Debian: DSA-3690-1 Urgent: OpenSSL Vulnerabilities and Exposure Risks
debian
October 5, 2016
Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project
Topics Covered
Summary
Several vulnerabilities were discovered in NSS, the cryptography
library developed by the Mozilla project.
CVE-2015-4000
David Adrian et al. reported that it may be feasible to attack
Diffie-Hellman-based cipher suites in certain circumstances,
compromising the confidentiality and integrity of data encrypted
with Transport Layer Security (TLS).
CVE-2015-7181
CVE-2015-7182
CVE-2016-1950
Tyson Smith, David Keeler, and Francis Gabriel discovered
heap-based buffer overflows in the ASN.1 DER parser, potentially
leading to arbitrary code execution.
CVE-2015-7575
Karthikeyan Bhargavan discovered that TLS client implementation
accepted MD5-based signatures for TLS 1.2 connections with forward
secrecy, weakening the intended security strength of TLS
connections.
CVE-2016-1938
Hanno Boeck discovered that NSS miscomputed the result of integer
division for certain inputs. This could weaken the cryptographic
protections provided by NSS. However, NSS implement...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: nss
CVE ID: CVE-2015-4000 CVE-2015-7181 CVE-2015-7182 CVE-2015-7575
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!