ID CVE-2016-1978
Summary Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
References
Vulnerable Configurations
  • Mozilla Firefox 43.0.4
    cpe:2.3:a:mozilla:firefox:43.0.4
  • Mozilla Network Security Services 3.20.1
    cpe:2.3:a:mozilla:network_security_services:3.20.1
CVSS
Base: 7.5 (as of 24-06-2016 - 18:52)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0727-1.NASL
    description This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues : - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs : - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894) : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 89929
    published 2016-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89929
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0727-1)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_44.NASL
    description The version of Firefox installed on the remote Windows host is prior to 44. It is, therefore, affected by the following vulnerabilities : - A cookie injection vulnerability exists due to illegal control characters being stored as cookie values in violation of RFC6265. A remote attacker can exploit this to inject cookies. (CVE-2015-7208) - Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-1930, CVE-2016-1931) - An integer overflow condition exists due to improper parsing of GIF images during deinterlacing. A remote attacker can exploit this, via a specially crafted GIF image, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1933) - A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935) - A content spoofing vulnerability exists due to the protocol handler dialog treating double click events as two single click events. A remote attacker can exploit this to spoof content, allowing the attacker to trick a user into performing malicious actions. (CVE-2016-1937) - A cryptographic weakness exists in Network Security Services (NSS) due to incorrect calculations with 'mp_div' and 'mp_exptmod'. (CVE-2016-1938) - A cookie injection vulnerability exists due to illegal control characters being permitted in cookie names. A remote attacker can exploit this to inject cookies. (CVE-2016-1939) - An URL spoofing vulnerability exists due to a flaw that is triggered during the handling of a URL that invalid for the internal protocol, causing the URL to be pasted into the address bar. A remote attacker can exploit this spoof URLs, allowing the attacker to trick a user into visiting a malicious website. (CVE-2016-1942) - An unspecified memory corruption issue exists in the ANGLE graphics library implementation. A remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-1944) - A wild pointer flaw exists due to improper handling of ZIP files. A remote attacker can exploit this, via a crafted ZIP file, to have an unspecified impact. (CVE-2016-1945) - An integer overflow condition exists in the bundled version of libstagefright due to improper handling of MP4 file metadata. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1946) - A flaw exists in the safe browsing feature due to the Application Reputation service being unreachable. A remote attacker can exploit this to convince a user into downloading a malicious executable without being warned. (CVE-2016-1947) - A use-after-free error exists in Network Security Services (NSS) due to improper handling of failed allocations during DHE and ECDHE handshakes. An attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-1978)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 88461
    published 2016-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88461
    title Firefox < 44 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0909-1.NASL
    description This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues : - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs : - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894) : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 90263
    published 2016-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90263
    title SUSE SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0909-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-480.NASL
    description This security update fixes serious security issues in NSS including arbitrary code execution and remote denial service attacks. For Debian 7 'wheezy', these problems have been fixed in 3.14.5-1+deb7u6. We recommend you upgrade your nss packages as soon as possible. CVE-2015-7181 The sec_asn1d_parse_leaf function improperly restricts access to an unspecified data structure. CVE-2015-7182 Heap-based buffer overflow in the ASN.1 decoder. CVE-2016-1938 The s_mp_div function in lib/freebl/mpi/mpi.c in improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms. CVE-2016-1950 Heap-based buffer overflow allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. CVE-2016-1978 Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. CVE-2016-1979 Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 91242
    published 2016-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91242
    title Debian DLA-480-1 : nss security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201605-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-04-05
