Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2015-1185

Опубликовано: 25 июн. 2015
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2015-1185: nss security update (MODERATE)

nss [3.19.1-3.0.1]

  • Added nss-vendor.patch to change vendor

[3.19.1-3]

  • Additional NULL initialization.

[3.19.1-2]

  • Updated the patch to keep old cipher suite order
  • Resolves: Bug 1224449

[3.19.1-1]

  • Rebase to nss-3.19.1
  • Resolves: Bug 1224449

nss-util [3.19.0-1]

  • Rebase to nss-3.19.1
  • Resolves: Bug 1224449

[3.18.0-1]

  • Resolves: - Bug 1205064 - [RHEL6.6] nss-util 3.18 rebase required for firefox 38 ESR

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

nss

3.19.1-3.0.1.el6_6

nss-devel

3.19.1-3.0.1.el6_6

nss-pkcs11-devel

3.19.1-3.0.1.el6_6

nss-sysinit

3.19.1-3.0.1.el6_6

nss-tools

3.19.1-3.0.1.el6_6

nss-util

3.19.1-1.el6_6

nss-util-devel

3.19.1-1.el6_6

Oracle Linux i686

nss

3.19.1-3.0.1.el6_6

nss-devel

3.19.1-3.0.1.el6_6

nss-pkcs11-devel

3.19.1-3.0.1.el6_6

nss-sysinit

3.19.1-3.0.1.el6_6

nss-tools

3.19.1-3.0.1.el6_6

nss-util

3.19.1-1.el6_6

nss-util-devel

3.19.1-1.el6_6

Oracle Linux 7

Oracle Linux x86_64

nss

3.19.1-3.0.1.el7_1

nss-devel

3.19.1-3.0.1.el7_1

nss-pkcs11-devel

3.19.1-3.0.1.el7_1

nss-sysinit

3.19.1-3.0.1.el7_1

nss-tools

3.19.1-3.0.1.el7_1

nss-util

3.19.1-1.el7_1

nss-util-devel

3.19.1-1.el7_1

Связанные CVE

CVE-2015-4000

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2015-4000

CVSS3: 3.7
ubuntu
около 10 лет назад

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

redhat логотип

CVE-2015-4000

CVSS3: 3.7
redhat
около 10 лет назад

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

nvd логотип

CVE-2015-4000

CVSS3: 3.7
nvd
около 10 лет назад

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

debian логотип

CVE-2015-4000

CVSS3: 3.7
debian
около 10 лет назад

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ena ...

suse-cvrf логотип

openSUSE-SU-2016:2267-1

suse-cvrf
почти 9 лет назад

Security update for libtcnative-1-0