Bug 39788 – nss: Multiple issues (3.2)

Bug 39788 - nss: Multiple issues (3.2)


Summary:	nss: Multiple issues (3.2)

Status:	CLOSED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 3.2
Hardware:	Other Linux

Importance:	P4 normal (vote)
Target Milestone:	---
Assigned To:	Security maintainers
QA Contact:

URL:
Keywords:

Depends on:	39787
Blocks:
	Show dependency tree / graph

Reported:	2015-11-04 21:30 CET by Arvid Requate
Modified:	2019-04-11 19:24 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2015-11-04 21:30:38 CET

+++ This bug was initially created as a clone of Bug #39787 +++

The following security issues have been identified in the Network Security Service (nss):

* ASan: use-after-poison in sec_asn1d_parse_leaf function (CVE-2015-7181)
* ASN.1 decoder heap overflow when decoding constructed OCTET STRING (CVE-2015-7182)

Comment 1 Arvid Requate

2015-11-04 21:45:06 CET

These are already fixed upstream in version 3.12.8-1+squeeze12:

* NSS incorrectly permits skipping of ServerKeyExchange (CVE-2015-2721)
* ECDSA signature validation fails to handle some signatures correctly
  (CVE-2015-2730)

(That hadn't been cloned from Bug 37045 yet).

Comment 2 Arvid Requate

2016-01-26 12:44:45 CET

* MD5 Downgrade in TLS 1.2 Signatures (CVE-2015-7575)

Comment 3 Arvid Requate

2016-02-22 13:06:48 CET

3.12.8-1+squeeze13 fixes CVE-2015-7181 CVE-2015-7182

And there is a new issue:

* The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function (CVE-2016-1938)

Comment 4 Arvid Requate

2016-02-24 19:16:36 CET

3.12.8-1+squeeze14 fixes CVE-2016-1938

Comment 5 Arvid Requate

2017-06-01 18:28:49 CEST

UCS 3.2 is out of maintenance.