    plugin id 91379
    published 2016-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91379
    title GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_44.NASL
    description The version of Firefox installed on the remote Mac OS X host is prior to 44. It is, therefore, affected by the following vulnerabilities : - A cookie injection vulnerability exists due to illegal control characters being stored as cookie values in violation of RFC6265. A remote attacker can exploit this to inject cookies. (CVE-2015-7208) - Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-1930, CVE-2016-1931) - An integer overflow condition exists due to improper parsing of GIF images during deinterlacing. A remote attacker can exploit this, via a specially crafted GIF image, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1933) - A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935) - A content spoofing vulnerability exists due to the protocol handler dialog treating double click events as two single click events. A remote attacker can exploit this to spoof content, allowing the attacker to trick a user into performing malicious actions. (CVE-2016-1937) - A cryptographic weakness exists in Network Security Services (NSS) due to incorrect calculations with 'mp_div' and 'mp_exptmod'. (CVE-2016-1938) - A cookie injection vulnerability exists due to illegal control characters being permitted in cookie names. A remote attacker can exploit this to inject cookies. (CVE-2016-1939) - An URL spoofing vulnerability exists due to a flaw that is triggered during the handling of a URL that invalid for the internal protocol, causing the URL to be pasted into the address bar. A remote attacker can exploit this spoof URLs, allowing the attacker to trick a user into visiting a malicious website. (CVE-2016-1942) - An unspecified memory corruption issue exists in the ANGLE graphics library implementation. A remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-1944) - A wild pointer flaw exists due to improper handling of ZIP files. A remote attacker can exploit this, via a crafted ZIP file, to have an unspecified impact. (CVE-2016-1945) - An integer overflow condition exists in the bundled version of libstagefright due to improper handling of MP4 file metadata. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1946) - A flaw exists in the safe browsing feature due to the Application Reputation service being unreachable. A remote attacker can exploit this to convince a user into downloading a malicious executable without being warned. (CVE-2016-1947) - A use-after-free error exists in Network Security Services (NSS) due to improper handling of failed allocations during DHE and ECDHE handshakes. An attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-1978)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 88459
    published 2016-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88459
    title Firefox < 44 Multiple Vulnerabilities (Mac OS X)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_750915166F4B405998846727023DC366.NASL
    description Mozilla Foundation reports : Security researcher Hanno Bock reported that calculations with mp_div and mp_exptmod in Network Security Services (NSS) can produce wrong results in some circumstances. These functions are used within NSS for a variety of cryptographic division functions, leading to potential cryptographic weaknesses. Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 89766
    published 2016-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89766
    title FreeBSD : NSS -- multiple vulnerabilities (75091516-6f4b-4059-9884-6727023dc366)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0820-1.NASL
    description Mozilla Firefox was updated to 38.7.0 ESR, fixing the following security issues : MFSA 2016-16/CVE-2016-1952/CVE-2016-1953: Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) MFSA 2016-17/CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-20/CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing MFSA 2016-21/CVE-2016-1958: Displayed page address can be overridden MFSA 2016-23/CVE-2016-1960: Use-after-free in HTML5 string parser MFSA 2016-24/CVE-2016-1961: Use-after-free in SetBody MFSA 2016-25/CVE-2016-1962: Use-after-free when using multiple WebRTC data channels MFSA 2016-27/CVE-2016-1964: Use-after-free during XML transformations MFSA 2016-28/CVE-2016-1965: Addressbar spoofing though history navigation and Location protocol property MFSA 2016-31/CVE-2016-1966: Memory corruption with malicious NPAPI plugin MFSA 2016-34/CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in NSS MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802: Font vulnerabilities in the Graphite 2 library. Mozilla NSPR was updated to version 4.12, fixing following bugs : Added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. Fixed a memory allocation bug related to the PR_*printf functions Exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 Several minor correctness and compatibility fixes. Mozilla NSS was updated to fix security issues : MFSA 2016-15/CVE-2016-1978: Use-after-free in NSS during SSL connections in low memory MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in NSS MFSA 2016-36/CVE-2016-1979: Use-after-free during processing of DER encoded keys in NSS. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 90065
