Lucene search
DebianDEBIAN:DLA-154-1:C91BDHistoryFeb 16, 2015 - 3:44 p.m.
[SECURITY] [DLA 154-1] nss security update
2015-02-1615:44:22
lists.debian.org
9
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.039 Low
EPSS
Percentile
91.8%
Package : nss
Version : 3.12.8-1+squeeze11
CVE ID : CVE-2011-3389 CVE-2014-1569
Debian Bug : 773625
nss 3.12.8-1+squeeze11 fixes two security issues:
CVE-2011-3389
SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen
plaintext attacks which allowed man-in-the middle attackers to obtain
plaintext HTTP headers on an HTTPS session. This issue is known as
the "BEAST" attack.
CVE-2014-1569
Possible information leak with too-permissive ASN.1 DER decoding of
length.
–
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | armel | libnss3 | < 2:3.14.5-1+deb7u4 | libnss3_2:3.14.5-1+deb7u4_armel.deb |
| Debian | 6 | all | nss | < 3.12.8-1+squeeze11 | nss_3.12.8-1+squeeze11_all.deb |
| Debian | 7 | sparc | libnss3 | < 2:3.14.5-1+deb7u4 | libnss3_2:3.14.5-1+deb7u4_sparc.deb |
| Debian | 7 | powerpc | libnss3-dbg | < 2:3.14.5-1+deb7u4 | libnss3-dbg_2:3.14.5-1+deb7u4_powerpc.deb |
| Debian | 7 | mipsel | libnss3 | < 2:3.14.5-1+deb7u4 | libnss3_2:3.14.5-1+deb7u4_mipsel.deb |
| Debian | 6 | i386 | libnss3-tools | < 3.12.8-1+squeeze11 | libnss3-tools_3.12.8-1+squeeze11_i386.deb |
| Debian | 6 | i386 | libnss3-1d-dbg | < 3.12.8-1+squeeze11 | libnss3-1d-dbg_3.12.8-1+squeeze11_i386.deb |
| Debian | 7 | s390 | libnss3-dev | < 2:3.14.5-1+deb7u4 | libnss3-dev_2:3.14.5-1+deb7u4_s390.deb |
| Debian | 7 | ia64 | libnss3-dbg | < 2:3.14.5-1+deb7u4 | libnss3-dbg_2:3.14.5-1+deb7u4_ia64.deb |
| Debian | 7 | amd64 | libnss3-1d | < 2:3.14.5-1+deb7u4 | libnss3-1d_2:3.14.5-1+deb7u4_amd64.deb |
Related
nessus
nessus
Debian DLA-154-1 : nss security update (BEAST)
2015-03-26 00:00:00
Oracle iPlanet Web Server 6.1.x < 6.1.21 / 7.0.x < 7.0.22 NSS Signature Handling Remote Code Injection
2015-07-23 00:00:00
Ubuntu 14.04 LTS : NSS vulnerability (USN-2452-1)
2015-01-08 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-154-1)
2023-03-08 00:00:00
Fedora Update for thunderbird FEDORA-2011-17399
2012-01-23 00:00:00
Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
2012-01-11 00:00:00
osv
osv
nss - security update
2015-02-16 00:00:00
nss - security update
2015-03-13 00:00:00
curl - several
2012-03-31 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: nss-3.17.3-2.fc21
2014-12-25 05:35:12
[SECURITY] Fedora 16 Update: nss-softokn-3.13.1-14.fc16
2011-12-23 03:31:27
[SECURITY] Fedora 16 Update: xulrunner-9.0-2.fc16
2011-12-23 03:31:27
exploitpack
exploitpack
MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
2019-02-20 00:00:00
zdt
zdt
veracode
veracode
HTTP Request Smuggling
2019-01-15 09:03:35
Man-in-the-Middle (MitM)
2019-05-02 04:55:58
Blockwise Chosen-boundary Attacks
2017-04-27 06:38:37
cve
cve
exploitdb
exploitdb
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
2019-02-20 00:00:00
prion
prion
Session fixation
2011-09-06 19:55:00
Design/Logic Flaw
2014-12-15 18:59:00
debiancve
debiancve
CVE-2011-3389
2011-09-06 19:55:00
CVE-2014-1569
2014-12-15 18:59:00
mskb
mskb
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
ibm
ibm
cert
cert
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
2014-05-05 00:00:00
ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
2012-10-29 00:00:00
lighthttpd security vulnerabilities
2012-01-02 00:00:00
ubuntu
ubuntu
NSS vulnerability
2015-01-07 00:00:00
seebug
seebug
Microsoft Windows SSL/TLS信息泄露漏洞
2011-09-29 00:00:00
Apple XCode 4.x 信息泄露漏洞
2012-07-27 00:00:00
ics
ics
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
2018-09-06 12:00:00
debian
debian
[SECURITY] [DSA 3186-1] nss security update
2015-03-13 08:15:52
[SECURITY] [DSA 3186-1] nss security update
2015-03-13 08:15:52
[SECURITY] [DSA 2398-2] curl regression
2012-03-31 19:38:57
ubuntucve
ubuntucve
CVE-2014-1569
2014-12-15 00:00:00
CVE-2011-3389
2011-11-16 00:00:00
freebsd
freebsd
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-01-19 00:00:00
asterisk -- Multiple vulnerabilities
2016-02-03 00:00:00
rubygems
rubygems
f5
f5
rapid7blog
rapid7blog
archlinux
archlinux
nss: signature forgery
2014-12-16 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.039 Low
EPSS
Percentile
91.8%
Related for DEBIAN:DLA-154-1:C91BD