nspr-4.10.8-2.AXS4, nss-util-3.19.1-2.AXS4, nss-3.19.1-5.AXS4
エラータID: AXSA:2015-535:01
リリース日:
2015/11/06 Friday - 10:43
題名:
nspr-4.10.8-2.AXS4, nss-util-3.19.1-2.AXS4, nss-3.19.1-5.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Mozilla Network Security Services (NSS) の sec_asn1d_parse_leaf
関数は,データ構造へのアクセスを不適切に制限しており,巧妙に細工
された OCTET STRING データによって,リモートの攻撃者がサービス拒否
(アプリケーションのクラッシュ) を引き起こす,あるいは任意のコードを
実行する可能性のある脆弱性があります。(CVE-2015-7181)
- Mozilla Network Security Services (NSS) の ASN.1 decoder には,
ヒープベースのバッファーオーバーフローが存在し,巧妙に細工された
OCTET STRING データによって,リモートの攻撃者がサービス拒否 (アプリ
ケーションのクラッシュ) を引き起こす,あるいは任意のコードを実行する
可能性のある脆弱性があります。(CVE-2015-7182)
- Mozilla Network Security Services (NSS) の Netscape
Portable Runtime (NSPR) の PL_ARENA_ALLOCATE 実装には,整数オー
バーフローが存在し,不明な要因によって,リモートの攻撃者が任意の
コードを実行する,あるいはサービス拒否 (メモリ破壊とアプリケー
ションのクラッシュ)を引き起こす脆弱性があります。(CVE-2015-7183)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-7181
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
CVE-2015-7182
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
CVE-2015-7183
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
追加情報:
N/A
ダウンロード:
SRPMS
- nspr-4.10.8-2.AXS4.src.rpm
MD5: ad160c1f4a7be8647bcbf5624a49ebb1
SHA-256: 0a85d45353d32a5d0edaf92e2032b920e731f47ad40a0b06b4c1dda59a7abee6
Size: 867.16 kB - nss-util-3.19.1-2.AXS4.src.rpm
MD5: 1dcacd85334c3dd8124981607de5c20f
SHA-256: b3e9ac96c1055ba86d42f3dd476bd405678a569f0b1f1f58575c82bf05d7d5f1
Size: 735.03 kB - nss-3.19.1-5.AXS4.src.rpm
MD5: 0df2c3963d4474b085eca2d3439c6863
SHA-256: 2d3136edbfc3d61ab962a00a3559ac786c1dcddf51105af9d2e80c538c3857bb
Size: 5.34 MB
Asianux Server 4 for x86
- nspr-4.10.8-2.AXS4.i686.rpm
MD5: 95059841b70a27201e44e9d78932ef10
SHA-256: c68fe939f7507a9a67db3c9846ee70c45bac81bcf1f85cb52895c94914458063
Size: 115.61 kB - nspr-devel-4.10.8-2.AXS4.i686.rpm
MD5: b9352b97dfbdad76bce39fa51b0985ec
SHA-256: 4020c1b9e4af3c23d6bce694b47fb3a592cffb45a406aa30ca0983d786072895
Size: 110.95 kB - nss-util-3.19.1-2.AXS4.i686.rpm
MD5: cad74be1606e3cd951b34a75076fb441
SHA-256: 17ff4a46491485043c01d9d0175649e045c94c6c6c37127fdc46e71529402fa7
Size: 65.45 kB - nss-util-devel-3.19.1-2.AXS4.i686.rpm
MD5: 481c05c074aad9343717f00842881bda
SHA-256: 4576e0ec96dd840d90310624bbcfd35fe54636ff7f7bbd9e2ed05a7e15b6e1c0
Size: 67.59 kB - nss-3.19.1-5.AXS4.i686.rpm
MD5: 52e2f86e09d51b648a95e0bb38901b80
SHA-256: c1822f11646f2855dab93147630a258be2491d35e71382414a1422f6b384f12a
Size: 859.62 kB - nss-devel-3.19.1-5.AXS4.i686.rpm
MD5: 052b3c73c845b425f7cafd4a74b8db6f
SHA-256: a6f61921e036d1fb343dac9c17c7aa9249b121d2ec9e798311c33acd81bcd90b
Size: 202.02 kB - nss-sysinit-3.19.1-5.AXS4.i686.rpm
