Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-1073

Опубликовано: 18 авг. 2014
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2014-1073: nss, nss-util, nss-softokn security, bug fix, and enhancement update (LOW)

nss [3.16.2-2.0.1.el7_0]

  • Added nss-vendor.patch to change vendor

[3.16.2-2]

  • Restore missing options descriptions fix for certutil manpage
  • Document certutil options --dump-ext-val, --extGeneric, and --extSAN
  • Related: Bug 1124659 - Rebase RHEL 7 to at least NSS 3.16.1

[3.16.2-1]

  • Rebase to nss-3.16.2
  • Resolves: Bug 1124659 - Rebase RHEL 7 to at least NSS 3.16.1 (FF 31)
  • Fix test failure detection in the %check section
  • Move removal of unwanted source directories to the end of the %prep section
  • Update various patches on account of the rebase
  • Remove unused patches rendered obsolete by the rebase
  • Fix libssl and test patches that disable ssl2 support
  • Replace expired PayPal test certificate that breaks the build

nss-softokn [3.16.2-1]

  • Update to nss-3.16.2
  • Resolves: Bug 1124659 - Rebase RHEL 7.1 to at least NSS-SOFTOKN 3.16.1 (FF 31)

nss-util [3.16.2-1]

  • Update to nss-3.16.2
  • Resolves: Bug 1124659 - Rebase RHEL-7.0 to at least NSS 3.16.1 (FF 31)

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

nss

3.16.2-2.0.1.el7_0

nss-devel

3.16.2-2.0.1.el7_0

nss-pkcs11-devel

3.16.2-2.0.1.el7_0

nss-softokn

3.16.2-1.el7_0

nss-softokn-devel

3.16.2-1.el7_0

nss-softokn-freebl

3.16.2-1.el7_0

nss-softokn-freebl-devel

3.16.2-1.el7_0

nss-sysinit

3.16.2-2.0.1.el7_0

nss-tools

3.16.2-2.0.1.el7_0

nss-util

3.16.2-1.el7_0

nss-util-devel

3.16.2-1.el7_0

Связанные CVE

CVE-2014-1492

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2014-1492

ubuntu
больше 11 лет назад

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

redhat логотип

CVE-2014-1492

redhat
больше 11 лет назад

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

nvd логотип

CVE-2014-1492

nvd
больше 11 лет назад

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

debian логотип

CVE-2014-1492

debian
больше 11 лет назад

The cert_TestHostName function in lib/certdb/certdb.c in the certifica ...

github логотип

GHSA-fxvw-6w4h-3mx5

github
больше 3 лет назад

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.