DSA-3336-1 nss -- nssID: oval:org.secpod.oval:def:602195 | Date: (C)2015-08-28 (M)2023-12-07 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2721 Karthikeyan Bhargavan discovered that NSS incorrectly handles state transitions for the TLS state machine. A man-in-the-middle attacker could exploit this flaw to skip the ServerKeyExchange message and remove the forward-secrecy property. CVE-2015-2730 Watson Ladd discovered that NSS does not properly perform Elliptical Curve Cryptography multiplication, allowing a remote attacker to potentially spoof ECDSA signatures.
Platform: |
Debian 8.x |
Debian 7.x |