Updated nss packages fix security vulnerability: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates (CVE-2014-1568).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchnss< 3.17.1-1nss-3.17.1-1.mga3
Mageia4noarchnss< 3.17.1-1.1nss-3.17.1-1.1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	nss	< 3.17.1-1	nss-3.17.1-1.mga3
Mageia	4	noarch	nss	< 3.17.1-1.1	nss-3.17.1-1.1.mga4

References

bugs.mageia.org/show_bug.cgi?id=14168

www.mozilla.org/security/announce/2014/mfsa2014-73.html

fedora 9

nessus 49

redhat 3

openvas 49

archlinux 1

veracode 1

suse 6

ubuntu 3

amazon 3

prion 3

osv 3

debian 4

mozilla 1

centos 1

cert 1

cve 3

freebsd 2

oraclelinux 2

chrome 1

checkpoint_advisories 1

debiancve 3

ubuntucve 2

redhatcve 1

alpinelinux 1

ibm 4

securityvulns 3

oracle 3

gentoo 1

fedora

[SECURITY] Fedora 21 Update: nss-3.17.1-1.fc21

2014-09-29 04:00:07

[SECURITY] Fedora 21 Update: nss-util-3.17.1-1.fc21

2014-09-29 04:00:07

[SECURITY] Fedora 21 Update: nss-softokn-3.17.1-2.fc21

2014-09-29 04:00:06

nessus

Scientific Linux Security Update : nss on SL5.x, SL6.x i386/x86_64 (20140926)

2014-09-29 00:00:00

Mozilla Thunderbird < 31.1.2 NSS Signature Verification Vulnerability

2014-09-26 00:00:00

Firefox ESR 31.x < 31.1.1 NSS Signature Verification Vulnerability

2014-09-26 00:00:00

redhat

(RHSA-2014:1307) Important: nss security update

2014-09-26 00:00:00

(RHSA-2014:1371) Important: nss security update

2014-10-10 00:00:00

(RHSA-2014:1354) Critical: rhev-hypervisor6 security update

2014-10-02 00:00:00

openvas

Debian Security Advisory DSA 3034-1 (iceweasel - security update)

2014-10-01 00:00:00

Mozilla Thunderbird RSA Spoof Vulnerability (Sep 2014) - Mac OS X

2014-09-30 00:00:00

Ubuntu: Security Advisory (USN-2360-2)

2014-09-25 00:00:00

archlinux

NSS: Signature forgery attack

2014-09-24 00:00:00

veracode

Spoofable RSA Signatures

2019-01-15 09:01:59

suse

Security update for mozilla-nss (important)

2014-09-27 00:04:18

NSS update to avoid signature forgery (critical)

2014-09-28 12:04:18

Security update for mozilla-nss (important)

2014-10-01 17:04:53

ubuntu

Thunderbird vulnerabilities

2014-09-24 00:00:00

Firefox vulnerabilities

2014-09-24 00:00:00

NSS vulnerability

2014-09-24 00:00:00

amazon

Important: nss

2014-10-01 16:32:00

Important: nss-softokn

2014-10-01 16:32:00

Important: nss-util

2014-10-01 16:32:00

prion

Design/Logic Flaw

2014-09-25 17:55:00

Code injection

2018-11-07 20:29:00

Design/Logic Flaw

2018-09-26 21:29:00

osv

nss - security update

2014-09-25 00:00:00

CVE-2018-16253

2018-11-07 20:29:00

CVE-2018-16152

2018-09-26 21:29:01

debian

[SECURITY] [DSA 3033-1] nss security update

2014-09-25 00:23:40

[SECURITY] [DSA 3037-1] icedove security update

2014-09-26 19:31:43

[SECURITY] [DSA 3034-1] iceweasel security update

2014-09-25 06:25:14

mozilla

RSA Signature Forgery in NSS — Mozilla

2014-09-24 00:00:00

centos

nss security update

2014-09-26 11:29:24

cert

Mozilla Network Security Services (NSS) fails to properly verify RSA signatures

2014-09-24 00:00:00

cve

CVE-2014-1568

2014-09-25 17:55:00

CVE-2018-16253

2018-11-07 20:29:00

CVE-2018-16152

2018-09-26 21:29:00

freebsd

chromium -- RSA signature malleability in NSS

2014-09-24 00:00:00

NSS -- RSA Signature Forgery

2014-09-23 00:00:00

oraclelinux

nss security update

2014-09-26 00:00:00

nss, nss-util, and nss-softokn security, bug fix, and enhancement update

2014-12-02 00:00:00

chrome

Stable Channel Update

2014-09-24 00:00:00

checkpoint_advisories

Mozilla Network Security Services RSA Signature Forgery (CVE-2014-1568)

2014-10-19 00:00:00

debiancve

CVE-2014-1568

2014-09-25 17:55:00

CVE-2018-16253

2018-11-07 20:29:00

CVE-2018-16152

2018-09-26 21:29:00

ubuntucve

CVE-2014-1568

2014-09-24 00:00:00

CVE-2018-16152

2018-09-24 00:00:00

redhatcve

CVE-2018-16152

2018-10-03 20:20:39

alpinelinux

CVE-2018-16152

2018-09-26 21:29:00

ibm

Security Bulletin: IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities (CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2012-5784, CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568).

2018-06-15 23:13:34

Security Bulletin: A security vulnerability has been identified in multiple products that ship with IBM Predictive Customer Intelligence (CVE-2014-3566)

2020-02-11 21:31:00

Security Bulletin: Tivoli Common Reporting iFixes for multiple Security Vulnerabilities (CVE-2014-3566,CVE-2014-6145,CVE-2014-1568,CVE-2014-4263,CVE-2014-3513,CVE-2014-3567,CVE-2014-3568,CVE-2014-0107,CVE-2014-0075,CVE-2014-0096,CVE-2014-0099,CVE-2014-011

2018-06-17 14:55:57

securityvulns

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

2015-04-17 00:00:00

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

2015-01-25 00:00:00

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

2015-07-20 00:00:00

oracle

Oracle Critical Patch Update - April 2015

2015-04-14 00:00:00

Oracle Critical Patch Update Advisory - January 2015

2015-03-10 00:00:00

Oracle Critical Patch Update Advisory - July 2015

2015-07-14 00:00:00

gentoo

Mozilla Products: Multiple vulnerabilities

2015-04-07 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON

Related for MGASA-2014-0391