nspr-4.11.0-1.el7, nss-softokn-3.16.2.3-14.2.el7, nss-3.21.0-9.el7, nss-util-3.21.0-2.2.el7
エラータID: AXSA:2016-217:01
リリース日:
2016/04/26 Tuesday - 12:19
題名:
nspr-4.11.0-1.el7, nss-softokn-3.16.2.3-14.2.el7, nss-3.21.0-9.el7, nss-util-3.21.0-2.2.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- NSS の ssl3_HandleECDHServerKeyExchange の
ssl3_HandleECDHServerKeyExchange 関数は解放後に使用し,大量にメモリを
消費している時に,SSL の (1) DHE あるいは (2)ECDHE ハンドシェークを行
うことで,リモートの攻撃者がサービス拒否を引き起こす,あるいは詳細不明な
他の影響を与える可能性のある脆弱性があります。(CVE-2016-1978)
- NSS の PK11_ImportDERPrivateKeyInfoAndReturnKey 関数には,開放
後に使用し,DER エンコーディングを持つ巧妙に細工されたキーのデータ
によって,リモートの攻撃者がサービス拒否を引き起こす,あるいは詳細
不明の他の影響を与える可能性のある脆弱性があります。
(CVE-2016-1979)
- 次のパッケージがアップストリームのバージョンにアップグレードしました。
nss (3.21.0), nss-util (3.21.0), nspr (4.11.0)
[Bug Fix]
- nss-softkn パッケージが NSS 3.21 と互換性のあるバージョンにアップ
デートしました。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-1978
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
CVE-2016-1979
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
追加情報:
N/A
ダウンロード:
SRPMS
- nspr-4.11.0-1.el7.src.rpm
MD5: 6631fbf81220f2377168d402b413d212
SHA-256: 66651b8a807fc28699efa02d58a599411101863d0af9b2fb4ccda0b2da9fb762
Size: 1.11 MB - nss-softokn-3.16.2.3-14.2.el7.src.rpm
MD5: f4a00d502fa0d389ebe28832e192f22c
SHA-256: ccdd90f1ea5e11bbef485aac272ffa2f6912050d67330125137b4dcba6bfb6c7
Size: 1.67 MB - nss-util-3.21.0-2.2.el7.src.rpm
MD5: 27099930d99df7933a12ad2741518986
SHA-256: c4bb4df181a952f269e83e2d239c0c5ab6f82dade24c712f89d727585e3fd92b
Size: 0.96 MB - nss-3.21.0-9.el7.src.rpm
MD5: 1e56ac3c3ded7ea78ab6173cc17384dd
SHA-256: 66ffff4d4062f36e7d4c260af7b7d4f9ce0e612834b4c8d20f4725884ec97d25
Size: 6.96 MB
Asianux Server 7 for x86_64
- nspr-4.11.0-1.el7.x86_64.rpm
MD5: 2d1534d5b6bdac089b14208271474fc3
SHA-256: ccf3b723c92d2a91b62d02ccdd53de41a339c435968f7b81e13360aa5446e346
Size: 125.15 kB - nspr-devel-4.11.0-1.el7.x86_64.rpm
MD5: 35f1fecdc56a4b1af7be55699b154ce5
SHA-256: 646dc97d3fe18c5f9ed4c2a517ee66b83fd95058613d4f1e2fc8f48ce507b2e9
Size: 113.02 kB - nspr-4.11.0-1.el7.i686.rpm
MD5: fac02992ed6f8785d88b875f5393ec3d
SHA-256: 4a1c78119705324d80c505561ca7fc09cdbeba534d4c3bce53a0bae71c4082d6
Size: 126.58 kB - nspr-devel-4.11.0-1.el7.i686.rpm
MD5: 7f78beb5a4f8e627e790242d2bfb5b15
SHA-256: 1cd61d55533aee59bcc5b13149665b2e2aae877a62c0361fb7b90f71b25cecce
Size: 113.06 kB - nss-softokn-3.16.2.3-14.2.el7.x86_64.rpm
MD5: 55cee74ae963383df2e72dc95c5bdf42
SHA-256: 489bbb8b723c3c21709ecb50ec247b002034a52064a8dc01778b53f735fffdc5
Size: 303.76 kB - nss-softokn-devel-3.16.2.3-14.2.el7.x86_64.rpm
MD5: 22d2345c3f1e7950d5d9602216001a7a
SHA-256: 409a272e0cf0f10ce2ee01b5a6ef88b869255e06ff55aa402c39b5dbc28ebd6a
