ID CVE-2015-2730
Summary Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.18:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:31.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:31.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 28-12-2016 - 02:59)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1236967
    title CVE-2015-2721 NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment nss is earlier than 0:3.19.1-1.el5_11
          oval oval:com.redhat.rhsa:tst:20151664008
        • comment nss is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925013
      • AND
        • comment nss-devel is earlier than 0:3.19.1-1.el5_11
          oval oval:com.redhat.rhsa:tst:20151664006
        • comment nss-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925009
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.19.1-1.el5_11
          oval oval:com.redhat.rhsa:tst:20151664002
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925007
      • AND
        • comment nss-tools is earlier than 0:3.19.1-1.el5_11
          oval oval:com.redhat.rhsa:tst:20151664004
        • comment nss-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925011
    rhsa
    id RHSA-2015:1664
    released 2015-08-24
    severity Moderate
    title RHSA-2015:1664: nss security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 1236954
    title CVE-2015-2730 NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment nss-softokn is earlier than 0:3.14.3-23.el6_7
            oval oval:com.redhat.rhsa:tst:20151699007
          • comment nss-softokn is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364024
        • AND
          • comment nss-softokn-devel is earlier than 0:3.14.3-23.el6_7
            oval oval:com.redhat.rhsa:tst:20151699005
          • comment nss-softokn-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364026
        • AND
          • comment nss-softokn-freebl is earlier than 0:3.14.3-23.el6_7
            oval oval:com.redhat.rhsa:tst:20151699009
          • comment nss-softokn-freebl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364028
        • AND
          • comment nss-softokn-freebl-devel is earlier than 0:3.14.3-23.el6_7
            oval oval:com.redhat.rhsa:tst:20151699011
          • comment nss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364030
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment nss-softokn is earlier than 0:3.16.2.3-13.el7_1
            oval oval:com.redhat.rhsa:tst:20151699017
          • comment nss-softokn is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364024
        • AND
          • comment nss-softokn-devel is earlier than 0:3.16.2.3-13.el7_1
            oval oval:com.redhat.rhsa:tst:20151699019
          • comment nss-softokn-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364026
        • AND
          • comment nss-softokn-freebl is earlier than 0:3.16.2.3-13.el7_1
            oval oval:com.redhat.rhsa:tst:20151699018
          • comment nss-softokn-freebl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364028
        • AND
          • comment nss-softokn-freebl-devel is earlier than 0:3.16.2.3-13.el7_1
            oval oval:com.redhat.rhsa:tst:20151699020
          • comment nss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364030
    rhsa
    id RHSA-2015:1699
    released 2015-09-01
    severity Moderate
    title RHSA-2015:1699: nss-softokn security update (Moderate)
rpms
  • nss-0:3.19.1-1.el5_11
  • nss-devel-0:3.19.1-1.el5_11
  • nss-pkcs11-devel-0:3.19.1-1.el5_11
  • nss-tools-0:3.19.1-1.el5_11
  • nss-softokn-0:3.14.3-23.el6_7
  • nss-softokn-devel-0:3.14.3-23.el6_7
  • nss-softokn-freebl-0:3.14.3-23.el6_7
  • nss-softokn-freebl-devel-0:3.14.3-23.el6_7
  • nss-softokn-0:3.16.2.3-13.el7_1
  • nss-softokn-devel-0:3.16.2.3-13.el7_1
  • nss-softokn-freebl-0:3.16.2.3-13.el7_1
  • nss-softokn-freebl-devel-0:3.16.2.3-13.el7_1
refmap via4
bid
  • 75541
  • 83399
confirm
debian DSA-3336
gentoo GLSA-201512-10
sectrack 1032783
suse
  • SUSE-SU-2015:1268
  • SUSE-SU-2015:1269
  • SUSE-SU-2015:1449
  • openSUSE-SU-2015:1229
  • openSUSE-SU-2015:1266
ubuntu
  • USN-2656-1
  • USN-2656-2
  • USN-2672-1
Last major update 28-12-2016 - 02:59
Published 06-07-2015 - 02:01
Back to Top