Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1088-1

Опубликовано: 21 апр. 2017
Источник: suse-cvrf

Описание

Security update for mozilla-nss

Mozilla-nss was updated to 3.28.4 to fix the following issues:

Security issues:

  • CVE-2016-9574: Allow use of session tickets when there is no ticket wrapping key (boo#1015499, bmo#1320695)

Non security issues:

  • A rare crash when initializing an SSL socket fails has been fixed (bmo#1342358)
  • Rare crashes in the base 64 decoder and encoder were fixed (bmo#1344380)
  • A carry over bug in the RNG was fixed (bmo#1345089)
  • Fixed hash computation (boo#1030071, bmo#1348767)

This update also contains a rebuild of java-1_8_0-openjdk as the java security provider is very closely tied to the mozilla nss API.

Список пакетов

openSUSE Leap 42.1
java-1_8_0-openjdk-1.8.0.121-10.2.1
java-1_8_0-openjdk-accessibility-1.8.0.121-10.2.1
java-1_8_0-openjdk-demo-1.8.0.121-10.2.1
java-1_8_0-openjdk-devel-1.8.0.121-10.2.1
java-1_8_0-openjdk-headless-1.8.0.121-10.2.1
java-1_8_0-openjdk-javadoc-1.8.0.121-10.2.1
java-1_8_0-openjdk-src-1.8.0.121-10.2.1
libfreebl3-3.28.4-40.3.1
libfreebl3-32bit-3.28.4-40.3.1
libsoftokn3-3.28.4-40.3.1
libsoftokn3-32bit-3.28.4-40.3.1
mozilla-nss-3.28.4-40.3.1
mozilla-nss-32bit-3.28.4-40.3.1
mozilla-nss-certs-3.28.4-40.3.1
mozilla-nss-certs-32bit-3.28.4-40.3.1
mozilla-nss-devel-3.28.4-40.3.1
mozilla-nss-sysinit-3.28.4-40.3.1
mozilla-nss-sysinit-32bit-3.28.4-40.3.1
mozilla-nss-tools-3.28.4-40.3.1
openSUSE Leap 42.2
java-1_8_0-openjdk-1.8.0.121-10.2.1
java-1_8_0-openjdk-accessibility-1.8.0.121-10.2.1
java-1_8_0-openjdk-demo-1.8.0.121-10.2.1
java-1_8_0-openjdk-devel-1.8.0.121-10.2.1
java-1_8_0-openjdk-headless-1.8.0.121-10.2.1
java-1_8_0-openjdk-javadoc-1.8.0.121-10.2.1
java-1_8_0-openjdk-src-1.8.0.121-10.2.1
libfreebl3-3.28.4-40.3.1
libfreebl3-32bit-3.28.4-40.3.1
libsoftokn3-3.28.4-40.3.1
libsoftokn3-32bit-3.28.4-40.3.1
mozilla-nss-3.28.4-40.3.1
mozilla-nss-32bit-3.28.4-40.3.1
mozilla-nss-certs-3.28.4-40.3.1
mozilla-nss-certs-32bit-3.28.4-40.3.1
mozilla-nss-devel-3.28.4-40.3.1
mozilla-nss-sysinit-3.28.4-40.3.1
mozilla-nss-sysinit-32bit-3.28.4-40.3.1
mozilla-nss-tools-3.28.4-40.3.1

Ссылки

Описание

nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.

Затронутые продукты
openSUSE Leap 42.1:java-1_8_0-openjdk-1.8.0.121-10.2.1
openSUSE Leap 42.1:java-1_8_0-openjdk-accessibility-1.8.0.121-10.2.1
openSUSE Leap 42.1:java-1_8_0-openjdk-demo-1.8.0.121-10.2.1
openSUSE Leap 42.1:java-1_8_0-openjdk-devel-1.8.0.121-10.2.1
Ссылки