Univention Bugzilla – Bug 33281
nss: Multiple issues (3.2)
Last modified: 2015-08-21 13:14:23 CEST
+++ This bug was initially created as a clone of Bug #30634 +++ "Lucky 13" attack on TLS (CVE-2013-0169, CVE-2013-1620)
Buffer overflow in parsing the cipher list (CVE-2013-5605) Incomplete rejection of invalid certificates (CVE-2013-5606) Denial of service in certificate parsing (CVE-2013-1741)
Information disclosure in SSL handshake (CVE-2013-1740)
Incorrect wildcard parsing in internationalised domain names (CVE-2014-1492)
(In reply to Moritz Muehlenhoff from comment #0) > +++ This bug was initially created as a clone of Bug #30634 +++ > > "Lucky 13" attack on TLS (CVE-2013-0169, CVE-2013-1620) This is only CVE-2013-1620, CVE-2013-0169 is for the general protocol and -1620 for the issue in NSS.
(In reply to Moritz Muehlenhoff from comment #2) > Information disclosure in SSL handshake (CVE-2013-1740) This is disabled in the NSS version in UCS 3.x, as such we won't update it.
CVE-2013-5605 was fixed with the update to Squeeze 6.0.9 (Bug 34588). As such only these issues remain open: "Lucky 13" attack on TLS (CVE-2013-1620) Buffer overflow in parsing the cipher list (CVE-2013-5605) Denial of service in certificate parsing (CVE-2013-1741) Incorrect wildcard parsing in internationalised domain names (CVE-2014-1492)
Race condition in libssl (CVE-2014-1490) Insecure DH key exchange (CVE-2014-1491)
Use-after-free in certificate handling (CVE-2014-1544)
Incorrect parsing of ASN.1 data can result in signature forgery (CVE-2014-1568)
ASN.1 DER decoding of lengths is too permissive (CVE-2014-1569)
Fixed in upstream Debian package version 3.12.8-1+squeeze11: Denial of service in certificate parsing (CVE-2013-1741) Buffer overflow in parsing the cipher list (CVE-2013-5605) Incomplete rejection of invalid certificates (CVE-2013-5606) Insecure DH key exchange (CVE-2014-1491) Incorrect wildcard parsing in internationalised domain names (CVE-2014-1492) Use-after-free in certificate handling (CVE-2014-1544) Incorrect parsing of ASN.1 data can result in signature forgery (CVE-2014-1568) ASN.1 DER decoding of lengths is too permissive (CVE-2014-1569) Classified as "Minor issue" in Debian: CVE-2013-0169 CVE-2013-1620 CVE-2013-1740 (false start disabled by default, needs to be enabled by clients) Ignored by Debian: CVE-2014-1490 (Too complex to backport)
Already fixed in 3.12.8-1+squeeze7: CVE-2013-5605 Advisory: 2015-08-18-nss.yaml
Tests: OK Advisory: OK
<http://errata.univention.de/ucs/3.2/361.html>