nspr-4.11.0-0.1.AXS4, nss-3.21.0-0.3.AXS4, nss-util-3.21.0-0.3.AXS4
エラータID: AXSA:2016-205:01
リリース日:
2016/04/12 Tuesday - 12:45
題名:
nspr-4.11.0-0.1.AXS4, nss-3.21.0-0.3.AXS4, nss-util-3.21.0-0.3.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- NSS の ssl3_HandleECDHServerKeyExchange の
ssl3_HandleECDHServerKeyExchange 関数は解放後に使用し,大量にメモリを
消費している時に,SSL の (1) DHE あるいは (2)ECDHE ハンドシェークを行
うことで,リモートの攻撃者がサービス拒否を引き起こす,あるいは詳細不明な
他の影響を与える可能性のある脆弱性が
あります。(CVE-2016-1978)
- NSS の PK11_ImportDERPrivateKeyInfoAndReturnKey 関数には,開放
後に使用し,DER エンコーディングを持つ巧妙に細工されたキーのデータ
によって,リモートの攻撃者がサービス拒否を引き起こす,あるいは詳細
不明の他の影響を与える可能性のある脆弱性があります。
(CVE-2016-1979)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-1978
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
CVE-2016-1979
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
追加情報:
N/A
ダウンロード:
SRPMS
- nspr-4.11.0-0.1.AXS4.src.rpm
MD5: 74162d6379b3dfd8e0fb9525d9e9fbcd
SHA-256: 0fa63d2a2e703755c62f94580715c2a0aa04a98efb3043d1e2545849eb1ea1e3
Size: 882.08 kB - nss-util-3.21.0-0.3.AXS4.src.rpm
MD5: 8ef5b636b220644e8632f7d65e4945c1
SHA-256: eef91a6750dc1476ae8be8a58f92e18453df70da6ce456d34e8fcc7d32da02b8
Size: 754.41 kB - nss-3.21.0-0.3.AXS4.src.rpm
MD5: d81b2d30c6f400719de703fc0a59ebe9
SHA-256: 11e22f4ef2ef9c5265c7ed582fbb293c21277a52c58f7a2bcf9d48069eeee2d8
Size: 5.41 MB
Asianux Server 4 for x86
- nspr-4.11.0-0.1.AXS4.i686.rpm
MD5: 6fe07d4ff63b87cbb570954d6530596b
SHA-256: 8344f9f0a8beb4347d6a126d5582a38ace2f1b2ea7222db1d2c4d53e4bd4b3dd
Size: 115.83 kB - nspr-devel-4.11.0-0.1.AXS4.i686.rpm
MD5: 8699822632cce1ff6cda9de1e5a8ef62
SHA-256: 9d7e5ec3b8f09b60a270b84ac94069a9406c9fba36d3863a8941da2a1987b392
Size: 111.71 kB - nss-util-3.21.0-0.3.AXS4.i686.rpm
MD5: 9288911d9461ccaa6fe134325df683bc
SHA-256: cb23cd5c281524bc0134f139aeaa7ed673c6a2e8b1604afdc6ae94ef30780dd4
Size: 66.29 kB - nss-util-devel-3.21.0-0.3.AXS4.i686.rpm
MD5: 8cb05d24b98e97a3656bf1b202f36747
SHA-256: 96c0aec2ca77feec3df694bd256937b00224a77d5d75715dff5ab687adce8f5c
Size: 68.79 kB - nss-3.21.0-0.3.AXS4.i686.rpm
MD5: ce6aa4ddb3e368ef957a7b3e1a53dca9
SHA-256: fd0e55b7fffb7456ee6a8b091f39efa8ab7242ae22058ed75c6e6281207bd001
Size: 859.45 kB - nss-devel-3.21.0-0.3.AXS4.i686.rpm
MD5: 7a765c6edc1bb54630278f00bcf60cb1
SHA-256: 87ad6c464f6fc515584cc9b7332b162c81bc2df22eb8aaf4fd3a3119f6a77bda
Size: 204.80 kB - nss-sysinit-3.21.0-0.3.AXS4.i686.rpm
MD5: 20d3dc731f6dff5fb95ac7f37f4aa9c3
SHA-256: 9e55813197e3a4f32e37d449a18b8c4dfe060c5d724fff196e90e3d5b905244f
Size: 45.64 kB - nss-tools-3.21.0-0.3.AXS4.i686.rpm
MD5: 7e35002e2da03a384c41e66eb11d0279
SHA-256: 7990930d6e84feff59196ae0013df06d026dde66ed03c7d4715b93ca765a87b1
Size: 443.88 kB
