Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Gentoo: GLSA-200610-06 Normal: NSS RSA Signature Forgery

gentoo
Calendar Grey October 17, 2006
Dist Gentoo Esm H88
Gentoo Security Advisory GLSA 202311-11 highlights a moderate severity concern regarding the potential exploitation of OpenSSL vulnerability affecting digital signatures.
NSS fails to properly validate PKCS #1 v1.5 signatures.

Summary

Gentoo Linux Security Advisory GLSA 200610-06 https://security.gentoo.org/ Severity: Normal Title: Mozilla Network Security Service (NSS): RSA signature forgery Date: October 17, 2006 Bugs: #148283 ID: 200610-06

Synopsis ======= NSS fails to properly validate PKCS #1 v1.5 signatures.
Background ========= The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/nss < 3.11.3 >= 3.11.3
========== Daniel Bleichenbacher discovered that it might be possible to forge signature...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround