nss-util-3.14.3-3.AXS4, nss-softokn-3.14.3-3.AXS4, nspr-4.9.5-2.AXS4, nss-3.14.3-4.0.1.AXS4
エラータID: AXSA:2013-618:04
リリース日:
2013/09/18 Wednesday - 14:33
題名:
nss-util-3.14.3-3.AXS4, nss-softokn-3.14.3-3.AXS4, nspr-4.9.5-2.AXS4, nss-3.14.3-4.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for ppc
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- NSS の CERT_DecodeCertPackage 関数には,巧妙に細工された証明書によって,リモートの攻撃者がサービス拒否 (メモリ境界外からの読み込みとメモリ破壊) を引き起こす脆弱性があります。 (CVE-2013-0791)
- NSS の TLS 実装は不正な CBC パディングの処理中に MAC チェック処理の際にタイミングサイドチャネル攻撃を適切に考慮しておらず,巧妙に細工されたパケットのタイミングデータの統計的分析によって,リモートの攻撃者が特徴識別攻撃と平文回復攻撃を行う脆弱性があります。
なおこの脆弱性は CVE-2013-0169 と関係する脆弱性です。(CVE-2013-1620)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-0791
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
CVE-2013-1620
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
追加情報:
N/A
ダウンロード:
SRPMS
- nspr-4.9.5-2.AXS4.src.rpm
MD5: bae9014c3e2f9e8db0a1e888a7f6ef60
SHA-256: 71c8c41546ff1622549306ad86e80e3671081b06f8a4fa6323eaed453605ac39
Size: 866.96 kB - nss-softokn-3.14.3-3.AXS4.src.rpm
MD5: 1a65b061b6314dbca0637736664153a4
SHA-256: ad3659a986ff1ceae0f6ff143c501f0905d239c2c0f8d9cb88cb5cfbc6e48957
Size: 1.26 MB - nss-util-3.14.3-3.AXS4.src.rpm
MD5: 234485996e7dd0e21f1ca788c39e526a
SHA-256: 889d4a1bb49604a28f228517137420483b89b4e52014230e893d5a9d8dd97943
Size: 338.06 kB - nss-3.14.3-4.0.1.AXS4.src.rpm
MD5: 0cc2eea4ebe5689f8090d62c87236c77
SHA-256: 3e8fb896d316a06ad70b0c1fe06fd803537f22af69eb41d257eb3a5d9fe8d1be
Size: 4.54 MB
Asianux Server 4 for x86
- nspr-4.9.5-2.AXS4.i686.rpm
MD5: cf7ebbaa6dd90279111df6469725dbfb
SHA-256: a809a3054dd15add30ad6e13e3bc5e00f3954859d40f67b51c34f6377b6e207d
Size: 114.03 kB - nspr-devel-4.9.5-2.AXS4.i686.rpm
MD5: f973701527c4a115b9c96e832d23299d
SHA-256: 8df36ceabf64412fc23ddb23bbe3b9582df3cc41d0d57f0c7ea799e110062b94
Size: 108.63 kB - nss-softokn-3.14.3-3.AXS4.i686.rpm
MD5: 64df35aa5fbc43c6ac8c211c4e91d063
SHA-256: aeea313e4bc2ac39ccee36d7a2ea63a06b343cade61d072c0dc60314e9e200e0
Size: 258.98 kB - nss-softokn-devel-3.14.3-3.AXS4.i686.rpm
MD5: 90c020bb47c2be5e2bd1a42d6e31db28
SHA-256: 68de585ed92d34c3c12265ca0684322634c5c375bfe0615dbb4e9b7fab7d97a7
Size: 10.23 kB - nss-softokn-freebl-3.14.3-3.AXS4.i686.rpm
MD5: 200376c91835c233b9466b39136d33d1
SHA-256: 18e6cae4cff8f753ce1730383256ee33cd06207e72b4814b13525ce57b18bb83
Size: 128.14 kB - nss-softokn-freebl-devel-3.14.3-3.AXS4.i686.rpm
