(RHSA-2015:1185) Moderate: nss security update

2015-06-25T04:00:00
ID RHSA-2015:1185
Type redhat
Reporter RedHat
Modified 2018-06-06T20:24:35

Description

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.

A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in NSS to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.

The nss and nss-util packages have been upgraded to upstream versions 3.19.1. The upgraded versions provide a number of bug fixes and enhancements over the previous versions.

Users of nss and nss-util are advised to upgrade to these updated packages, which fix these security flaws, bugs, and add these enhancements.