Bug 33281 - nss: Multiple issues (3.2)
nss: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.0
Other Linux
: P3 normal (vote)
: UCS 3.2-6-errata
Assigned To: Arvid Requate
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-12 11:12 CET by Moritz Muehlenhoff
Modified: 2015-08-21 13:14 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2013-11-12 11:12:54 CET
+++ This bug was initially created as a clone of Bug #30634 +++

"Lucky 13" attack on TLS (CVE-2013-0169, CVE-2013-1620)
Comment 1 Moritz Muehlenhoff univentionstaff 2013-11-27 14:59:11 CET
Buffer overflow in parsing the cipher list (CVE-2013-5605)
Incomplete rejection of invalid certificates (CVE-2013-5606)
Denial of service in certificate parsing (CVE-2013-1741)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-01-17 10:53:16 CET
Information disclosure in SSL handshake (CVE-2013-1740)
Comment 3 Moritz Muehlenhoff univentionstaff 2014-03-21 08:50:54 CET
Incorrect wildcard parsing in internationalised domain names (CVE-2014-1492)
Comment 4 Moritz Muehlenhoff univentionstaff 2014-05-02 13:13:05 CEST
(In reply to Moritz Muehlenhoff from comment #0)
> +++ This bug was initially created as a clone of Bug #30634 +++
> 
> "Lucky 13" attack on TLS (CVE-2013-0169, CVE-2013-1620)

This is only CVE-2013-1620, CVE-2013-0169 is for the general protocol and -1620 for the issue in NSS.
Comment 5 Moritz Muehlenhoff univentionstaff 2014-05-02 13:14:08 CEST
(In reply to Moritz Muehlenhoff from comment #2)
> Information disclosure in SSL handshake (CVE-2013-1740)

This is disabled in the NSS version in UCS 3.x, as such we won't update it.
Comment 6 Moritz Muehlenhoff univentionstaff 2014-05-02 13:19:44 CEST
CVE-2013-5605 was fixed with the update to Squeeze 6.0.9 (Bug 34588). As such only these issues remain open:

"Lucky 13" attack on TLS (CVE-2013-1620)
Buffer overflow in parsing the cipher list (CVE-2013-5605)
Denial of service in certificate parsing (CVE-2013-1741)
Incorrect wildcard parsing in internationalised domain names (CVE-2014-1492)
Comment 7 Moritz Muehlenhoff univentionstaff 2014-06-10 15:54:27 CEST
Race condition in libssl (CVE-2014-1490)
Insecure DH key exchange (CVE-2014-1491)
Comment 8 Moritz Muehlenhoff univentionstaff 2014-07-23 09:53:44 CEST
Use-after-free in certificate handling (CVE-2014-1544)
Comment 9 Moritz Muehlenhoff univentionstaff 2014-12-15 10:25:53 CET
Incorrect parsing of ASN.1 data can result in signature forgery (CVE-2014-1568)
Comment 10 Moritz Muehlenhoff univentionstaff 2014-12-16 15:13:17 CET
ASN.1 DER decoding of lengths is too permissive (CVE-2014-1569)
Comment 11 Arvid Requate univentionstaff 2015-05-06 19:06:06 CEST
Fixed in upstream Debian package version 3.12.8-1+squeeze11:

Denial of service in certificate parsing (CVE-2013-1741)
Buffer overflow in parsing the cipher list (CVE-2013-5605)
Incomplete rejection of invalid certificates (CVE-2013-5606)
Insecure DH key exchange (CVE-2014-1491)
Incorrect wildcard parsing in internationalised domain names (CVE-2014-1492)
Use-after-free in certificate handling (CVE-2014-1544)
Incorrect parsing of ASN.1 data can result in signature forgery (CVE-2014-1568)
ASN.1 DER decoding of lengths is too permissive (CVE-2014-1569)


Classified as "Minor issue" in Debian:
CVE-2013-0169 CVE-2013-1620
CVE-2013-1740 (false start disabled by default, needs to be enabled by clients)

Ignored by Debian:
CVE-2014-1490 (Too complex to backport)
Comment 12 Arvid Requate univentionstaff 2015-08-18 14:43:47 CEST
Already fixed in 3.12.8-1+squeeze7: CVE-2013-5605

Advisory: 2015-08-18-nss.yaml
Comment 13 Janek Walkenhorst univentionstaff 2015-08-19 18:41:41 CEST
Tests: OK
Advisory: OK
Comment 14 Janek Walkenhorst univentionstaff 2015-08-21 13:14:23 CEST
<http://errata.univention.de/ucs/3.2/361.html>