    published 2016-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90065
    title SUSE SLES10 Security Update : MozillaFirefox (SUSE-SU-2016:0820-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0777-1.NASL
    description This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894) - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 A memory leak in libstagefright when deleting an array during MP4 processing was fixed. - MFSA 2016-21/CVE-2016-1958 The displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 A use-after-free in HTML5 string parser was fixed. - MFSA 2016-24/CVE-2016-1961 A use-after-free in SetBody was fixed. - MFSA 2016-25/CVE-2016-1962 A use-after-free when using multiple WebRTC data channels was fixed. - MFSA 2016-27/CVE-2016-1964 A use-after-free during XML transformations was fixed. - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property was fixed. - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin was fixed. - MFSA 2016-34/CVE-2016-1974 A out-of-bounds read in the HTML parser following a failed allocation was fixed. - MFSA 2016-35/CVE-2016-1950 A buffer overflow during ASN.1 decoding in NSS was fixed. - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Various font vulnerabilities were fixed in the embedded Graphite 2 library Mozilla NSS was updated to fix : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Mozilla NSPR was updated to version 4.12 (bsc#969894) - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes - Enable atomic instructions on mips (bmo#1129878) - Fix mips assertion failure when creating thread with custom stack size (bmo#1129968) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 89990
    published 2016-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89990
    title SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0777-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2973-1.NASL
    description Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2805, CVE-2016-2807) Hanno Bock discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. (CVE-2016-1938) A use-after-free was discovered in ssl3_HandleECDHServerKeyExchange in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1978) A use-after-free was discovered in PK11_ImportDERPrivateKeyInfoAndReturnKey in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1979). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 91258
    published 2016-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91258
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : thunderbird vulnerabilities (USN-2973-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3688.NASL
    description Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. - CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Security (TLS). - CVE-2015-7181 CVE-2015-7182 CVE-2016-1950 Tyson Smith, David Keeler, and Francis Gabriel discovered heap-based buffer overflows in the ASN.1 DER parser, potentially leading to arbitrary code execution. - CVE-2015-7575 Karthikeyan Bhargavan discovered that TLS client implementation accepted MD5-based signatures for TLS 1.2 connections with forward secrecy, weakening the intended security strength of TLS connections. - CVE-2016-1938 Hanno Boeck discovered that NSS miscomputed the result of integer division for certain inputs. This could weaken the cryptographic protections provided by NSS. However, NSS implements RSA-CRT leak hardening, so RSA private keys are not directly disclosed by this issue. - CVE-2016-1978 Eric Rescorla discovered a use-after-free vulnerability in the implementation of ECDH-based TLS handshakes, with unknown consequences. - CVE-2016-1979 Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER processing, with application-specific impact. - CVE-2016-2834 Tyson Smith and Jed Davis discovered unspecified memory-safety bugs in NSS. In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges. This update contains further correctness and stability fixes without immediate security impact.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 93871
    published 2016-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93871
    title Debian DSA-3688-1 : nss - security update (Logjam) (SLOTH)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1017.NASL
    description According to the versions of the nss nspr nss-softokn nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.(CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99780
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99780
    title EulerOS 2.0 SP1 : nss nspr nss-softokn nss-util (EulerOS-SA-2016-1017)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0684.NASL
    description An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90721
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90721
    title CentOS 5 : nspr / nss (CESA-2016:0684)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0591.NASL