MD5: e7b8a6eefa4e7a580818eec490d6681b
SHA-256: c6edead08d54b3d8ed94826f2b5a2312e4e820f68f6a9b52b54ede2f6e0e4bdb
Size: 45.22 kB - nss-tools-3.19.1-5.AXS4.i686.rpm
MD5: 980f2f4d6cdc7c7eec6d4bf2c355a08e
SHA-256: f8952edbe95d94fd5757004dfcddf84d1eb519a8e5ffddc9a7cad3b4e148b658
Size: 441.41 kB
Asianux Server 4 for x86_64
- nspr-4.10.8-2.AXS4.x86_64.rpm
MD5: 8ffb322e21f930ec1787eb160d856a1f
SHA-256: 32b0ba5d41e1d395021b3308ebabb862d0a7d0dc36f7f9d3a2e5a88aff859a41
Size: 112.56 kB - nspr-devel-4.10.8-2.AXS4.x86_64.rpm
MD5: d56a7f504340c93b7d2cec26ab0781d5
SHA-256: 4ada70496afd4ec6a2225ec3b16afd0eaec70c99f9bdefd6f22449956494833b
Size: 110.54 kB - nspr-4.10.8-2.AXS4.i686.rpm
MD5: 95059841b70a27201e44e9d78932ef10
SHA-256: c68fe939f7507a9a67db3c9846ee70c45bac81bcf1f85cb52895c94914458063
Size: 115.61 kB - nspr-devel-4.10.8-2.AXS4.i686.rpm
MD5: b9352b97dfbdad76bce39fa51b0985ec
SHA-256: 4020c1b9e4af3c23d6bce694b47fb3a592cffb45a406aa30ca0983d786072895
Size: 110.95 kB - nss-util-3.19.1-2.AXS4.x86_64.rpm
MD5: 62bfe4ae5fc21d0d9ad32e0a57aeba4f
SHA-256: f1038d324c35ccdd4388dff56552a74ec36ad7b71076c4503d688ee740db630c
Size: 65.52 kB - nss-util-devel-3.19.1-2.AXS4.x86_64.rpm
MD5: 352921b0943d682607f6b1d2a391ebb6
SHA-256: e8ead7d6ba812b7f0515d97a8a8319c2ecea2bf87cd4fbace2f56c24f4f4cc85
Size: 67.15 kB - nss-util-3.19.1-2.AXS4.i686.rpm
MD5: cad74be1606e3cd951b34a75076fb441
SHA-256: 17ff4a46491485043c01d9d0175649e045c94c6c6c37127fdc46e71529402fa7
Size: 65.45 kB - nss-util-devel-3.19.1-2.AXS4.i686.rpm
MD5: 481c05c074aad9343717f00842881bda
SHA-256: 4576e0ec96dd840d90310624bbcfd35fe54636ff7f7bbd9e2ed05a7e15b6e1c0
Size: 67.59 kB - nss-3.19.1-5.AXS4.x86_64.rpm
MD5: 62d8770dd87e0e39b7a888fc1bb50f37
SHA-256: 399eb249b91f610a17f22101ffa552af0110dfbd6a39a507e91b02f8e154e095
Size: 855.68 kB - nss-devel-3.19.1-5.AXS4.x86_64.rpm
MD5: 597553bb7f6eeca851cc479e9378dd9b
SHA-256: 921e9f9396652d370c6fcfd463de01c7dd79e1a01ed42c7848e827cd7c06a1cb
Size: 200.14 kB - nss-sysinit-3.19.1-5.AXS4.x86_64.rpm
MD5: d1daa2160f5b48753f4b75d951d548d0
SHA-256: 0e63390e830a14fcec44bca66fa06c6b4169d425b502b28080508cd34c83ce63
Size: 44.84 kB - nss-tools-3.19.1-5.AXS4.x86_64.rpm
MD5: 325e923b65bfa74fb6d29e5832b07174
SHA-256: 73be6c7261827d3f802471b11559f6db3e7e482a1ef574096844873ef40f7af8
Size: 432.42 kB - nss-3.19.1-5.AXS4.i686.rpm
MD5: 52e2f86e09d51b648a95e0bb38901b80
SHA-256: c1822f11646f2855dab93147630a258be2491d35e71382414a1422f6b384f12a
Size: 859.62 kB - nss-devel-3.19.1-5.AXS4.i686.rpm
MD5: 052b3c73c845b425f7cafd4a74b8db6f
SHA-256: a6f61921e036d1fb343dac9c17c7aa9249b121d2ec9e798311c33acd81bcd90b
Size: 202.02 kB