MD5: 61cee7f7642edfb236c85926d32e8e92
SHA-256: 4199cb4d9372d6672ea09931f8545226b38d9243049f7982c7fb30002073902a
Size: 26.91 kB - nss-util-3.14.3-3.AXS4.i686.rpm
MD5: 4d8d673f7a5d0bd18e0d92b4a8dfb2c0
SHA-256: 636101abf86f90cd3314fd6ca8877caf5f9bc3e479c85ea3a398949a68903024
Size: 61.40 kB - nss-util-devel-3.14.3-3.AXS4.i686.rpm
MD5: 320bf6f7c809ec564836e3862ee0c828
SHA-256: 0e0498ce68bf4423d3be5700a8c189c099d7cf101b7f3024ad8214dbfbbd2e19
Size: 64.14 kB - nss-3.14.3-4.0.1.AXS4.i686.rpm
MD5: a851b1839327a3d86a1514f106cc5bfc
SHA-256: efacfbe154947b74213920eddcec4cfedaebdf247690d37697bd356c8bae6907
Size: 799.62 kB - nss-devel-3.14.3-4.0.1.AXS4.i686.rpm
MD5: 387f897c432c88ca7e7ac080d9ab9121
SHA-256: b9422cc4902875a6c41ac3ece8b4e2b98b2fa468d50a6de046c698d37edbfc7f
Size: 184.01 kB - nss-sysinit-3.14.3-4.0.1.AXS4.i686.rpm
MD5: df8f983690ed42ff51047f2fa1fc26ea
SHA-256: f3c274dc1f0d14c8271ab9a1ecb006c5188d9eb9e237c7bcbba40849a0fe2786
Size: 34.16 kB - nss-tools-3.14.3-4.0.1.AXS4.i686.rpm
MD5: d94f6befe2592cf0091b913bf727cd70
SHA-256: 9016bd43fc11f0136a63148a7dc2a565dd9c1b7b549670bf969c9d5d6f624e8b
Size: 347.13 kB
Asianux Server 4 for x86_64
- nspr-4.9.5-2.AXS4.x86_64.rpm
MD5: 85600a865ebdbd9fe40caa9aa41cc781
SHA-256: 22040eaa7fb2f93a4a6905e529cf503c85643dfaf5a5737eab3eba437b05bd11
Size: 111.05 kB - nspr-devel-4.9.5-2.AXS4.x86_64.rpm
MD5: a66f496538dce06d0694a73fda5fd502
SHA-256: da6627dae71b48ec3d03e56c2b4eca98d6edc759125a22f30f9451b653f37b97
Size: 108.22 kB - nspr-4.9.5-2.AXS4.i686.rpm
MD5: cf7ebbaa6dd90279111df6469725dbfb
SHA-256: a809a3054dd15add30ad6e13e3bc5e00f3954859d40f67b51c34f6377b6e207d
Size: 114.03 kB - nspr-devel-4.9.5-2.AXS4.i686.rpm
MD5: f973701527c4a115b9c96e832d23299d
SHA-256: 8df36ceabf64412fc23ddb23bbe3b9582df3cc41d0d57f0c7ea799e110062b94
Size: 108.63 kB - nss-softokn-3.14.3-3.AXS4.x86_64.rpm
MD5: ade93117c3e72aa93cb5d3d5da58f45a
SHA-256: ab31e35842c14dd9823c69dcaac65c11628c704bff36ba0fd6dbeab86a3a6bf2
Size: 248.95 kB - nss-softokn-devel-3.14.3-3.AXS4.x86_64.rpm
MD5: 89ae5d51b472c4f805f713ceda518f7f
SHA-256: 642eb6c96310ccadd3da8d0e271dddbdc391a1bf14b91211cf1385d496324307
Size: 9.79 kB - nss-softokn-freebl-3.14.3-3.AXS4.x86_64.rpm
MD5: 1d2758ac731a2d991eee2ea01f99ab6f
SHA-256: c728ace77323566c2b75c16e41bc2c9667d84da6afd4bd6f841f7ea3298afd85
Size: 137.96 kB - nss-softokn-freebl-devel-3.14.3-3.AXS4.x86_64.rpm
MD5: e989ccc95868deb5483cfa92d25946fd
