Stay Secure with the Latest Linux Advisories

security advisorycriticalpatch

SUSE: 2014:1220-3 Critical Update: Mozilla NSS RSA Forgery Issue

An update that fixes one vulnerability is now available. It An update that fixes one vulnerability is now available. It An update that fixes one vulnerability is now available. It includes one version update. includes one version update.. SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1220-3 Rating: important References: #897890 Cross-References: CVE-2014-1568 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libfreebl3-9775 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 3.16.5]: libfreebl3-3.16.5-0.4.2.1 mozilla-nss-3.16.5-0.4.2.1 mozilla-nss-tools-3.16.5-0.4.2.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.16.5]: libfreebl3-32bit-3.16.5-0.4.2.1 mozilla-nss-32bit-3.16.5-0.4.2.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 3.16.5]: mozilla-nss-3.16.5-0.5.1 mozilla-nss-devel-3.16.5-0.5.1 mozilla-nss-tools-3.16.5-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 3.16.5]: mozilla-nss-32bit-3.16.5-0.5.1 References: https://www.suse.com/security/cve/CVE-2014-1568.html https://bugzilla.suse.com/show_bug.cgi?id=897890 https://scc.suse.com:443/patches/ https://scc.suse.com:443/patches/ . The significant security patch issued by SUSE for mozilla-nss tackles CVE-2014-1568, reinforcing the protection of the system.. SUSE Linux, Mozilla NSS, RSA Forgery, Security Update, Patch Instructions. . Severity: Important. LinuxSecurity.com Team

Sep 30, 2014 •Important SuSE