RHSA-2014:1307-01 -- Redhat nss, nss-softokn, nss-utilID: oval:org.secpod.oval:def:501393 | Date: (C)2014-09-29 (M)2023-12-07 |
Class: PATCH | Family: unix |
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect.
Platform: |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 6 |
Red Hat Enterprise Linux 5 |
Product: |
nss |
nss-softokn |
nss-util |