Lucene search
AmazonALAS-2014-424HistoryOct 01, 2014 - 4:32 p.m.
Important: nss
2014-10-0116:32:00
alas.aws.amazon.com
13
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.044 Low
EPSS
Percentile
92.3%
Issue Overview:
A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.
Affected Packages:
nss
Issue Correction:
Run yum update nss to update your system.
New Packages:
i686:
nss-pkcs11-devel-3.16.2-7.49.amzn1.i686
nss-debuginfo-3.16.2-7.49.amzn1.i686
nss-devel-3.16.2-7.49.amzn1.i686
nss-sysinit-3.16.2-7.49.amzn1.i686
nss-tools-3.16.2-7.49.amzn1.i686
nss-3.16.2-7.49.amzn1.i686
src:
nss-3.16.2-7.49.amzn1.src
x86_64:
nss-3.16.2-7.49.amzn1.x86_64
nss-sysinit-3.16.2-7.49.amzn1.x86_64
nss-tools-3.16.2-7.49.amzn1.x86_64
nss-debuginfo-3.16.2-7.49.amzn1.x86_64
nss-devel-3.16.2-7.49.amzn1.x86_64
nss-pkcs11-devel-3.16.2-7.49.amzn1.x86_64
Additional References
Red Hat: CVE-2014-1568
Mitre: CVE-2014-1568
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | nss-pkcs11-devel | < 3.16.2-7.49.amzn1 | nss-pkcs11-devel-3.16.2-7.49.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | nss-debuginfo | < 3.16.2-7.49.amzn1 | nss-debuginfo-3.16.2-7.49.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | nss-devel | < 3.16.2-7.49.amzn1 | nss-devel-3.16.2-7.49.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | nss-sysinit | < 3.16.2-7.49.amzn1 | nss-sysinit-3.16.2-7.49.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | nss-tools | < 3.16.2-7.49.amzn1 | nss-tools-3.16.2-7.49.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | nss | < 3.16.2-7.49.amzn1 | nss-3.16.2-7.49.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | nss | < 3.16.2-7.49.amzn1 | nss-3.16.2-7.49.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | nss-sysinit | < 3.16.2-7.49.amzn1 | nss-sysinit-3.16.2-7.49.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | nss-tools | < 3.16.2-7.49.amzn1 | nss-tools-3.16.2-7.49.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | nss-debuginfo | < 3.16.2-7.49.amzn1 | nss-debuginfo-3.16.2-7.49.amzn1.x86_64.rpm |
Related
nessus
nessus
Oracle Linux 5 / 6 / 7 : nss (ELSA-2014-1307)
2014-09-29 00:00:00
Mandriva Linux Security Advisory : nss (MDVSA-2014:189)
2014-09-26 00:00:00
Debian DSA-3034-1 : iceweasel - security update
2014-09-26 00:00:00
suse
suse
NSS update to avoid signature forgery (critical)
2014-09-28 12:04:18
Security update for mozilla-nss (important)
2014-10-01 17:04:53
Security update for mozilla-nss (important)
2014-09-27 00:04:18
prion
prion
Design/Logic Flaw
2014-09-25 17:55:00
Code injection
2018-11-07 20:29:00
Design/Logic Flaw
2018-09-26 21:29:00
osv
osv
nss - security update
2014-09-25 00:00:00
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:01
mozilla
mozilla
RSA Signature Forgery in NSS — Mozilla
2014-09-24 00:00:00
cert
cert
debian
debian
[SECURITY] [DSA 3033-1] nss security update
2014-09-25 00:23:40
[SECURITY] [DSA 3037-1] icedove security update
2014-09-26 19:31:43
[SECURITY] [DSA 3034-1] iceweasel security update
2014-09-25 06:25:14
openvas
openvas
Mozilla Firefox ESR RSA Spoof Vulnerability (Sep 2014) - Windows
2014-09-29 00:00:00
CentOS Update for nss CESA-2014:1307 centos7
2014-10-01 00:00:00
Seamonkey RSA Spoof Vulnerability (Sep 2014) - Mac OS X
2014-09-30 00:00:00
centos
centos
nss security update
2014-09-26 11:29:24
fedora
fedora
[SECURITY] Fedora 21 Update: nss-3.17.1-1.fc21
2014-09-29 04:00:07
[SECURITY] Fedora 21 Update: nss-softokn-3.17.1-2.fc21
2014-09-29 04:00:06
[SECURITY] Fedora 21 Update: nss-util-3.17.1-1.fc21
2014-09-29 04:00:07
redhat
redhat
(RHSA-2014:1307) Important: nss security update
2014-09-26 00:00:00
(RHSA-2014:1371) Important: nss security update
2014-10-10 00:00:00
(RHSA-2014:1354) Critical: rhev-hypervisor6 security update
2014-10-02 00:00:00
archlinux
archlinux
NSS: Signature forgery attack
2014-09-24 00:00:00
veracode
veracode
Spoofable RSA Signatures
2019-01-15 09:01:59
mageia
mageia
Updated nss packages fix CVE-2014-1568
2014-09-26 19:55:04
ubuntu
ubuntu
Thunderbird vulnerabilities
2014-09-24 00:00:00
Firefox vulnerabilities
2014-09-24 00:00:00
NSS vulnerability
2014-09-24 00:00:00
cve
cve
checkpoint_advisories
checkpoint_advisories
Mozilla Network Security Services RSA Signature Forgery (CVE-2014-1568)
2014-10-19 00:00:00
freebsd
freebsd
NSS -- RSA Signature Forgery
2014-09-23 00:00:00
chromium -- RSA signature malleability in NSS
2014-09-24 00:00:00
debiancve
debiancve
amazon
amazon
Important: nss-softokn
2014-10-01 16:32:00
Important: nss-util
2014-10-01 16:32:00
ubuntucve
ubuntucve
CVE-2014-1568
2014-09-24 00:00:00
CVE-2018-16152
2018-09-24 00:00:00
oraclelinux
oraclelinux
nss security update
2014-09-26 00:00:00
nss, nss-util, and nss-softokn security, bug fix, and enhancement update
2014-12-02 00:00:00
chrome
chrome
Stable Channel Update
2014-09-24 00:00:00
redhatcve
redhatcve
CVE-2018-16152
2018-10-03 20:20:39
alpinelinux
alpinelinux
CVE-2018-16152
2018-09-26 21:29:00
ibm
ibm
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-04-17 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-01-25 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.044 Low
EPSS
Percentile
92.3%
Related for ALAS-2014-424