Описание
ELSA-2016-0007: nss security update (MODERATE)
[3.19.1-8.0.1]
- Added nss-vendor.patch to change vendor
[3.19.1-8]
- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol
- Resolves: Bug 1289881
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
nss
3.19.1-19.0.1.el7_2
nss-devel
3.19.1-19.0.1.el7_2
nss-pkcs11-devel
3.19.1-19.0.1.el7_2
nss-sysinit
3.19.1-19.0.1.el7_2
nss-tools
3.19.1-19.0.1.el7_2
Oracle Linux 6
Oracle Linux x86_64
nss
3.19.1-8.0.1.el6_7
nss-devel
3.19.1-8.0.1.el6_7
nss-pkcs11-devel
3.19.1-8.0.1.el6_7
nss-sysinit
3.19.1-8.0.1.el6_7
nss-tools
3.19.1-8.0.1.el6_7
Oracle Linux i686
nss
3.19.1-8.0.1.el6_7
nss-devel
3.19.1-8.0.1.el6_7
nss-pkcs11-devel
3.19.1-8.0.1.el6_7
nss-sysinit
3.19.1-8.0.1.el6_7
nss-tools
3.19.1-8.0.1.el6_7
Связанные CVE
Связанные уязвимости
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozi ...
