Security Bulletin: Vulnerability in Network Security (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2016-1978)

Summary A vulnerability in Network Security NSS affects the IBM SAN Volume Controller and Storwize Family. Though the CVE descriptions below document the vulnerabilities in the context of Mozilla Firefox, the vulnerability is resolved in the IBM SAN Volume Controller and Storwize Family products ...

K37540306: Mozilla Network Security Services use-after-free vulnerability CVE-2016-1978

Security Advisory Description Use-after-free vulnerability in the ssl3HandleECDHServerKeyExchange function in Mozilla Network Security Services NSS before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact b...

Security Bulletin: Vulnerabilities in Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2016-1978)

Summary There is a vulnerability in open source Network Security Services NSS to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker to execute arbitrary code on the vulnerable system or cause a denial of service...

SUSE: Security Advisory (SUSE-SU-2016:0777-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:0820-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Nss,Nss-util and Nspr vulnerabilities affect IBM SmartCloud Entry (CVE-2016-1978, CVE-2016-1979 )

Summary IBM SmartCloud Entry is vulnerable to multiple vulnerabilities in nss, nss-util and nspr. Attackers could exloit them using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. Vulnerability Details CVEID: CVE-2016-1978 DESCRIPTION: Mozil...

Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in nss, nss-util, and nspr (CVE-2016-1978, CVE-2016-1979)

Summary Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services NSS libraries. Netscape Portable Runtime NSPR...

Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in nss, nss-util, and nspr (CVE-2016-1978, CVE-2016-1979)

Summary Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services NSS libraries. Netscape Portable Runtime NSPR...

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager

Summary Multiple security vulnerabilities were found and fixed in the IBM Security Privileged Identity Manager Vulnerability Details CVEID: CVE-2016-1978 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in...

EulerOS 2.0 SP1 : nss, nspr, nss-softokn, nss-util (EulerOS-SA-2016-1017)

According to the versions of the nss, nspr, nss-softokn, nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way NSS handled DHE Diffie-Hellman key exchange and ECDHE Elliptic Curve...

SOL37540306 - Mozilla Network Security Services use-after-free vulnerability CVE-2016-1978

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

[SECURITY] [DSA 3688-1] nss security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3688-1 [email protected] https://www.debian.org/security/ Florian Weimer October 05, 2016 https://www.debian.org/security/faq -...

Ubuntu 14.04 LTS / 16.04 LTS : Thunderbird vulnerabilities (USN-2973-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2973-1 advisory. Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to openin...

Debian DLA-480-1 : nss security update

This security update fixes serious security issues in NSS including arbitrary code execution and remote denial service attacks. For Debian 7 'wheezy', these problems have been fixed in 3.14.5-1+deb7u6. We recommend you upgrade your nss packages as soon as possible. CVE-2015-7181 The...

[SECURITY] [DLA 480-1] nss security update

Package : nss Version : 3.14.5-1+deb7u6 CVE ID : CVE-2015-7181 CVE-2015-7182 CVE-2016-1938 CVE-2016-1950 CVE-2016-1978 CVE-2016-1979 This security update fixes serious security issues in NSS including arbitrary code execution and remote denial service attacks. For Debian 7 "wheezy", these problem...

Medium: nspr, nss-util, nss, nss-softokn

Issue Overview: A use-after-free flaw was found in the way NSS handled DHE DiffieHellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS,...

DLA-480-1 nss - security update

Bulletin has no description...

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20160425)

The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. Security Fixes : - A use-after-free flaw was found in the way NSS handled DHE Diffie- Hellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker cou...

CentOS 7 : nspr / nss / nss-softokn / nss-util (CESA-2016:0685)

An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

RHEL 5 : nss and nspr (RHSA-2016:0684)

An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...