Lucene search
DebianDEBIAN:DLA-315-1:C6985HistorySep 27, 2015 - 11:36 a.m.
[SECURITY] [DLA 315-1] nss security update
2015-09-2711:36:03
lists.debian.org
8
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
70.2%
Package : nss
Version : 3.12.8-1+squeeze12
CVE ID : CVE-2015-2721 CVE-2015-2730
Several vulnerabilities have been discovered in nss, the Mozilla Network
Security Service library. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2015-2721
Karthikeyan Bhargavan discovered that NSS incorrectly handles state
transitions for the TLS state machine. A man-in-the-middle attacker
could exploit this flaw to skip the ServerKeyExchange message and
remove the forward-secrecy property.
CVE-2015-2730
Watson Ladd discovered that NSS does not properly perform Elliptical
Curve Cryptography (ECC) multiplication, allowing a remote attacker
to potentially spoof ECDSA signatures.
For the oldoldstable distribution (squeeze), these problems have been fixed
in version 3.12.8-1+squeeze12.
We recommend that you upgrade your nss packages.
Attachment:
signature.asc
Description: Digital signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | i386 | libnss3-dev | < 3.12.8-1+squeeze12 | libnss3-dev_3.12.8-1+squeeze12_i386.deb |
| Debian | 8 | arm64 | libnss3 | < 2:3.17.2-1.1+deb8u1 | libnss3_2:3.17.2-1.1+deb8u1_arm64.deb |
| Debian | 8 | mips | libnss3-tools | < 2:3.17.2-1.1+deb8u1 | libnss3-tools_2:3.17.2-1.1+deb8u1_mips.deb |
| Debian | 8 | arm64 | libnss3-dbg | < 2:3.17.2-1.1+deb8u1 | libnss3-dbg_2:3.17.2-1.1+deb8u1_arm64.deb |
| Debian | 8 | mips | libnss3 | < 2:3.17.2-1.1+deb8u1 | libnss3_2:3.17.2-1.1+deb8u1_mips.deb |
| Debian | 8 | ppc64el | libnss3 | < 2:3.17.2-1.1+deb8u1 | libnss3_2:3.17.2-1.1+deb8u1_ppc64el.deb |
| Debian | 8 | armel | libnss3 | < 2:3.17.2-1.1+deb8u1 | libnss3_2:3.17.2-1.1+deb8u1_armel.deb |
| Debian | 8 | ppc64el | libnss3-dbg | < 2:3.17.2-1.1+deb8u1 | libnss3-dbg_2:3.17.2-1.1+deb8u1_ppc64el.deb |
| Debian | 7 | powerpc | libnss3-1d | < 2:3.14.5-1+deb7u5 | libnss3-1d_2:3.14.5-1+deb7u5_powerpc.deb |
| Debian | 8 | armhf | libnss3-dbg | < 2:3.17.2-1.1+deb8u1 | libnss3-dbg_2:3.17.2-1.1+deb8u1_armhf.deb |
Related
nessus
nessus
Oracle Linux 5 : nss (ELSA-2015-1664)
2015-08-25 00:00:00
RHEL 5 : nss (RHSA-2015:1664)
2015-08-25 00:00:00
Debian DLA-315-1 : nss security update
2015-09-28 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3336-1)
2015-08-16 00:00:00
Debian: Security Advisory (DLA-315-1)
2023-03-08 00:00:00
CentOS Update for nss CESA-2015:1664 centos5
2015-08-26 00:00:00
centos
centos
nss security update
2015-08-24 18:12:13
nss security update
2015-09-01 15:35:07
nss security update
2015-06-25 10:23:56
ubuntu
ubuntu
NSS vulnerabilities
2015-07-09 00:00:00
Firefox vulnerabilities
2015-07-09 00:00:00
Firefox vulnerabilities
2015-07-15 00:00:00
redhat
redhat
(RHSA-2015:1664) Moderate: nss security, bug fix, and enhancement update
2015-08-24 00:00:00
(RHSA-2015:1699) Moderate: nss-softokn security update
2015-09-01 00:00:00
(RHSA-2015:1185) Moderate: nss security update
2015-06-25 00:00:00
oraclelinux
oraclelinux
nss security, bug fix, and enhancement update
2015-08-24 00:00:00
nss-softokn security update
2015-09-01 00:00:00
osv
osv
nss - security update
2015-09-27 00:00:00
nss - security update
2015-08-17 00:00:00
iceweasel - security update
2015-07-04 00:00:00
debian
debian
[SECURITY] [DSA 3336-1] nss security update
2015-08-17 19:13:08
[SECURITY] [DSA 3336-1] nss security update
2015-08-17 19:13:08
[SECURITY] [DSA 3324-1] icedove security update
2015-08-01 17:09:46
prion
prion
Code injection
2015-07-06 02:01:00
Design/Logic Flaw
2015-07-06 02:00:00
ibm
ibm
mozilla
mozilla
NSS incorrectly permits skipping of ServerKeyExchange — Mozilla
2015-07-02 00:00:00
veracode
veracode
Man-in-the-middle Attack
2019-01-15 09:06:20
Spoofable ECDSA Signatures
2019-01-15 09:07:31
f5
f5
SOL15955144 - Mozilla NSS vulnerability CVE-2015-2730
2016-02-03 00:00:00
K15955144 : Mozilla NSS vulnerability CVE-2015-2730
2016-02-03 00:00:00
debiancve
debiancve
CVE-2015-2730
2015-07-06 02:01:00
CVE-2015-2721
2015-07-06 02:00:00
ubuntucve
ubuntucve
CVE-2015-2730
2015-07-05 00:00:00
CVE-2015-2721
2015-07-05 00:00:00
amazon
amazon
Medium: nss-softokn
2015-09-22 10:00:00
cve
cve
CVE-2015-2730
2015-07-06 02:01:00
CVE-2015-2721
2015-07-06 02:00:00
mageia
mageia
Updated firefox package fixes security vulnerability
2015-07-05 20:22:03
suse
suse
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-07-20 12:09:44
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-07-20 12:08:39
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-07-20 11:08:17
gentoo
gentoo
Mozilla Network Security Service (NSS): Multiple vulnerabilities
2017-01-19 00:00:00
Mozilla Products: Multiple vulnerabilities
2015-12-30 00:00:00
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-07-02 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-07-13 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2016
2016-04-19 00:00:00
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
70.2%
Related for DEBIAN:DLA-315-1:C6985