Google security researcher Tavis Ormandy reported a runaway memset in certificate parsing on 64-bit computers leading to a crash by attempting to write 4Gb of nulls. Upstream patch: https://hg.mozilla.org/projects/nss/rev/612d7d1eb9e7 Release notes: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes External Reference: http://www.mozilla.org/security/announce/2013/mfsa2013-103.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tavis Ormandy as the original reporter of this issue.
Created nss tracking bugs for this issue: Affects: fedora-all [bug 1031897]
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1791 https://rhn.redhat.com/errata/RHSA-2013-1791.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1829 https://rhn.redhat.com/errata/RHSA-2013-1829.html
nss-3.15.3-2.fc20, nss-softokn-3.15.3-1.fc20, nss-util-3.15.3-1.fc20, nspr-4.10.2-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.