Univention Bugzilla – Bug 39787
nss: Multiple issues (4.0)
Last modified: 2016-06-02 06:22:23 CEST
The following security issues have been identified in the Network Security Service (nss): * ASan: use-after-poison in sec_asn1d_parse_leaf function (CVE-2015-7181) * ASN.1 decoder heap overflow when decoding constructed OCTET STRING (CVE-2015-7182)
* MD5 Downgrade in TLS 1.2 Signatures (CVE-2015-7575)
* The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function (CVE-2016-1938)
Not affected by CVE-2015-7575: TLS 1.2 not supported in 3.14, only 3.15.1 and above)
Upstream Debian package version 2:3.14.5-1+deb7u6 fixes these issues: * The sec_asn1d_parse_leaf function improperly restricts access to an unspecified data structure (CVE-2015-7181) * Heap-based buffer overflow in the ASN.1 decoder (CVE-2015-7182) * The s_mp_div function in lib/freebl/mpi/mpi.c in improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms (CVE-2016-1938) * Heap-based buffer overflow allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate (CVE-2016-1950) * Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption (CVE-2016-1978) * Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding (CVE-2016-1979)
UCS 4.0 is out of maintenance. See Depends field for the UCS 4.1 specific bug.
OK
Nothing to release