7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.044 Low
EPSS
Percentile
92.3%
CentOS Errata and Security Advisory CESA-2014:1307
Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One)
input from certain RSA signatures. A remote attacker could use this flaw to
forge RSA certificates by providing a specially crafted signature to an
application using NSS. (CVE-2014-1568)
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security
Incident Response Team as the original reporters.
All NSS users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, applications using NSS must be restarted for this update to
take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-September/082757.html
https://lists.centos.org/pipermail/centos-announce/2014-September/082760.html
https://lists.centos.org/pipermail/centos-announce/2014-September/082815.html
Affected packages:
nss
nss-devel
nss-pkcs11-devel
nss-softokn
nss-softokn-devel
nss-softokn-freebl
nss-softokn-freebl-devel
nss-sysinit
nss-tools
nss-util
nss-util-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2014:1307
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | i686 | nss | < 3.16.2-7.el7_0 | nss-3.16.2-7.el7_0.i686.rpm |
CentOS | 7 | x86_64 | nss | < 3.16.2-7.el7_0 | nss-3.16.2-7.el7_0.x86_64.rpm |
CentOS | 7 | i686 | nss-devel | < 3.16.2-7.el7_0 | nss-devel-3.16.2-7.el7_0.i686.rpm |
CentOS | 7 | x86_64 | nss-devel | < 3.16.2-7.el7_0 | nss-devel-3.16.2-7.el7_0.x86_64.rpm |
CentOS | 7 | i686 | nss-pkcs11-devel | < 3.16.2-7.el7_0 | nss-pkcs11-devel-3.16.2-7.el7_0.i686.rpm |
CentOS | 7 | x86_64 | nss-pkcs11-devel | < 3.16.2-7.el7_0 | nss-pkcs11-devel-3.16.2-7.el7_0.x86_64.rpm |
CentOS | 7 | i686 | nss-softokn | < 3.16.2-2.el7_0 | nss-softokn-3.16.2-2.el7_0.i686.rpm |
CentOS | 7 | x86_64 | nss-softokn | < 3.16.2-2.el7_0 | nss-softokn-3.16.2-2.el7_0.x86_64.rpm |
CentOS | 7 | i686 | nss-softokn-devel | < 3.16.2-2.el7_0 | nss-softokn-devel-3.16.2-2.el7_0.i686.rpm |
CentOS | 7 | x86_64 | nss-softokn-devel | < 3.16.2-2.el7_0 | nss-softokn-devel-3.16.2-2.el7_0.x86_64.rpm |