SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Netscape Portable Runtime API Vendors:   Mozilla.org
(CentOS Issues Fix for Netscape Portable Runtime API) Network Security Services (NSS) SSL DHE/ECDHE Use-After-Free Memory Error May Let Remote Users Execute Arbitrary Code on the Target System
SecurityTracker Alert ID:  1035481
SecurityTracker URL:  http://securitytracker.com/id/1035481
CVE Reference:   CVE-2016-1978   (Links to External Site)
Date:  Apr 5 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Network Security Services (NSS). A remote user may be able to execute arbitrary code on the target system. Netscape Portable Runtime API is affected.

A remote user can send specially crafted DHE and ECDHE handshake data to trigger a user-after-free memory error when the target system's available memory is low and potentially execute arbitrary code on the target system.

Eric Rescorla reported this vulnerability vulnerability.

Impact:   A remote user may be able to execute arbitrary code on the target system.
Solution:   CentOS has issued a fix for Netscape Portable Runtime API.

i386:
3b223ca6b209603975d7067ca45911b0f61f445196fb4b87e8e30b881ba9c2e5 nspr-4.11.0-0.1.el6_7.i686.rpm
e9f94771ef76b6bb895aaf2b196e90c1e9c3aafeb11177afc03a21d90be4ad34 nspr-devel-4.11.0-0.1.el6_7.i686.rpm

x86_64:
3b223ca6b209603975d7067ca45911b0f61f445196fb4b87e8e30b881ba9c2e5 nspr-4.11.0-0.1.el6_7.i686.rpm
3d109fb2c496edf99f41fd9db08769239caef7758ea6abf118ffe72b1de57c94 nspr-4.11.0-0.1.el6_7.x86_64.rpm
e9f94771ef76b6bb895aaf2b196e90c1e9c3aafeb11177afc03a21d90be4ad34 nspr-devel-4.11.0-0.1.el6_7.i686.rpm
14a47d3277db192096307cb88c8072df5b15257db7b352bf731fa54227a46c42 nspr-devel-4.11.0-0.1.el6_7.x86_64.rpm

Source:
34bfff2b29fc9e980193a8cdc85aa65bae37e6c8e622de0882d0237365aa0c47 nspr-4.11.0-0.1.el6_7.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Mar 14 2016 Network Security Services (NSS) SSL DHE/ECDHE Use-After-Free Memory Error May Let Remote Users Execute Arbitrary Code on the Target System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0591 Moderate CentOS 6 nspr Security Update


CentOS Errata and Security Advisory 2016:0591 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0591.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
3b223ca6b209603975d7067ca45911b0f61f445196fb4b87e8e30b881ba9c2e5  nspr-4.11.0-0.1.el6_7.i686.rpm
e9f94771ef76b6bb895aaf2b196e90c1e9c3aafeb11177afc03a21d90be4ad34  nspr-devel-4.11.0-0.1.el6_7.i686.rpm

x86_64:
3b223ca6b209603975d7067ca45911b0f61f445196fb4b87e8e30b881ba9c2e5  nspr-4.11.0-0.1.el6_7.i686.rpm
3d109fb2c496edf99f41fd9db08769239caef7758ea6abf118ffe72b1de57c94  nspr-4.11.0-0.1.el6_7.x86_64.rpm
e9f94771ef76b6bb895aaf2b196e90c1e9c3aafeb11177afc03a21d90be4ad34  nspr-devel-4.11.0-0.1.el6_7.i686.rpm
14a47d3277db192096307cb88c8072df5b15257db7b352bf731fa54227a46c42  nspr-devel-4.11.0-0.1.el6_7.x86_64.rpm

Source:
34bfff2b29fc9e980193a8cdc85aa65bae37e6c8e622de0882d0237365aa0c47  nspr-4.11.0-0.1.el6_7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC