SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Network Security Services (NSS) Vendors:   Mozilla.org
(CentOS Issues Fix) Network Security Services (NSS) SSL DHE/ECDHE Use-After-Free Memory Error May Let Remote Users Execute Arbitrary Code on the Target System
SecurityTracker Alert ID:  1035683
SecurityTracker URL:  http://securitytracker.com/id/1035683
CVE Reference:   CVE-2016-1978   (Links to External Site)
Date:  Apr 26 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Network Security Services (NSS). A remote user may be able to execute arbitrary code on the target system.

A remote user can send specially crafted DHE and ECDHE handshake data to trigger a user-after-free memory error when the target system's available memory is low and potentially execute arbitrary code on the target system.

Eric Rescorla reported this vulnerability vulnerability.

Impact:   A remote user may be able to execute arbitrary code on the target system.
Solution:   CentOS has issued a fix.

i386:
22a25171db9d8a514be909e7a8eef944e73b3194d6dc51c1e4e351adfb62035e nss-3.21.0-6.el5_11.i386.rpm
28ae63c316cc4f13f29e8cb0dfcf13b004dd591386eeed974b5721adf1b62f5d nss-devel-3.21.0-6.el5_11.i386.rpm
bd69e9a3c779a8fc3a9c5f1d2db5cecc2c30b92fbb7a3d1f65cdc86f4cf04339 nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm
d70335c291e0b4b34b7e7e4294a284b59d26617edb92d601b2e281c3e48995aa nss-tools-3.21.0-6.el5_11.i386.rpm

x86_64:
22a25171db9d8a514be909e7a8eef944e73b3194d6dc51c1e4e351adfb62035e nss-3.21.0-6.el5_11.i386.rpm
891293a24f0e8664504d9bf777844c333efb8f77d7bed69163857dea240e0425 nss-3.21.0-6.el5_11.x86_64.rpm
28ae63c316cc4f13f29e8cb0dfcf13b004dd591386eeed974b5721adf1b62f5d nss-devel-3.21.0-6.el5_11.i386.rpm
c442280aab2f2064a0ef4b0794ac1f926422eb44a1e8c0759a54f6f0f71e9cce nss-devel-3.21.0-6.el5_11.x86_64.rpm
bd69e9a3c779a8fc3a9c5f1d2db5cecc2c30b92fbb7a3d1f65cdc86f4cf04339 nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm
f412a80e0611d89981d883653a2bb309afbd20dd825770d45ef0d267e6ee18e7 nss-pkcs11-devel-3.21.0-6.el5_11.x86_64.rpm
ae5698473b4847dc48f6e13ed0747c092487843889f88df8741692076fd6ff25 nss-tools-3.21.0-6.el5_11.x86_64.rpm

Source:
4813046342f6562e761c0d1f6c782de5cebaa62fa06523482498dcd1b2c2e8ea nss-3.21.0-6.el5_11.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5

Message History:   This archive entry is a follow-up to the message listed below.
Mar 14 2016 Network Security Services (NSS) SSL DHE/ECDHE Use-After-Free Memory Error May Let Remote Users Execute Arbitrary Code on the Target System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0684 Moderate CentOS 5 nss Security Update


CentOS Errata and Security Advisory 2016:0684 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0684.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
22a25171db9d8a514be909e7a8eef944e73b3194d6dc51c1e4e351adfb62035e  nss-3.21.0-6.el5_11.i386.rpm
28ae63c316cc4f13f29e8cb0dfcf13b004dd591386eeed974b5721adf1b62f5d  nss-devel-3.21.0-6.el5_11.i386.rpm
bd69e9a3c779a8fc3a9c5f1d2db5cecc2c30b92fbb7a3d1f65cdc86f4cf04339  nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm
d70335c291e0b4b34b7e7e4294a284b59d26617edb92d601b2e281c3e48995aa  nss-tools-3.21.0-6.el5_11.i386.rpm

x86_64:
22a25171db9d8a514be909e7a8eef944e73b3194d6dc51c1e4e351adfb62035e  nss-3.21.0-6.el5_11.i386.rpm
891293a24f0e8664504d9bf777844c333efb8f77d7bed69163857dea240e0425  nss-3.21.0-6.el5_11.x86_64.rpm
28ae63c316cc4f13f29e8cb0dfcf13b004dd591386eeed974b5721adf1b62f5d  nss-devel-3.21.0-6.el5_11.i386.rpm
c442280aab2f2064a0ef4b0794ac1f926422eb44a1e8c0759a54f6f0f71e9cce  nss-devel-3.21.0-6.el5_11.x86_64.rpm
bd69e9a3c779a8fc3a9c5f1d2db5cecc2c30b92fbb7a3d1f65cdc86f4cf04339  nss-pkcs11-devel-3.21.0-6.el5_11.i386.rpm
f412a80e0611d89981d883653a2bb309afbd20dd825770d45ef0d267e6ee18e7  nss-pkcs11-devel-3.21.0-6.el5_11.x86_64.rpm
ae5698473b4847dc48f6e13ed0747c092487843889f88df8741692076fd6ff25  nss-tools-3.21.0-6.el5_11.x86_64.rpm

Source:
4813046342f6562e761c0d1f6c782de5cebaa62fa06523482498dcd1b2c2e8ea  nss-3.21.0-6.el5_11.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC