Описание
ELSA-2016-0591: nss, nss-util, and nspr security, bug fix, and enhancement update (MODERATE)
nspr [4.11.0-0.1]
- Rebase to NSPR 4.11
nss [3.21.0-0.3.0.1]
- Added nss-vendor.patch to change vendor
[3.21.0-0.3]
- Ensure all ssl.sh tests are executed
[3.21.0-0.2]
- Ensure abi compatibility
[3.21.0-0.1]
- Rebase to NSS-3.21
nss-util [3.21.0-0.3]
- Rebase RHEL 6.7.z to NSS-util 3.21 in preparation for Firefox 45
- Resolves: Bug 1299874
- Update upstream patch for CVE-2016-1950
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
nspr
4.11.0-0.1.el6_7
nspr-devel
4.11.0-0.1.el6_7
nss
3.21.0-0.3.0.1.el6_7
nss-devel
3.21.0-0.3.0.1.el6_7
nss-pkcs11-devel
3.21.0-0.3.0.1.el6_7
nss-sysinit
3.21.0-0.3.0.1.el6_7
nss-tools
3.21.0-0.3.0.1.el6_7
nss-util
3.21.0-0.3.el6_7
nss-util-devel
3.21.0-0.3.el6_7
Oracle Linux i686
nspr
4.11.0-0.1.el6_7
nspr-devel
4.11.0-0.1.el6_7
nss
3.21.0-0.3.0.1.el6_7
nss-devel
3.21.0-0.3.0.1.el6_7
nss-pkcs11-devel
3.21.0-0.3.0.1.el6_7
nss-sysinit
3.21.0-0.3.0.1.el6_7
nss-tools
3.21.0-0.3.0.1.el6_7
nss-util
3.21.0-0.3.el6_7
nss-util-devel
3.21.0-0.3.el6_7
Oracle Linux sparc64
nss
3.21.0-0.3.0.1.el6_7
nss-sysinit
3.21.0-0.3.0.1.el6_7
nss-tools
3.21.0-0.3.0.1.el6_7
Связанные CVE
Связанные уязвимости
ELSA-2016-0685: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update (MODERATE)
ELSA-2016-0684: nss and nspr security, bug fix, and enhancement update (MODERATE)
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.