SHA-256: 095cf53224ad711a18417008b2c0c338a5f7a2d2d08159ddc2be6474a8d9ffc6
Size: 26.38 kB - nss-softokn-3.14.3-3.AXS4.i686.rpm
MD5: 64df35aa5fbc43c6ac8c211c4e91d063
SHA-256: aeea313e4bc2ac39ccee36d7a2ea63a06b343cade61d072c0dc60314e9e200e0
Size: 258.98 kB - nss-softokn-devel-3.14.3-3.AXS4.i686.rpm
MD5: 90c020bb47c2be5e2bd1a42d6e31db28
SHA-256: 68de585ed92d34c3c12265ca0684322634c5c375bfe0615dbb4e9b7fab7d97a7
Size: 10.23 kB - nss-softokn-freebl-3.14.3-3.AXS4.i686.rpm
MD5: 200376c91835c233b9466b39136d33d1
SHA-256: 18e6cae4cff8f753ce1730383256ee33cd06207e72b4814b13525ce57b18bb83
Size: 128.14 kB - nss-softokn-freebl-devel-3.14.3-3.AXS4.i686.rpm
MD5: 61cee7f7642edfb236c85926d32e8e92
SHA-256: 4199cb4d9372d6672ea09931f8545226b38d9243049f7982c7fb30002073902a
Size: 26.91 kB - nss-util-3.14.3-3.AXS4.x86_64.rpm
MD5: 973c4fc127d5b3af08f89b8a5bb145ac
SHA-256: 5ea3be7ee90a7cdcd7436f7bfc6bfc2096d5caf938e1b089fe2d74a6247d4b22
Size: 61.67 kB - nss-util-devel-3.14.3-3.AXS4.x86_64.rpm
MD5: b271fdfb226715e413449b5d443cb211
SHA-256: e371333ef3dc5e5ad6e9ffdadacaea987b522bf37a1e236624bcd198cc7c28de
Size: 63.70 kB - nss-util-3.14.3-3.AXS4.i686.rpm
MD5: 4d8d673f7a5d0bd18e0d92b4a8dfb2c0
SHA-256: 636101abf86f90cd3314fd6ca8877caf5f9bc3e479c85ea3a398949a68903024
Size: 61.40 kB - nss-util-devel-3.14.3-3.AXS4.i686.rpm
MD5: 320bf6f7c809ec564836e3862ee0c828
SHA-256: 0e0498ce68bf4423d3be5700a8c189c099d7cf101b7f3024ad8214dbfbbd2e19
Size: 64.14 kB - nss-3.14.3-4.0.1.AXS4.x86_64.rpm
MD5: 19f9851384dc095ade2dd3d90050a4b5
SHA-256: b824c54176fdec36ee1b8dff4c516d78b9ca50c65d7c333a7f18ccde34107814
Size: 812.69 kB - nss-devel-3.14.3-4.0.1.AXS4.x86_64.rpm
MD5: 01733f11eb0c80e26122725c07825a47
SHA-256: e96987e9ecffa73d4e6b12ec2ef69624b81aa0a14a84c6b4ce987ebed7b150da
Size: 182.17 kB - nss-sysinit-3.14.3-4.0.1.AXS4.x86_64.rpm
MD5: f6f2188ce6274e1044b7f248284c17c5
SHA-256: aec52f0bb4daa6f049074f9c2b21ed058f159d261aa9cd499a9a03af03557aca
Size: 33.77 kB - nss-tools-3.14.3-4.0.1.AXS4.x86_64.rpm
MD5: eed0d0a1fbbabd151e24cbde3a365d56
SHA-256: ce22bc9b354e19041a5236de42d946dcd9c101730e4323d80fd32ed7d99bf97a
Size: 339.39 kB - nss-3.14.3-4.0.1.AXS4.i686.rpm
MD5: a851b1839327a3d86a1514f106cc5bfc
SHA-256: efacfbe154947b74213920eddcec4cfedaebdf247690d37697bd356c8bae6907
Size: 799.62 kB - nss-devel-3.14.3-4.0.1.AXS4.i686.rpm
MD5: 387f897c432c88ca7e7ac080d9ab9121
SHA-256: b9422cc4902875a6c41ac3ece8b4e2b98b2fa468d50a6de046c698d37edbfc7f
Size: 184.01 kB