Debian Linux Security Advisory 3688-1 - Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project.
b93966cf45b459b94721e41f799657ce1d921ea91d32c39e7fe841f2d97f11e7Ubuntu Security Notice 2973-1 - Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Hanno Boeck discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. Various other issues were also addressed.
d29c52273e7734f2eb886a43b5407681e67a0595f44c88105e13d3a3a39ba876Debian Linux Security Advisory 3576-1 - Multiple security issues have been found in Icedove, Debian's version of lead to the execution of arbitrary code or denial of service.
05e7b4c1f39005760c9abd1a0ac619a912317ec016c2c8356dc9bb6fbfb07db5Red Hat Security Advisory 2016-0684-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. Security Fix: A use-after-free flaw was found in the way NSS handled DHE and ECDHE handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.
5a2666975f30ed4ef9d32a6c94c6c7ee9af784cd8b1cb74c9e6c0bbd94cde00eRed Hat Security Advisory 2016-0685-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys.
7142359029ecb55b91f8740bcc308885a4ca03d05377044d0945c59945dbfdaaRed Hat Security Advisory 2016-0591-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0.
b4d37927706ed52b6f88aeba09a8fe9f5e48bb1850ac0233b2fc350696bfd23f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed