Security Bulletin: Nss-util vulnerabilities affect IBM SmartCloud Entry( CVE-2016-1950 )

Summary

IBM SmartCloud Entry is vulnerable to a nss-tuil vulnerability, attackers could exploit it to cause the application to crash.

Vulnerability Details

CVEID: CVE-2016-1950**
DESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when the Network Security Services (NSS) libraries parsed certain ASN.1 structures. By persuading a victim to open a specially crafted certificate, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111360 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM SmartCloud Entry 3.2 through Appliance fix pack 19
IBM SmartCloud Entry 3.1 through Appliance fix pack 19

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1 Appliance fix pack 20:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+3.1.0.4-IBM-SCE_APPL-FP20+&includeSupersedes=0
IBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2 Appliance fix pack 20:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+3.2.0.4-IBM-SCE_APPL-FP20+&includeSupersedes=0

Workarounds and Mitigations

None