89 matches found
Medium: nspr, nss-util, nss, nss-softokn
Issue Overview: A use-after-free flaw was found in the way NSS handled DHE DiffieHellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS,...
Oracle Linux 7 : nss, / nspr, / nss-softokn, / and / nss-util (ELSA-2016-0685)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0685 advisory. - Pick up upstream freebl patch for CVE-2015-2730 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...
CentOS 7 : nspr / nss / nss-softokn / nss-util (CESA-2016:0685)
An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20160425)
The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. Security Fixes : - A use-after-free flaw was found in the way NSS handled DHE Diffie- Hellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker cou...
RHEL 7 : nss, nspr, nss-softokn, and nss-util (RHSA-2016:0685)
An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
CentOS Update for nspr CESA-2016:0684 centos5
Check the version of nspr SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882474";...
RedHat Update for nss and nspr RHSA-2016:0684-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for nss CESA-2016:0591 centos6
Check the version of nss SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882449";...
CentOS Update for nspr CESA-2016:0591 centos6
Check the version of nspr SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882446";...
Scientific Linux Security Update : nss, nss-util, and nspr on SL6.x i386/x86_64 (20160405)
The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. Security Fixes : - A use-after-free flaw was found in the way NSS handled DHE Diffie- Hellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A...
RedHat Update for nss, nss-util, and nspr RHSA-2016:0591-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-1978
Use-after-free vulnerability in the ssl3HandleECDHServerKeyExchange function in Mozilla Network Security Services NSS before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL 1 DHE or 2 ECD...
CVE-2016-1978
Use-after-free vulnerability in the ssl3HandleECDHServerKeyExchange function in Mozilla Network Security Services NSS before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL 1 DHE or 2 ECD...
CVE-2016-1978
Use-after-free vulnerability in the ssl3HandleECDHServerKeyExchange function in Mozilla Network Security Services NSS before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL 1 DHE or 2 ECD...
Use-after-free in NSS during SSL connections in low memory — Mozilla
Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability...
NSS -- multiple vulnerabilities
Mozilla Foundation reports: Security researcher Hanno Böck reported that calculations with mpdiv and mpexptmod in Network Security Services NSS can produce wrong results in some circumstances. These functions are used within NSS for a variety of cryptographic division functions, leading to...
SUSE SLES12 Security Update : apache2 (SUSE-SU-2015:1851-1) (Logjam)
The Apache2 webserver was updated to fix several issues : Security issues fixed : - The chunked transfer coding implementation in the Apache HTTP Server did not properly parse chunk headers, which allowed remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to...
CentOS 5 : nss (CESA-2015:1664)
Updated nss packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
nss security update
CentOS Errata and Security Advisory CESA-2015:1664 Updated nss packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerabilit...
Moderate: Red Hat Security Advisory: nss security, bug fix, and enhancement update
Updated nss packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...