SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Network Security Services (NSS) Vendors:   Mozilla.org
(CentOS Issues Fix) Network Security Services (NSS) SSL DHE/ECDHE Use-After-Free Memory Error May Let Remote Users Execute Arbitrary Code on the Target System
SecurityTracker Alert ID:  1035483
SecurityTracker URL:  http://securitytracker.com/id/1035483
CVE Reference:   CVE-2016-1978   (Links to External Site)
Date:  Apr 5 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Network Security Services (NSS). A remote user may be able to execute arbitrary code on the target system.

A remote user can send specially crafted DHE and ECDHE handshake data to trigger a user-after-free memory error when the target system's available memory is low and potentially execute arbitrary code on the target system.

Eric Rescorla reported this vulnerability vulnerability.

Impact:   A remote user may be able to execute arbitrary code on the target system.
Solution:   CentOS has issued a fix.

i386:
5c8974b2d8730e2967751f835f4646bdf46fa968c29769748219ad426c5140d3 nss-3.21.0-0.3.el6_7.i686.rpm
f3782c46dfadef016d7afe8d81015c92ca5062e738d225377bfb38904e70708d nss-devel-3.21.0-0.3.el6_7.i686.rpm
32b9c62453b3dd45c60985751e36ed30aba93ea2f024b4b08443b7b9438eb5a8 nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm
7ee7fb2e4107b38d7c03677abb588fdd59b28459fa01a67f1a0bfb159295c688 nss-sysinit-3.21.0-0.3.el6_7.i686.rpm
a24d41eaadacaebcab9e7bf5490dc75028d7360e8484d9f4615b480067299539 nss-tools-3.21.0-0.3.el6_7.i686.rpm

x86_64:
5c8974b2d8730e2967751f835f4646bdf46fa968c29769748219ad426c5140d3 nss-3.21.0-0.3.el6_7.i686.rpm
7242d7e199b316736c10a1e97629001a3f2ab4ba540f0e313730ae8a11358544 nss-3.21.0-0.3.el6_7.x86_64.rpm
f3782c46dfadef016d7afe8d81015c92ca5062e738d225377bfb38904e70708d nss-devel-3.21.0-0.3.el6_7.i686.rpm
24a8bfae413d2a0ea8063fe0045615096d0cff4e8ddb483b625f32a20c403fb4 nss-devel-3.21.0-0.3.el6_7.x86_64.rpm
32b9c62453b3dd45c60985751e36ed30aba93ea2f024b4b08443b7b9438eb5a8 nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm
dc1976aceb5f1e49dcb95308bc6ae80e9100d759141308f5fb786ac6d49e65b3 nss-pkcs11-devel-3.21.0-0.3.el6_7.x86_64.rpm
99a95ba3bfebf8d62f4033b0578ff4c0a604becc5e5255700d98ccf305e68cc9 nss-sysinit-3.21.0-0.3.el6_7.x86_64.rpm
f1af7ca96a93c1ebeeab8051f137e92116d869ba0aa55c28bf7a6d0bcf7b49e7 nss-tools-3.21.0-0.3.el6_7.x86_64.rpm

Source:
ae57322f9c969f39ae79298247a6a8a795719d1e926d88077a92536b8332409c nss-3.21.0-0.3.el6_7.src.rpm

i386:
be545dfd2d5da2c62a77f9cc2b40987befdb5c5f669782af9c377f0b85484ff0 nss-util-3.21.0-0.3.el6_7.i686.rpm
56806dccf241355a1b9cba4e1595f54abbe5a5b1f92b9a4d4f5b7d8091bc7325 nss-util-devel-3.21.0-0.3.el6_7.i686.rpm

x86_64:
be545dfd2d5da2c62a77f9cc2b40987befdb5c5f669782af9c377f0b85484ff0 nss-util-3.21.0-0.3.el6_7.i686.rpm
a7241304459acb2e2dca19fa7a61f516f2a38aa3e4440d1a2f001de413c54e1f nss-util-3.21.0-0.3.el6_7.x86_64.rpm
56806dccf241355a1b9cba4e1595f54abbe5a5b1f92b9a4d4f5b7d8091bc7325 nss-util-devel-3.21.0-0.3.el6_7.i686.rpm
7cb08f5c7d2c44566206fc7fb5c9dcb380b9ec3e036eecf3bc99ec764e95043e nss-util-devel-3.21.0-0.3.el6_7.x86_64.rpm

Source:
3c391ab73bc502dc1a1aa74a1aeda1ddf08aee80c85ed02396808117d1a89ce5 nss-util-3.21.0-0.3.el6_7.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Mar 14 2016 Network Security Services (NSS) SSL DHE/ECDHE Use-After-Free Memory Error May Let Remote Users Execute Arbitrary Code on the Target System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0591 Moderate CentOS 6 nss Security Update


CentOS Errata and Security Advisory 2016:0591 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0591.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
5c8974b2d8730e2967751f835f4646bdf46fa968c29769748219ad426c5140d3  nss-3.21.0-0.3.el6_7.i686.rpm
f3782c46dfadef016d7afe8d81015c92ca5062e738d225377bfb38904e70708d  nss-devel-3.21.0-0.3.el6_7.i686.rpm
32b9c62453b3dd45c60985751e36ed30aba93ea2f024b4b08443b7b9438eb5a8  nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm
7ee7fb2e4107b38d7c03677abb588fdd59b28459fa01a67f1a0bfb159295c688  nss-sysinit-3.21.0-0.3.el6_7.i686.rpm
a24d41eaadacaebcab9e7bf5490dc75028d7360e8484d9f4615b480067299539  nss-tools-3.21.0-0.3.el6_7.i686.rpm

x86_64:
5c8974b2d8730e2967751f835f4646bdf46fa968c29769748219ad426c5140d3  nss-3.21.0-0.3.el6_7.i686.rpm
7242d7e199b316736c10a1e97629001a3f2ab4ba540f0e313730ae8a11358544  nss-3.21.0-0.3.el6_7.x86_64.rpm
f3782c46dfadef016d7afe8d81015c92ca5062e738d225377bfb38904e70708d  nss-devel-3.21.0-0.3.el6_7.i686.rpm
24a8bfae413d2a0ea8063fe0045615096d0cff4e8ddb483b625f32a20c403fb4  nss-devel-3.21.0-0.3.el6_7.x86_64.rpm
32b9c62453b3dd45c60985751e36ed30aba93ea2f024b4b08443b7b9438eb5a8  nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm
dc1976aceb5f1e49dcb95308bc6ae80e9100d759141308f5fb786ac6d49e65b3  nss-pkcs11-devel-3.21.0-0.3.el6_7.x86_64.rpm
99a95ba3bfebf8d62f4033b0578ff4c0a604becc5e5255700d98ccf305e68cc9  nss-sysinit-3.21.0-0.3.el6_7.x86_64.rpm
f1af7ca96a93c1ebeeab8051f137e92116d869ba0aa55c28bf7a6d0bcf7b49e7  nss-tools-3.21.0-0.3.el6_7.x86_64.rpm

Source:
ae57322f9c969f39ae79298247a6a8a795719d1e926d88077a92536b8332409c  nss-3.21.0-0.3.el6_7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC