Описание
Security update for mozilla-nss
This update contains mozilla-nss 3.19.2.2 and fixes the following security issue:
- CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
libfreebl3-3.19.2.2-22.1
libfreebl3-32bit-3.19.2.2-22.1
libsoftokn3-3.19.2.2-22.1
libsoftokn3-32bit-3.19.2.2-22.1
mozilla-nss-3.19.2.2-22.1
mozilla-nss-32bit-3.19.2.2-22.1
mozilla-nss-tools-3.19.2.2-22.1
SUSE Linux Enterprise Desktop 11 SP4
libfreebl3-3.19.2.2-22.1
libfreebl3-32bit-3.19.2.2-22.1
libsoftokn3-3.19.2.2-22.1
libsoftokn3-32bit-3.19.2.2-22.1
mozilla-nss-3.19.2.2-22.1
mozilla-nss-32bit-3.19.2.2-22.1
mozilla-nss-tools-3.19.2.2-22.1
SUSE Linux Enterprise Server 11 SP3
libfreebl3-3.19.2.2-22.1
libfreebl3-32bit-3.19.2.2-22.1
libfreebl3-x86-3.19.2.2-22.1
libsoftokn3-3.19.2.2-22.1
libsoftokn3-32bit-3.19.2.2-22.1
libsoftokn3-x86-3.19.2.2-22.1
mozilla-nss-3.19.2.2-22.1
mozilla-nss-32bit-3.19.2.2-22.1
mozilla-nss-tools-3.19.2.2-22.1
mozilla-nss-x86-3.19.2.2-22.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
libfreebl3-3.19.2.2-22.1
libfreebl3-32bit-3.19.2.2-22.1
libfreebl3-x86-3.19.2.2-22.1
libsoftokn3-3.19.2.2-22.1
libsoftokn3-32bit-3.19.2.2-22.1
libsoftokn3-x86-3.19.2.2-22.1
mozilla-nss-3.19.2.2-22.1
mozilla-nss-32bit-3.19.2.2-22.1
mozilla-nss-tools-3.19.2.2-22.1
mozilla-nss-x86-3.19.2.2-22.1
SUSE Linux Enterprise Server 11 SP4
libfreebl3-3.19.2.2-22.1
libfreebl3-32bit-3.19.2.2-22.1
libfreebl3-x86-3.19.2.2-22.1
libsoftokn3-3.19.2.2-22.1
libsoftokn3-32bit-3.19.2.2-22.1
libsoftokn3-x86-3.19.2.2-22.1
mozilla-nss-3.19.2.2-22.1
mozilla-nss-32bit-3.19.2.2-22.1
mozilla-nss-tools-3.19.2.2-22.1
mozilla-nss-x86-3.19.2.2-22.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
libfreebl3-3.19.2.2-22.1
libfreebl3-32bit-3.19.2.2-22.1
libfreebl3-x86-3.19.2.2-22.1
libsoftokn3-3.19.2.2-22.1
libsoftokn3-32bit-3.19.2.2-22.1
libsoftokn3-x86-3.19.2.2-22.1
mozilla-nss-3.19.2.2-22.1
mozilla-nss-32bit-3.19.2.2-22.1
mozilla-nss-tools-3.19.2.2-22.1
mozilla-nss-x86-3.19.2.2-22.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libfreebl3-3.19.2.2-22.1
libfreebl3-32bit-3.19.2.2-22.1
libfreebl3-x86-3.19.2.2-22.1
libsoftokn3-3.19.2.2-22.1
libsoftokn3-32bit-3.19.2.2-22.1
libsoftokn3-x86-3.19.2.2-22.1
mozilla-nss-3.19.2.2-22.1
mozilla-nss-32bit-3.19.2.2-22.1
mozilla-nss-tools-3.19.2.2-22.1
mozilla-nss-x86-3.19.2.2-22.1
SUSE Linux Enterprise Software Development Kit 11 SP3
mozilla-nss-devel-3.19.2.2-22.1
SUSE Linux Enterprise Software Development Kit 11 SP4
mozilla-nss-devel-3.19.2.2-22.1
Ссылки
- Link for SUSE-SU-2016:0189-1
- E-Mail link for SUSE-SU-2016:0189-1
- SUSE Security Ratings
- SUSE Bug 959888
- SUSE CVE CVE-2015-7575 page
Описание
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libfreebl3-3.19.2.2-22.1
SUSE Linux Enterprise Desktop 11 SP3:libfreebl3-32bit-3.19.2.2-22.1
SUSE Linux Enterprise Desktop 11 SP3:libsoftokn3-3.19.2.2-22.1
SUSE Linux Enterprise Desktop 11 SP3:libsoftokn3-32bit-3.19.2.2-22.1
Ссылки
- CVE-2015-7575
- SUSE Bug 959888
- SUSE Bug 960402
- SUSE Bug 960996
- SUSE Bug 961280
- SUSE Bug 961281
- SUSE Bug 961282
- SUSE Bug 961283
- SUSE Bug 961284
- SUSE Bug 961290
- SUSE Bug 961357
- SUSE Bug 962743
- SUSE Bug 963937
- SUSE Bug 967521
- SUSE Bug 981087