Stay Secure with the Latest Linux Advisories

security advisorymoderatefedora

Fedora 22: 2015-9048 Moderate Security Update for NSS Softokn Logjam

Security fix for CVE-2015-4000 Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack. The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default. For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents: https [More...]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-9048 2015-05-30 09:25:32 -------------------------------------------------------------------------------- Name : nss-softokn Product : Fedora 22 Version : 3.19.1 Release : 1.0.fc22 URL : https://firefox-source-docs.mozilla.org/security/nss/index.html Summary : Network Security Services Softoken Module Description : Network Security Services Softoken Cryptographic Module -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-4000 Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack. The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default. For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents: -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2015 Kai Engert - 3.19.1-1.0 - Update to NSS 3.19.1 * Tue May 19 2015 Kai Engert - 3.19.0-1.0 - Update to NSS 3.19 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks https://bugzilla.redhat.com/show_bug.cgi?id=1223211 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update nss-softokn' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . -------------------------------------------------------------------------------- Fedora Update Notif. security, cve-2015-4000, update, upstream, release, which. . LinuxSecurity.com Team

Jun 02, 2015 Fedora