nss-3.21.3-2.AXS4, nss-util-3.21.3-1.AXS4
エラータID: AXSA:2016-939:01
リリース日:
2016/11/16 Wednesday - 15:35
題名:
nss-3.21.3-2.AXS4, nss-util-3.21.3-1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
[修正内容]
以下項目について対処しました。
[Security Fix]
- Mozilla Network Security Services (NSS) には、不明な要因によって、
リモートの攻撃者がサービス拒否 (メモリ破壊とアプリケーションのク
ラッシュ) を引き起こす、あるいは詳細不明な他の影響を与える可能性
のある脆弱性があります。(CVE-2016-2834)
- NSS のディフィー・ヘルマンクライアント鍵交換の処理で
small subgroup confinement 攻撃の問題があり,目的のグループのサブ
グループへのクライアント DH 鍵を限定することによって,攻撃者が
秘密鍵を復号する脆弱性があります。(CVE-2016-8635)
- 現時点では CVE-2016-5285 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-2834
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-5285
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2016-8635
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
追加情報:
N/A
ダウンロード:
SRPMS
- nss-util-3.21.3-1.AXS4.src.rpm
MD5: 3c932c70c009eace97d9b5cd048c6897
SHA-256: a36119976fd6fe19b674c85b19dc7466f9d93aa24e252bbe2650c0ab8b40aca1
Size: 745.29 kB - nss-3.21.3-2.AXS4.src.rpm
MD5: 1c86fcc7b83cfb66e0759005896f2932
SHA-256: 98ad20a9dd80211b7c54193abe5e4fb7a1d55df7b88e373e3ca18d4677b6db93
Size: 5.42 MB
Asianux Server 4 for x86
- nss-util-3.21.3-1.AXS4.i686.rpm
MD5: d2368b1fe99749aebbe1885bf3097281
SHA-256: 9d7e014c0000d361675e6da9fa27da4d2f98d06a03be270f532804496ada17d7
Size: 66.23 kB - nss-util-devel-3.21.3-1.AXS4.i686.rpm
MD5: d7d0662b23e7659df9428badabd017ad
SHA-256: 267c871122891e416cc0e8fa17050477a53cdd0d42bc085d7240f91fdc629efc
Size: 68.72 kB - nss-3.21.3-2.AXS4.i686.rpm
MD5: 13d675dba1a7e88fe6c9d20dee18246f
SHA-256: 1fad9a046a98ea339d72865e91a5949934c0d8a6b30225529ebd3fe85edb2e4b
Size: 860.60 kB - nss-devel-3.21.3-2.AXS4.i686.rpm
MD5: c61dc139c87db41f83cfdca7c90b5017
SHA-256: c255b9179c434bec7f1f0155b495b4dae01c7877fd6f72516f1f655dc812819b
Size: 205.91 kB - nss-sysinit-3.21.3-2.AXS4.i686.rpm
MD5: fc87c4700011d068b4edca65d3495b89
SHA-256: 48c4c232ffad51b88c7342989414baf2a80bae2bd177350fe5c8f0a0df560edf
Size: 46.73 kB - nss-tools-3.21.3-2.AXS4.i686.rpm
MD5: d276aaf153bfd304b278f5c8153e2c88
SHA-256: 19094cd8d3f7b3a79eb2f53a44071746db864ca9c768b380ef04dd1bc8634f81
Size: 445.95 kB
Asianux Server 4 for x86_64
- nss-util-3.21.3-1.AXS4.x86_64.rpm
MD5: c7ae4a9788844f383acb766626b44f56
SHA-256: 018bca674be4ebd84d3bf76aeefd1952c45ae2d2254f6b85227e9d498edce83e
Size: 66.38 kB - nss-util-devel-3.21.3-1.AXS4.x86_64.rpm
MD5: 2ab42c03d2b242e7427573d7f610b5df
SHA-256: c5d6062b889acef83a7267e415ae9ef28c87f8101407eecb140c81bde6a334fd
Size: 68.27 kB - nss-util-3.21.3-1.AXS4.i686.rpm
MD5: d2368b1fe99749aebbe1885bf3097281
SHA-256: 9d7e014c0000d361675e6da9fa27da4d2f98d06a03be270f532804496ada17d7
Size: 66.23 kB - nss-util-devel-3.21.3-1.AXS4.i686.rpm
MD5: d7d0662b23e7659df9428badabd017ad
SHA-256: 267c871122891e416cc0e8fa17050477a53cdd0d42bc085d7240f91fdc629efc
Size: 68.72 kB - nss-3.21.3-2.AXS4.x86_64.rpm
MD5: 6d8557a8ed035b397b53e673cb71d533
SHA-256: b1e5f81d57424805d3f31b3e5177ad7497acdeca8bca2ba68d57972f90f1db61
Size: 858.50 kB - nss-devel-3.21.3-2.AXS4.x86_64.rpm
MD5: ede599bff1597ab398a3a88514ec4c1b
SHA-256: f5ade0d71ffc15825dc750a40ac4fda21469c3892c5988184609cbc5d7751c08
Size: 204.03 kB - nss-sysinit-3.21.3-2.AXS4.x86_64.rpm
MD5: 919fe3f7bcce8632170feca82857e225
SHA-256: 3fdbe1526f55094268ff5a0d27b428d3e7a1b09128fb551e11cc49022baa590f
Size: 46.36 kB - nss-tools-3.21.3-2.AXS4.x86_64.rpm
MD5: e8677b91c966ca80802e7d177d113df8
SHA-256: fb8da99bcb00f25ed24a4d0fbb6f242a9626556bb0a650de9fb8f41b6b80c633
Size: 436.40 kB - nss-3.21.3-2.AXS4.i686.rpm
MD5: 13d675dba1a7e88fe6c9d20dee18246f
SHA-256: 1fad9a046a98ea339d72865e91a5949934c0d8a6b30225529ebd3fe85edb2e4b
Size: 860.60 kB - nss-devel-3.21.3-2.AXS4.i686.rpm
MD5: c61dc139c87db41f83cfdca7c90b5017
SHA-256: c255b9179c434bec7f1f0155b495b4dae01c7877fd6f72516f1f655dc812819b
Size: 205.91 kB