Asianux Server 4 for x86_64
- nspr-4.11.0-0.1.AXS4.x86_64.rpm
MD5: 9096d7960a030b3be578c572f5d866e2
SHA-256: 9f6512f6b363db01c3ab23ebe0fd0fe4724d9051e55b90fe2fde29ebd8db8569
Size: 112.83 kB - nspr-devel-4.11.0-0.1.AXS4.x86_64.rpm
MD5: 6e594789fcd2143804da9cea039713f7
SHA-256: b19c482c7ce44bbad937167b7f4b1ab0434334b46b4a2c94b6c0186f2a199c6d
Size: 111.31 kB - nspr-4.11.0-0.1.AXS4.i686.rpm
MD5: 6fe07d4ff63b87cbb570954d6530596b
SHA-256: 8344f9f0a8beb4347d6a126d5582a38ace2f1b2ea7222db1d2c4d53e4bd4b3dd
Size: 115.83 kB - nspr-devel-4.11.0-0.1.AXS4.i686.rpm
MD5: 8699822632cce1ff6cda9de1e5a8ef62
SHA-256: 9d7e5ec3b8f09b60a270b84ac94069a9406c9fba36d3863a8941da2a1987b392
Size: 111.71 kB - nss-util-3.21.0-0.3.AXS4.x86_64.rpm
MD5: 9fc447fde6d2446deb2c242415975644
SHA-256: 967430b3c395354c640c9118c92f3366407bc397f9eb40cbd183dffa96807ab9
Size: 66.43 kB - nss-util-devel-3.21.0-0.3.AXS4.x86_64.rpm
MD5: a2f0b783558ce4c893fd3a3ed81e2c50
SHA-256: a6c3063ce469fb701ecadd6e0959d13956f269fc5ee9c4a87f61b54fcf5fafe9
Size: 68.34 kB - nss-util-3.21.0-0.3.AXS4.i686.rpm
MD5: 9288911d9461ccaa6fe134325df683bc
SHA-256: cb23cd5c281524bc0134f139aeaa7ed673c6a2e8b1604afdc6ae94ef30780dd4
Size: 66.29 kB - nss-util-devel-3.21.0-0.3.AXS4.i686.rpm
MD5: 8cb05d24b98e97a3656bf1b202f36747
SHA-256: 96c0aec2ca77feec3df694bd256937b00224a77d5d75715dff5ab687adce8f5c
Size: 68.79 kB - nss-3.21.0-0.3.AXS4.x86_64.rpm
MD5: 750ed603351b16dae572b53ce7d769e8
SHA-256: d84a087f75fdbea578643f1cb4c312710c752f29c34cb72d9e0618077029aa63
Size: 856.72 kB - nss-devel-3.21.0-0.3.AXS4.x86_64.rpm
MD5: 07e47fdc1ef62e161170b765a9d9cc84
SHA-256: 55fa48b32a250d8c6dd50a9047472766faee9e01adb7574e26e562f8c3e1b485
Size: 202.91 kB - nss-sysinit-3.21.0-0.3.AXS4.x86_64.rpm
MD5: 55742130d31b21926a5d06935aee233b
SHA-256: 54d0827a4e2788b250db1659a43ab45a37b66f9be6723aa39a7d04f97c9f76c4
Size: 45.25 kB - nss-tools-3.21.0-0.3.AXS4.x86_64.rpm
MD5: e1901cd21c1e78b1d29cc93435132fe0
SHA-256: c5419f2291e2ef73447780fd00d23e504a93a53f53429ebec8deb755a3e87aac
Size: 434.41 kB - nss-3.21.0-0.3.AXS4.i686.rpm
MD5: ce6aa4ddb3e368ef957a7b3e1a53dca9
SHA-256: fd0e55b7fffb7456ee6a8b091f39efa8ab7242ae22058ed75c6e6281207bd001
Size: 859.45 kB - nss-devel-3.21.0-0.3.AXS4.i686.rpm
MD5: 7a765c6edc1bb54630278f00bcf60cb1
SHA-256: 87ad6c464f6fc515584cc9b7332b162c81bc2df22eb8aaf4fd3a3119f6a77bda
Size: 204.80 kB - nss-sysinit-3.21.0-0.3.AXS4.i686.rpm
MD5: 20d3dc731f6dff5fb95ac7f37f4aa9c3
SHA-256: 9e55813197e3a4f32e37d449a18b8c4dfe060c5d724fff196e90e3d5b905244f
Size: 45.64 kB - nss-tools-3.21.0-0.3.AXS4.i686.rpm
MD5: 7e35002e2da03a384c41e66eb11d0279
SHA-256: 7990930d6e84feff59196ae0013df06d026dde66ed03c7d4715b93ca765a87b1
Size: 443.88 kB
English