    description An update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90367
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90367
    title CentOS 6 : nspr / nss / nss-util (CESA-2016:0591)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0684.NASL
    description An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90748
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90748
    title RHEL 5 : nss and nspr (RHSA-2016:0684)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0685.NASL
    description From Red Hat Security Advisory 2016:0685 : An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 90746
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90746
    title Oracle Linux 7 : nspr / nss / nss-softokn / nss-util (ELSA-2016-0685)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0684.NASL
    description From Red Hat Security Advisory 2016:0684 : An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 90745
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90745
    title Oracle Linux 5 : nspr / nss (ELSA-2016-0684)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-702.NASL
    description A use-after-free flaw was found in the way NSS handled DHE (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 91240
    published 2016-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91240
    title Amazon Linux AMI : nspr / nss-util,nss,nss-softokn (ALAS-2016-702)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0685.NASL
    description An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90749
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90749
    title RHEL 7 : nss, nspr, nss-softokn, and nss-util (RHSA-2016:0685)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160405_NSS__NSS_UTIL__AND_NSPR_ON_SL6_X.NASL
    description The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (Diffie- Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 90392
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90392
    title Scientific Linux Security Update : nss, nss-util, and nspr on SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0685.NASL
    description An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90722
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90722
    title CentOS 7 : nspr / nss / nss-softokn / nss-util (CESA-2016:0685)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160425_NSS__NSPR__NSS_SOFTOKN__AND_NSS_UTIL_ON_SL7_X.NASL
    description The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Bug Fix(es) : - The nss-softokn package has been updated to be compatible with NSS 3.21.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 90751
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90751
    title Scientific Linux Security Update : nss, nspr, nss-softokn, and nss-util on SL7.x x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0591.NASL
    description From Red Hat Security Advisory 2016:0591 : An update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 90383
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90383
    title Oracle Linux 6 : nspr / nss / nss-util (ELSA-2016-0591)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160425_NSS_AND_NSPR_ON_SL5_X.NASL
    description The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (Diffie- Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 90752
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90752
    title Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0591.NASL
    description An update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90386
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90386
    title RHEL 6 : nss, nss-util, and nspr (RHSA-2016:0591)
redhat via4
advisories
  • rhsa
    id RHSA-2016:0591
  • rhsa
    id RHSA-2016:0684
  • rhsa
    id RHSA-2016:0685
rpms
  • nspr-0:4.11.0-0.1.el6_7
  • nspr-devel-0:4.11.0-0.1.el6_7
  • nss-util-0:3.21.0-0.3.el6_7
  • nss-util-devel-0:3.21.0-0.3.el6_7
  • nss-0:3.21.0-0.3.el6_7
  • nss-devel-0:3.21.0-0.3.el6_7
  • nss-pkcs11-devel-0:3.21.0-0.3.el6_7
  • nss-sysinit-0:3.21.0-0.3.el6_7
  • nss-tools-0:3.21.0-0.3.el6_7
  • nspr-0:4.11.0-1.el5_11
  • nspr-devel-0:4.11.0-1.el5_11
  • nss-0:3.21.0-6.el5_11
  • nss-devel-0:3.21.0-6.el5_11
  • nss-pkcs11-devel-0:3.21.0-6.el5_11
  • nss-tools-0:3.21.0-6.el5_11
  • nspr-0:4.11.0-1.el7_2
  • nspr-devel-0:4.11.0-1.el7_2
  • nss-util-0:3.21.0-2.2.el7_2
  • nss-util-devel-0:3.21.0-2.2.el7_2
  • nss-softokn-0:3.16.2.3-14.2.el7_2
  • nss-softokn-devel-0:3.16.2.3-14.2.el7_2
  • nss-softokn-freebl-0:3.16.2.3-14.2.el7_2
  • nss-softokn-freebl-devel-0:3.16.2.3-14.2.el7_2
  • nss-0:3.21.0-9.el7_2
  • nss-devel-0:3.21.0-9.el7_2
  • nss-pkcs11-devel-0:3.21.0-9.el7_2
  • nss-sysinit-0:3.21.0-9.el7_2
  • nss-tools-0:3.21.0-9.el7_2
refmap via4
bid
  • 84275
  • 91787
confirm
debian DSA-3688
gentoo GLSA-201605-06
misc https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes
sectrack 1035258
suse
  • SUSE-SU-2016:0727
  • SUSE-SU-2016:0777
  • SUSE-SU-2016:0820
  • SUSE-SU-2016:0909
ubuntu USN-2973-1
Last major update 02-12-2016 - 22:24
Published 13-03-2016 - 14:59
Last modified 03-11-2017 - 21:29
Back to Top