10 | | Not found |
| 17 | [ANNOUNCE] NSPR 4.10.10 Release |
| 18 | Kai Engert-4 |
| 19 | |
| 20 | The NSPR 4.10.10 release is now available. The hg tag is |
| 21 | NSPR_4_10_10_RTM. The source tar file can be downloaded from |
| 22 | https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.10.10/src/ |
| 23 | |
| 24 | Security Advisories |
| 25 | |
| 26 | The following security-relevant bugs have been resolved in NSPR 4.10.10. |
| 27 | Users are encouraged to upgrade immediately. |
| 28 | |
| 29 | - Bug 1205157 (CVE-2015-7183) |
| 30 | |
| 31 | A logic bug in the handling of large allocations would allow |
| 32 | exceptionally large allocations to be reported as successful, without |
| 33 | actually allocating the requested memory. This may allow attackers to |
| 34 | bypass security checks and obtain control of arbitrary memory. |
| 35 | |
| 36 | This issue affects applications that were compiled with or linked |
| 37 | against an affected NSPR version; to resolve this issue, affected |
| 38 | applications must be recompiled with a non-affected NSPR version. |
| 39 | |
| 40 | NSPR 4.10.10 has the following additional bug fixes: |
| 41 | |
| 42 | - Bug 1199867: Fixed a regression that broke 32-bits mips w/ glibc |