Size: 25.06 kB - nss-softokn-freebl-3.16.2.3-14.2.el7.x86_64.rpm
MD5: 941b94443f3293df93d61ba1d505e620
SHA-256: 288994882779a09ba7b5936e66dadf4e8e66ecced97a8a6b40ea5f66654f7bb2
Size: 202.89 kB - nss-softokn-freebl-devel-3.16.2.3-14.2.el7.x86_64.rpm
MD5: d1738f445bf79c64f72b49458c64537a
SHA-256: 20ae3ffcd8d5af99e7c483ae1859c6333c3a33966e3001dc23996f53aff394a7
Size: 45.30 kB - nss-softokn-3.16.2.3-14.2.el7.i686.rpm
MD5: 6be8c01bdfd14a5538e14ded2a46ac22
SHA-256: 97eee8a375fd2f46fce15b5fb2508147d7f1262d7d19ca475f3fd0351e3f09f5
Size: 305.00 kB - nss-softokn-devel-3.16.2.3-14.2.el7.i686.rpm
MD5: 8c4c73015a665bc9df8f5f9fc0d846c3
SHA-256: 3b6b6421bca3aae78fb7bd1ff50e07cc27f0712eefae323a93702f962c76f46f
Size: 25.11 kB - nss-softokn-freebl-3.16.2.3-14.2.el7.i686.rpm
MD5: 6e9c778df3bd7031c2d8bb0b432fdf5e
SHA-256: f923228dd20110b9ba5e4fff4892fdab482fa430b23842f704c93f919dfd5901
Size: 186.56 kB - nss-softokn-freebl-devel-3.16.2.3-14.2.el7.i686.rpm
MD5: 3e471f30b4eb852f21a947191ba38231
SHA-256: 46fc536eadccd74b3bf4ffb7bb1d88b7a866fae2027f9180bbfa0c74d3bd60d6
Size: 44.43 kB - nss-util-3.21.0-2.2.el7.x86_64.rpm
MD5: acbc65dc1ac8116d8e6b451ed87f9b3e
SHA-256: 5809d0fd51c64b4984d72247c2d08f3766f04363ea2531c54cc2a242c6c39257
Size: 70.99 kB - nss-util-devel-3.21.0-2.2.el7.x86_64.rpm
MD5: 499d79d6383785d5b5603c9258d74410
SHA-256: c1129589a2ebfab2de89744189cef2862413cfe0636a238d0a521e7913d74a63
Size: 69.86 kB - nss-util-3.21.0-2.2.el7.i686.rpm
MD5: 995428b65c59bc462ce1291b56793c1b
SHA-256: 6e0611098c9bab4ac4fd378486543ee444062f67319163a7e64af0145190aab3
Size: 69.62 kB - nss-util-devel-3.21.0-2.2.el7.i686.rpm
MD5: 2c25bded51122d18e85382f3932c553c
SHA-256: e2c8f9ec3f0faef5c9746d4c6e4f57a067db9b24afe39190cea2a6f1818c86b7
Size: 69.91 kB - nss-3.21.0-9.el7.x86_64.rpm
MD5: 2a7723f55275f009aae7dce94dccf5d3
SHA-256: 5809e9d9ec9ee5b0164c4bd72fd85ce4e76d2e4ef99506afefd9cadd898e30cd
Size: 849.42 kB - nss-devel-3.21.0-9.el7.x86_64.rpm
MD5: 63d3a749a1607f78c34b1342cee1cebb
SHA-256: 01be33fdeae37a075ce2ff94cd07ed26c17ad62dddcd00d49b850351b40f724a
Size: 210.33 kB - nss-sysinit-3.21.0-9.el7.x86_64.rpm
MD5: c755e35505262337822176f707d51130
SHA-256: e8e36ff44ad8bbd0440cda4b1c4d4990ba9a40b893f6e49fc05fc150524953d8
Size: 53.70 kB - nss-tools-3.21.0-9.el7.x86_64.rpm
MD5: 4e16e02019da0e2e9dccaaa7926a5397
SHA-256: aecbb4854569a044a375e49ed5a954e8921bf2da366b7aa6d151780465a01cb5
Size: 485.59 kB - nss-3.21.0-9.el7.i686.rpm
MD5: c07056b415ac27d72e518cd55e67ce1d
SHA-256: 09143fcb04a0f998c2eb4cfa6317df64416c15744f8fa37286bb3c00d3f33c83
Size: 846.84 kB - nss-devel-3.21.0-9.el7.i686.rpm
MD5: f3b1996f1ccefd4935059f1d039ef286
SHA-256: af35ff037e952bdbba34202bcfd67ee835386b79725709bb36d7b002e706b236
Size: 211.67 kB
English