Mandriva Linux Security Advisory 2015-059 - Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages. The updated packages provides a solution for these security issues.
59256243393f23f58ede14a8157f3106d5b951ae5d805857b9f01d335602857b
Red Hat Security Advisory 2014-1371-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.
634b6dfc998db983c7e89be22b46420778f990756889c14c31ae9d0d1d7dfec3
Red Hat Security Advisory 2014-1354-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
b32eb23a922aaad612775171117381de11c2f5eb28b398659a771dccc74d4d25
Debian Linux Security Advisory 3037-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Icedove), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
4acb09686b97b7299d7b15ee86526511323b29697f34fc6d95d0c6d451ac0093
Red Hat Security Advisory 2014-1307-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.
08a1d6314655253f277428022a1688098423cb33c9f35cce58d396cb4045d729
Mandriva Linux Security Advisory 2014-189 - Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The updated NSPR packages have been upgraded to the latest 4.10.7 version. The updated NSS packages have been upgraded to the latest 3.17.1 version which is not vulnerable to this issue. Additionally the rootcerts package has also been updated to the latest version as of 2014-08-05.
46a34a4e8012eab187a9e30838cea24c9c53c4b1295b48500f72627c1291a112
Debian Linux Security Advisory 3034-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
79de4320568e4b16d46f128066d3ed5727d30dad9b7432d769bae6befc4bbbaa
Debian Linux Security Advisory 3033-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
3bb8562cd39dc6b69437ddb1dc2332a8799a87972d5e22e62be562ece65a14e8
Ubuntu Security Notice 2360-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.
8df063b3cb939db382d3432ee23c8bcd73caea7a3cd58b252812d1a99c657ea8
Ubuntu Security Notice 2360-2 - USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Various other issues were also addressed.
a55a4962a577d8dcb5a441b370937491b9b9fdb5894344155edfb3661a1dfc26
Ubuntu Security Notice 2361-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.
0b164d83886f94da9bbceb2e461fb57b8928713d9bbb2d8fe7894da0839e1b98