Rapid7 Vulnerability & Exploit Database

RHSA-2015:1699: nss-softokn security update

Back to Search

RHSA-2015:1699: nss-softokn security update

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
07/05/2015
Created
07/25/2018
Added
09/07/2015
Modified
07/04/2017

Description

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and serverapplications.A flaw was found in the way NSS verified certain ECDSA (Elliptic CurveDigital Signature Algorithm) signatures. Under certain conditions, anattacker could use this flaw to conduct signature forgery attacks.(CVE-2015-2730)Red Hat would like to thank the Mozilla project for reporting this issue.Upstream acknowledges Watson Ladd as the original reporter of this issue.All nss-softokn users are advised to upgrade to these updated packages,which contain a backported patch to correct this issue.

Solution(s)

  • redhat-upgrade-nss-softokn
  • redhat-upgrade-nss-softokn-debuginfo
  • redhat-upgrade-nss-softokn-devel
  • redhat-upgrade-nss-softokn-freebl
  • redhat-upgrade-nss-softokn-freebl-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;