SUSE-SU-2016:0149-1

Опубликовано: 18 янв. 2016

Источник: suse-cvrf

Описание

Security update for mozilla-nss

This update contains mozilla-nss 3.19.2.2 and fixes the following security issue:

CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888).

Список пакетов

SUSE Linux Enterprise Desktop 12

libfreebl3-3.19.2.2-32.1

libfreebl3-32bit-3.19.2.2-32.1

libsoftokn3-3.19.2.2-32.1

libsoftokn3-32bit-3.19.2.2-32.1

mozilla-nss-3.19.2.2-32.1

mozilla-nss-32bit-3.19.2.2-32.1

mozilla-nss-certs-3.19.2.2-32.1

mozilla-nss-certs-32bit-3.19.2.2-32.1

mozilla-nss-sysinit-3.19.2.2-32.1

mozilla-nss-sysinit-32bit-3.19.2.2-32.1

mozilla-nss-tools-3.19.2.2-32.1

SUSE Linux Enterprise Desktop 12 SP1

libfreebl3-3.19.2.2-32.1

libfreebl3-32bit-3.19.2.2-32.1

libsoftokn3-3.19.2.2-32.1

libsoftokn3-32bit-3.19.2.2-32.1

mozilla-nss-3.19.2.2-32.1

mozilla-nss-32bit-3.19.2.2-32.1

mozilla-nss-certs-3.19.2.2-32.1

mozilla-nss-certs-32bit-3.19.2.2-32.1

mozilla-nss-sysinit-3.19.2.2-32.1

mozilla-nss-sysinit-32bit-3.19.2.2-32.1

mozilla-nss-tools-3.19.2.2-32.1

SUSE Linux Enterprise Server 12

libfreebl3-3.19.2.2-32.1

libfreebl3-32bit-3.19.2.2-32.1

libfreebl3-hmac-3.19.2.2-32.1

libfreebl3-hmac-32bit-3.19.2.2-32.1

libsoftokn3-3.19.2.2-32.1

libsoftokn3-32bit-3.19.2.2-32.1

libsoftokn3-hmac-3.19.2.2-32.1

libsoftokn3-hmac-32bit-3.19.2.2-32.1

mozilla-nss-3.19.2.2-32.1

mozilla-nss-32bit-3.19.2.2-32.1

mozilla-nss-certs-3.19.2.2-32.1

mozilla-nss-certs-32bit-3.19.2.2-32.1

mozilla-nss-sysinit-3.19.2.2-32.1

mozilla-nss-sysinit-32bit-3.19.2.2-32.1

mozilla-nss-tools-3.19.2.2-32.1

SUSE Linux Enterprise Server 12 SP1

libfreebl3-3.19.2.2-32.1

libfreebl3-32bit-3.19.2.2-32.1

libfreebl3-hmac-3.19.2.2-32.1

libfreebl3-hmac-32bit-3.19.2.2-32.1

libsoftokn3-3.19.2.2-32.1

libsoftokn3-32bit-3.19.2.2-32.1

libsoftokn3-hmac-3.19.2.2-32.1

libsoftokn3-hmac-32bit-3.19.2.2-32.1

mozilla-nss-3.19.2.2-32.1

mozilla-nss-32bit-3.19.2.2-32.1

mozilla-nss-certs-3.19.2.2-32.1

mozilla-nss-certs-32bit-3.19.2.2-32.1

mozilla-nss-sysinit-3.19.2.2-32.1

mozilla-nss-sysinit-32bit-3.19.2.2-32.1

mozilla-nss-tools-3.19.2.2-32.1

SUSE Linux Enterprise Server for SAP Applications 12

libfreebl3-3.19.2.2-32.1

libfreebl3-32bit-3.19.2.2-32.1

libfreebl3-hmac-3.19.2.2-32.1

libfreebl3-hmac-32bit-3.19.2.2-32.1

libsoftokn3-3.19.2.2-32.1

libsoftokn3-32bit-3.19.2.2-32.1

libsoftokn3-hmac-3.19.2.2-32.1

libsoftokn3-hmac-32bit-3.19.2.2-32.1

mozilla-nss-3.19.2.2-32.1

mozilla-nss-32bit-3.19.2.2-32.1

mozilla-nss-certs-3.19.2.2-32.1

mozilla-nss-certs-32bit-3.19.2.2-32.1

mozilla-nss-sysinit-3.19.2.2-32.1

mozilla-nss-sysinit-32bit-3.19.2.2-32.1

mozilla-nss-tools-3.19.2.2-32.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

libfreebl3-3.19.2.2-32.1

libfreebl3-32bit-3.19.2.2-32.1

libfreebl3-hmac-3.19.2.2-32.1

libfreebl3-hmac-32bit-3.19.2.2-32.1

libsoftokn3-3.19.2.2-32.1

libsoftokn3-32bit-3.19.2.2-32.1

libsoftokn3-hmac-3.19.2.2-32.1

libsoftokn3-hmac-32bit-3.19.2.2-32.1

mozilla-nss-3.19.2.2-32.1

mozilla-nss-32bit-3.19.2.2-32.1

mozilla-nss-certs-3.19.2.2-32.1

mozilla-nss-certs-32bit-3.19.2.2-32.1

mozilla-nss-sysinit-3.19.2.2-32.1

mozilla-nss-sysinit-32bit-3.19.2.2-32.1

mozilla-nss-tools-3.19.2.2-32.1

SUSE Linux Enterprise Software Development Kit 12

mozilla-nss-devel-3.19.2.2-32.1

SUSE Linux Enterprise Software Development Kit 12 SP1

mozilla-nss-devel-3.19.2.2-32.1

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20160149-1/
Link for SUSE-SU-2016:0149-1
https://lists.suse.com/pipermail/sle-security-updates/2016-January/001807.html
E-Mail link for SUSE-SU-2016:0149-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/959888
SUSE Bug 959888
https://www.suse.com/security/cve/CVE-2015-7575/
SUSE CVE CVE-2015-7575 page

Описание

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP1:libfreebl3-3.19.2.2-32.1

SUSE Linux Enterprise Desktop 12 SP1:libfreebl3-32bit-3.19.2.2-32.1

SUSE Linux Enterprise Desktop 12 SP1:libsoftokn3-3.19.2.2-32.1

SUSE Linux Enterprise Desktop 12 SP1:libsoftokn3-32bit-3.19.2.2-32.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-7575.html
CVE-2015-7575
https://bugzilla.suse.com/959888
SUSE Bug 959888
https://bugzilla.suse.com/960402
SUSE Bug 960402
https://bugzilla.suse.com/960996
SUSE Bug 960996
https://bugzilla.suse.com/961280
SUSE Bug 961280
https://bugzilla.suse.com/961281
SUSE Bug 961281
https://bugzilla.suse.com/961282
SUSE Bug 961282
https://bugzilla.suse.com/961283
SUSE Bug 961283
https://bugzilla.suse.com/961284
SUSE Bug 961284
https://bugzilla.suse.com/961290
SUSE Bug 961290
https://bugzilla.suse.com/961357
SUSE Bug 961357
https://bugzilla.suse.com/962743
SUSE Bug 962743
https://bugzilla.suse.com/963937
SUSE Bug 963937
https://bugzilla.suse.com/967521
SUSE Bug 967521
https://bugzilla.suse.com/981087
SUSE Bug 981087

SUSE-SU-2016:0149-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12

SUSE Linux Enterprise Desktop 12 SP1

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Software Development Kit 12

SUSE Linux Enterprise Software Development Kit 12 SP1

Ссылки

Уязвимость: CVE-2015-7575

Описание

Затронутые продукты

Ссылки