozilla-nss-debuginfo-x86, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 9 Swamp Workflow Management 2014-05-13 23:04:37 UTC
SUSE-SU-2014:0638-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 865539,869827,875378,875803
CVE References: CVE-2014-1518,CVE-2014-1520,CVE-2014-1523,CVE-2014-1524,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-24.5.0esr-0.8.1, mozilla-nspr-4.10.4-0.3.1, mozilla-nss-3.16-0.8.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-24.5.0esr-0.8.1, mozilla-nspr-4.10.4-0.3.1, mozilla-nss-3.16-0.8.1
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-24.5.0esr-0.8.1, MozillaFirefox-branding-SLED-24-0.7.36, mozilla-nspr-4.10.4-0.3.1, mozilla-nss-3.16-0.8.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-24.5.0esr-0.8.1, MozillaFirefox-branding-SLED-24-0.7.36, mozilla-nspr-4.10.4-0.3.1, mozilla-nss-3.16-0.8.1
Comment 10 Swamp Workflow Management 2014-05-15 18:08:56 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations, libfreebl3, mozilla-nss, mozilla-nss-debuginfo, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-tools
Products:
SLE-DEBUGINFO 11-SP1-TERADATA (x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 11 Swamp Workflow Management 2014-05-15 20:45:25 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations, libfreebl3, libfreebl3-32bit, libfreebl3-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-debuginfo, mozilla-nss-debuginfo-32bit, mozilla-nss-debuginfo-x86, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64)
SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
Comment 12 Swamp Workflow Management 2014-05-15 20:48:55 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations, libfreebl3, libfreebl3-32bit, libfreebl3-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-debuginfo, mozilla-nss-debuginfo-32bit, mozilla-nss-debuginfo-x86, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86
Products:
SLE-DEBUGINFO 11-SP2 (i386, s390x, x86_64)
SLE-SERVER 11-SP2-LTSS (i386, s390x, x86_64)
Comment 13 Swamp Workflow Management 2014-05-16 00:04:40 UTC
SUSE-SU-2014:0638-2: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 865539,869827,875378,875803
CVE References: CVE-2014-1518,CVE-2014-1520,CVE-2014-1523,CVE-2014-1524,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    MozillaFirefox-24.5.0esr-0.3.1, MozillaFirefox-branding-SLED-24-0.4.10.14, mozilla-nspr-4.10.4-0.3.1, mozilla-nss-3.16-0.3.1
Comment 14 Swamp Workflow Management 2014-05-16 00:05:29 UTC
SUSE-SU-2014:0665-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 865539,869827,875378
CVE References: CVE-2014-1492,CVE-2014-1518,CVE-2014-1523,CVE-2014-1524,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    MozillaFirefox-24.5.0esr-0.3.1, MozillaFirefox-branding-SLED-24-0.4.10.14, mozilla-nspr-4.10.4-0.3.1, mozilla-nss-3.16-0.3.1
Comment 15 Swamp Workflow Management 2014-05-28 15:20:27 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-devel, MozillaFirefox-translations, firefox-atk, firefox-atk-32bit, firefox-atk-debuginfo, firefox-atk-devel, firefox-atk-devel-32bit, firefox-atk-doc, firefox-atk-lang, firefox-atk-x86, firefox-cairo, firefox-cairo-32bit, firefox-cairo-debuginfo, firefox-cairo-devel, firefox-cairo-doc, firefox-cairo-x86, firefox-fontconfig, firefox-fontconfig-32bit, firefox-fontconfig-debuginfo, firefox-fontconfig-devel, firefox-fontconfig-x86, firefox-freetype2, firefox-freetype2-32bit, firefox-freetype2-debuginfo, firefox-freetype2-devel, firefox-freetype2-x86, firefox-glib2, firefox-glib2-32bit, firefox-glib2-debuginfo, firefox-glib2-devel, firefox-glib2-doc, firefox-glib2-lang, firefox-glib2-x86, firefox-gtk2, firefox-gtk2-32bit, firefox-gtk2-debuginfo, firefox-gtk2-devel, firefox-gtk2-doc, firefox-gtk2-lang, firefox-gtk2-x86, firefox-libgcc_s1, firefox-libstdc++6, firefox-pango, firefox-pango-32bit, firefox-pango-debuginfo, firefox-pango-devel, firefox-pango-doc, firefox-pango-x86, firefox-pcre, firefox-pcre-32bit, firefox-pcre-debuginfo, firefox-pcre-devel, firefox-pcre-x86, firefox-pixman, firefox-pixman-32bit, firefox-pixman-debuginfo, firefox-pixman-devel, firefox-pixman-x86, mozilla-nspr, mozilla-nspr-32bit, mozilla-nspr-debuginfo, mozilla-nspr-devel, mozilla-nspr-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-debuginfo, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86, mozilla-xulrunner191, mozilla-xulrunner191-32bit, mozilla-xulrunner191-debuginfo, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-gnomevfs-32bit, mozilla-xulrunner191-gnomevfs-x86, mozilla-xulrunner191-translations, mozilla-xulrunner191-translations-32bit, mozilla-xulrunner191-translations-x86, mozilla-xulrunner191-x86, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86, python-xpcom191
Products:
SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
Comment 16 Marcus Meissner 2014-05-28 15:47:12 UTC
released
Comment 17 Swamp Workflow Management 2014-05-28 16:05:00 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-devel, MozillaFirefox-translations, firefox-atk, firefox-atk-32bit, firefox-atk-debuginfo, firefox-atk-devel, firefox-atk-devel-32bit, firefox-atk-doc, firefox-atk-lang, firefox-atk-x86, firefox-cairo, firefox-cairo-32bit, firefox-cairo-debuginfo, firefox-cairo-devel, firefox-cairo-doc, firefox-cairo-x86, firefox-fontconfig, firefox-fontconfig-32bit, firefox-fontconfig-debuginfo, firefox-fontconfig-devel, firefox-fontconfig-x86, firefox-freetype2, firefox-freetype2-32bit, firefox-freetype2-debuginfo, firefox-freetype2-devel, firefox-freetype2-x86, firefox-glib2, firefox-glib2-32bit, firefox-glib2-debuginfo, firefox-glib2-devel, firefox-glib2-doc, firefox-glib2-lang, firefox-glib2-x86, firefox-gtk2, firefox-gtk2-32bit, firefox-gtk2-debuginfo, firefox-gtk2-devel, firefox-gtk2-doc, firefox-gtk2-lang, firefox-gtk2-x86, firefox-libgcc_s1, firefox-libstdc++6, firefox-pango, firefox-pango-32bit, firefox-pango-debuginfo, firefox-pango-devel, firefox-pango-doc, firefox-pango-x86, firefox-pcre, firefox-pcre-32bit, firefox-pcre-debuginfo, firefox-pcre-devel, firefox-pcre-x86, firefox-pixman, firefox-pixman-32bit, firefox-pixman-debuginfo, firefox-pixman-devel, firefox-pixman-x86, mozilla-nspr, mozilla-nspr-32bit, mozilla-nspr-debuginfo, mozilla-nspr-devel, mozilla-nspr-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-debuginfo, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86, mozilla-xulrunner191, mozilla-xulrunner191-32bit, mozilla-xulrunner191-debuginfo, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-gnomevfs-32bit, mozilla-xulrunner191-gnomevfs-x86, mozilla-xulrunner191-translations, mozilla-xulrunner191-translations-32bit, mozilla-xulrunner191-translations-x86, mozilla-xulrunner191-x86, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86, python-xpcom191
Products:
SLE-DEBUGINFO 10-SP3-TERADATA (x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 18 Swamp Workflow Management 2014-05-28 16:46:58 UTC
