nss-3.16.1-4.AXS3
エラータID: AXSA:2014-578:04
リリース日:
2014/10/03 Friday - 19:20
題名:
nss-3.16.1-4.AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- nss は X.509 認証の ASN.1 値を適切にパースしておらず,巧妙に細工された証明書によって,リモートの攻撃者が RSA 署名になりすましやすくさせる脆弱性があります。 (CVE-2014-1568)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-1568
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
追加情報:
N/A
ダウンロード:
SRPMS
- nss-3.16.1-4.AXS3.src.rpm
MD5: a61eb41bf8dacc8a659d8bab8366c400
SHA-256: d6c4bc579abdd787e2784dba799a235dbb5f29e030e940de19bb07c7fc23f3c9
Size: 6.15 MB
Asianux Server 3 for x86
- nss-3.16.1-4.AXS3.i386.rpm
MD5: d31f108353135cfc6d57f72f531018c2
SHA-256: c2f276a7beb881e2cf86ed84a832edc5b4f409f069fef2d25304e529b14511d4
Size: 1.24 MB - nss-devel-3.16.1-4.AXS3.i386.rpm
MD5: 2ba38c025445c1fe8a0d424da10a7110
SHA-256: a9f65ee32f8c3f89509f82b93b885b3d0378feedf9a422d7d5862aafbb80ef13
Size: 249.60 kB - nss-tools-3.16.1-4.AXS3.i386.rpm
MD5: 62d58144cd3aeba89685760840c10ea0
SHA-256: 05762c2f719ad56ed4144540bce09aee81ae479ba102ef4a56b2e35191acbcf3
Size: 751.76 kB
Asianux Server 3 for x86_64
- nss-3.16.1-4.AXS3.x86_64.rpm
MD5: 5203fe09d3aeb0024c3f3e377950a71d
SHA-256: 5d29140f3e9e7896545249f0e0f2a4d126cc521162050c469cbcd8587c609653
Size: 1.26 MB - nss-devel-3.16.1-4.AXS3.x86_64.rpm
MD5: 8d7a477d94b020503338196bae8f4dca
SHA-256: 2c2dfe3a7870abd29f6da18793f9eacbb15a6052a91859b9de6010ba95b462e1
Size: 249.61 kB - nss-tools-3.16.1-4.AXS3.x86_64.rpm
MD5: a7ab9b7b569281c1164e6f3fcc0b44e7
SHA-256: 62161f0b0e6121565fbcb374149df835e2da9561300d425ba6449661fd6174e4
Size: 758.27 kB