Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 20 nss-softokn 3.19.1 Critical: Logjam Attack Mitigation

fedora
Calendar Grey June 14, 2015
Dist Fedora Esm H88
Important Fedora 20 upgrade fixes nss-softokn vulnerabilities and mitigates the severe logjam threat, enhancing your system's safety.
Security fix for CVE-2015-4000 Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack

Summary

Network Security Services Softoken Cryptographic Module

Update Information:

Security fix for CVE-2015-4000

Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack.

The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default.

For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents:



Topics%20covered

Topics Covered

security advisory update critical Fedora TLS protocol nss-softokn logjam attack

Change Log

* Thu May 28 2015 Kai Engert - 3.19.1-1.0 - Update to NSS 3.19.1 * Tue May 19 2015 Kai Engert - 3.19.0-1.0 - Update to NSS 3.19 * Mon Mar 23 2015 Elio Maldonado - 3.18.0-1 - Update to nss-3.18.0 * Wed Jan 28 2015 Elio Maldonado - 3.17.4-1 - Update to nss-3.17.4 - fix dependencies so nss-softokn pulls in nss-softokn-freebl of the same version and release * Sat Dec 6 2014 Elio Maldonado - 3.17.3-1 - Update to nss-3.17.3 * Fri Nov 21 2014 Elio Maldonado - 3.17.2-2 - Resolves: Bug 1155306 - Provide sym key derive mechansm as result of encryption of message * Mon Oct 13 2014 Elio Maldonado - 3.17.2-1 - Update to nss-3.17.2 * Wed Sep 24 2014 Kai Engert - 3.17.1-2 - Update nss-util build dependency - Fix check of test suite result * Wed Sep 24 2014 Kai Engert - 3.17.1-1 - Update to nss-3.17.1 - Add a mechanism to skip test suite execution during development work * Fri Aug 22 2014 Elio Maldonado - 3.16.2-2 - Update to nss-3.17.0 * Mon Jun 30 2014 Elio Maldonado - 3.16.2-1 - Update to nss-3.16.2 * Wed May 7 2014 Elio Maldonado - 3.16.1-1 - Update to nss-3.16.1 - Resolves: Bug 1094702 - nss-3.16.1 is available * Tue Mar 18 2014 Elio Maldonado - 3.16.0-0 - Update to nss-3.16.0 * Sun Mar 2 2014 Elio Maldonado - 3.15.5-2 - Resolves: Bug 1071679 - Define -DMP_USE_UINT_DIGIT in lib/freebl/Makefile for Linux x86 - Patch contributed by Stephan Bergmann - Fixes segmentation fault when signing on i686 that occurs in Rawhide * Fri Feb 28 2014 Elio Maldonado - 3.15.5-1 - Update to nss-3.15.1 - Resolves: Bug 1066877 * Fri Feb 28 2014 Elio Maldonado - 3.15.4-2 - Display processor information as part of the build * Tue Jan 7 2014 Elio Maldonado - 3.15.3-2 - Update to NSS_3_15_4_RTM - Resolves: Bug 1049229 - nss-3.15.4 is available * Fri Nov 1 2013 Elio Maldonado - 3.15.2-3 - Update to NSS_3_15_3_RTM - Related: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741

References


[ 1 ] Bug #1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks https://bugzilla.redhat.com/show_bug.cgi?id=1223211

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update nss-softokn' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nss-softokn
Product: Fedora 20
Version: 3.19.1
Release: 1.0.fc20
URL: https://firefox-source-docs.mozilla.org/security/nss/index.html
Summary: Network Security Services Softoken Module

Topics%20covered

Topics Covered

security advisory update critical Fedora TLS protocol nss-softokn logjam attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here