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-devel, MozillaFirefox-translations, firefox-atk, firefox-atk-32bit, firefox-atk-debuginfo, firefox-atk-devel, firefox-atk-devel-32bit, firefox-atk-doc, firefox-atk-lang, firefox-atk-x86, firefox-cairo, firefox-cairo-32bit, firefox-cairo-debuginfo, firefox-cairo-devel, firefox-cairo-doc, firefox-cairo-x86, firefox-fontconfig, firefox-fontconfig-32bit, firefox-fontconfig-debuginfo, firefox-fontconfig-devel, firefox-fontconfig-x86, firefox-freetype2, firefox-freetype2-32bit, firefox-freetype2-debuginfo, firefox-freetype2-devel, firefox-freetype2-x86, firefox-glib2, firefox-glib2-32bit, firefox-glib2-debuginfo, firefox-glib2-devel, firefox-glib2-doc, firefox-glib2-lang, firefox-glib2-x86, firefox-gtk2, firefox-gtk2-32bit, firefox-gtk2-debuginfo, firefox-gtk2-devel, firefox-gtk2-doc, firefox-gtk2-lang, firefox-gtk2-x86, firefox-libgcc_s1, firefox-libstdc++6, firefox-pango, firefox-pango-32bit, firefox-pango-debuginfo, firefox-pango-devel, firefox-pango-doc, firefox-pango-x86, firefox-pcre, firefox-pcre-32bit, firefox-pcre-debuginfo, firefox-pcre-devel, firefox-pcre-x86, firefox-pixman, firefox-pixman-32bit, firefox-pixman-debuginfo, firefox-pixman-devel, firefox-pixman-x86, mozilla-nspr, mozilla-nspr-32bit, mozilla-nspr-debuginfo, mozilla-nspr-devel, mozilla-nspr-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-debuginfo, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86, mozilla-xulrunner191, mozilla-xulrunner191-32bit, mozilla-xulrunner191-debuginfo, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-gnomevfs-32bit, mozilla-xulrunner191-gnomevfs-x86, mozilla-xulrunner191-translations, mozilla-xulrunner191-translations-32bit, mozilla-xulrunner191-translations-x86, mozilla-xulrunner191-x86, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86, python-xpcom191
Products:
SLE-DEBUGINFO 10-SP4 (i386, s390x, x86_64)
SLE-SERVER 10-SP4-LTSS (i386, s390x, x86_64)
Comment 19 Swamp Workflow Management 2014-05-28 19:04:42 UTC
SUSE-SU-2014:0665-2: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 865539,869827,875378
CVE References: CVE-2014-1492,CVE-2014-1518,CVE-2014-1523,CVE-2014-1524,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532
Sources used:
SUSE Linux Enterprise Server 10 SP3 LTSS (src):    MozillaFirefox-24.5.0esr-0.7.2, MozillaFirefox-branding-SLED-24-0.12.1, firefox-atk-1.28.0-0.7.3, firefox-cairo-1.8.0-0.10.2, firefox-fontconfig-2.6.0-0.7.1, firefox-freetype2-2.3.7-0.35.1, firefox-gcc47-4.7.2_20130108-0.22.1, firefox-glib2-2.22.5-0.13.3, firefox-gtk2-2.18.9-0.9.2, firefox-pango-1.26.2-0.9.2, firefox-pcre-7.8-0.8.1, firefox-pixman-0.16.0-0.7.1, mozilla-nspr-4.10.4-0.5.1, mozilla-nss-3.16-0.5.1, mozilla-xulrunner191-1.9.1.19-0.13.3, mozilla-xulrunner192-1.9.2.28-0.13.4
Comment 20 Swamp Workflow Management 2014-05-28 20:05:17 UTC
SUSE-SU-2014:0727-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 869827
CVE References: CVE-2014-1492,CVE-2014-1518,CVE-2014-1523,CVE-2014-1524,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    MozillaFirefox-24.5.0esr-0.7.2, MozillaFirefox-branding-SLED-24-0.12.1, firefox-atk-1.28.0-0.7.3, firefox-cairo-1.8.0-0.10.2, firefox-fontconfig-2.6.0-0.7.1, firefox-freetype2-2.3.7-0.35.1, firefox-gcc47-4.7.2_20130108-0.22.1, firefox-glib2-2.22.5-0.13.3, firefox-gtk2-2.18.9-0.9.2, firefox-pango-1.26.2-0.9.2, firefox-pcre-7.8-0.8.1, firefox-pixman-0.16.0-0.7.1, mozilla-nspr-4.10.4-0.5.1, mozilla-nss-3.16-0.5.1, mozilla-xulrunner191-1.9.1.19-0.13.3, mozilla-xulrunner192-1.9.2.28-0.13.4