[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2015-1185 -- Oracle nss_nss-util

ID: oval:org.secpod.oval:def:1501047Date: (C)2015-07-02   (M)2024-02-19
Class: PATCHFamily: unix




Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. Note: This update forces the TLS/SSL client implementation in NSS to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. The nss and nss-util packages have been upgraded to upstream versions 3.19.1. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Users of nss and nss-util are advised to upgrade to these updated packages, which fix these security flaws, bugs, and add these enhancements.

Platform:
Oracle Linux 6
Product:
nss
nss-util
Reference:
ELSA-2015-1185
CVE-2015-4000
CVE    1
CVE-2015-4000
CPE    3
cpe:/a:nss:network_security_services
cpe:/a:nss:nss-util
cpe:/o:oracle:linux:6

© SecPod Technologies