Описание
Security update for mozilla-nss
This update to mozilla-nss 3.20.2 fixes the following issues:
- CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (boo#952810)
Список пакетов
openSUSE Leap 42.1
libfreebl3-3.20.2-6.1
libfreebl3-32bit-3.20.2-6.1
libsoftokn3-3.20.2-6.1
libsoftokn3-32bit-3.20.2-6.1
mozilla-nss-3.20.2-6.1
mozilla-nss-32bit-3.20.2-6.1
mozilla-nss-certs-3.20.2-6.1
mozilla-nss-certs-32bit-3.20.2-6.1
mozilla-nss-devel-3.20.2-6.1
mozilla-nss-sysinit-3.20.2-6.1
mozilla-nss-sysinit-32bit-3.20.2-6.1
mozilla-nss-tools-3.20.2-6.1
Ссылки
- E-Mail link for openSUSE-SU-2015:2405-1
- SUSE Security Ratings
Описание
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
Затронутые продукты
openSUSE Leap 42.1:libfreebl3-3.20.2-6.1
openSUSE Leap 42.1:libfreebl3-32bit-3.20.2-6.1
openSUSE Leap 42.1:libsoftokn3-3.20.2-6.1
openSUSE Leap 42.1:libsoftokn3-32bit-3.20.2-6.1
Ссылки
- CVE-2015-7575
- SUSE Bug 959888
- SUSE Bug 960402
- SUSE Bug 960996
- SUSE Bug 961280
- SUSE Bug 961281
- SUSE Bug 961282
- SUSE Bug 961283
- SUSE Bug 961284
- SUSE Bug 961290
- SUSE Bug 961357
- SUSE Bug 962743
- SUSE Bug 963937
- SUSE Bug 967521
- SUSE Bug 981087