Bug 41329

Summary: nss: Multiple issues (4.1)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Janek Walkenhorst <walkenhorst>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: normal    
Priority: P2 CC: gohmann, walkenhorst
Version: UCS 4.1Flags: requate: Patch_Available+
Target Milestone: UCS 4.1-3-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 39787    

Description Arvid Requate univentionstaff 2016-05-23 19:14:34 CEST 
Upstream Debian package version 2:3.14.5-1+deb7u6 fixes these issues:

* The sec_asn1d_parse_leaf function improperly restricts access to an unspecified data structure (CVE-2015-7181)

* Heap-based buffer overflow in the ASN.1 decoder (CVE-2015-7182)

* The s_mp_div function in lib/freebl/mpi/mpi.c in improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms (CVE-2016-1938)

* Heap-based buffer overflow allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate (CVE-2016-1950)

* Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption (CVE-2016-1978)

* Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding (CVE-2016-1979)
Comment 1 Arvid Requate univentionstaff 2016-06-07 20:19:28 CEST 
Upstream Debian package version 2:3.14.5-1+deb7u7 fixes this issue:

A vulnerability has been found in the Mozilla Network Security Service (nss):

CVE-2015-4000

 With TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is
 enabled on a server but not on a client, does not properly convey
 a DHE_EXPORT choice, which allows man-in-the-middle attackers to
 conduct cipher-downgrade attacks by rewriting a ClientHello with
 DHE replaced by DHE_EXPORT and then rewriting a ServerHello with
 DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

The solution in nss was to not accept bit lengths less than 1024.
This may potentially be a backwards incompatibility issue but such
low bit lengths should not be in use so it was deemed acceptable.
Comment 2 Arvid Requate univentionstaff 2016-06-27 12:09:03 CEST 
Upstream Debian package version 2:3.14.5-1+deb7u8 fixes this aditional issue:

* Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. (CVE-2016-2834)
Comment 3 Janek Walkenhorst univentionstaff 2016-08-26 13:04:42 CEST 
Tests (i386): OK
Advisory: nss.yaml
Comment 4 Arvid Requate univentionstaff 2016-09-05 17:56:04 CEST 
Verified:
* 3.14.5-1+deb7u8 imported and built
* No UCS patches
* Package update Ok (amd64) (tested with univention-java)
* Advisory Ok
Comment 5 Janek Walkenhorst univentionstaff 2016-09-07 18:41:41 CEST 
<http://errata.software-univention.de/ucs/4.1/256.html>