神刀安全网

Moderate nss / nss-util / nspr security updates

There have been updates to the nss, nss-util and nspr packages to address moderate security flaws (CVE-2016-1978, CVE-2016-1979). The new packages are syncing through the various mirrors currently.

This affects Red Hat / CentOS 6

Two CVEs were published in reference of these issues:

CVE-2016-1978

A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key

exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake

messages. A remote attacker could send a specially crafted handshake message

that, when parsed by an application linked against NSS, would cause that

application to crash or, under certain special conditions, execute arbitrary

code using the permissions of the user running the application. (CVE-2016-1978)

(via RHN )

CVE-2016-1979

A use-after-free flaw was found in the way NSS processed certain DER

(Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use

this flaw to create a specially crafted DER encoded certificate which, when

parsed by an application compiled against the NSS library, could cause that

application to crash, or execute arbitrary code using the permissions of the

user running the application. (CVE-2016-1979)(via RHN )

Updating your system

In order to update your system, you need to update the three packages (nss, nss-util and nspr) once they are available in the mirrors.

Running the update

Type the following to update the system:

yumupdatenssnss-utilnspr 

If the updates are available, it will update all three packages. If they are not available keep trying until you see the updates happen. We will update this post once we start seeing them out there and available.

Checking for the patches after the update

Once you’ve installed the updates, you want to check to see if you have the patched version or just a newer version that you had previously. You can type the following to check for the patched version:

rpm -qa --changelognss|grep -i cve-2016-1978 

It should return a string stating that the package includes an update for this particular CVE.

Updated package information / versions

nss

i386: 5c8974b2d8730e2967751f835f4646bdf46fa968c29769748219ad426c5140d3  nss-3.21.0-0.3.el6_7.i686.rpm f3782c46dfadef016d7afe8d81015c92ca5062e738d225377bfb38904e70708d  nss-devel-3.21.0-0.3.el6_7.i686.rpm 32b9c62453b3dd45c60985751e36ed30aba93ea2f024b4b08443b7b9438eb5a8  nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm 7ee7fb2e4107b38d7c03677abb588fdd59b28459fa01a67f1a0bfb159295c688  nss-sysinit-3.21.0-0.3.el6_7.i686.rpm a24d41eaadacaebcab9e7bf5490dc75028d7360e8484d9f4615b480067299539  nss-tools-3.21.0-0.3.el6_7.i686.rpm   x86_64: 5c8974b2d8730e2967751f835f4646bdf46fa968c29769748219ad426c5140d3  nss-3.21.0-0.3.el6_7.i686.rpm 7242d7e199b316736c10a1e97629001a3f2ab4ba540f0e313730ae8a11358544  nss-3.21.0-0.3.el6_7.x86_64.rpm f3782c46dfadef016d7afe8d81015c92ca5062e738d225377bfb38904e70708d  nss-devel-3.21.0-0.3.el6_7.i686.rpm 24a8bfae413d2a0ea8063fe0045615096d0cff4e8ddb483b625f32a20c403fb4  nss-devel-3.21.0-0.3.el6_7.x86_64.rpm 32b9c62453b3dd45c60985751e36ed30aba93ea2f024b4b08443b7b9438eb5a8  nss-pkcs11-devel-3.21.0-0.3.el6_7.i686.rpm dc1976aceb5f1e49dcb95308bc6ae80e9100d759141308f5fb786ac6d49e65b3  nss-pkcs11-devel-3.21.0-0.3.el6_7.x86_64.rpm 99a95ba3bfebf8d62f4033b0578ff4c0a604becc5e5255700d98ccf305e68cc9  nss-sysinit-3.21.0-0.3.el6_7.x86_64.rpm f1af7ca96a93c1ebeeab8051f137e92116d869ba0aa55c28bf7a6d0bcf7b49e7  nss-tools-3.21.0-0.3.el6_7.x86_64.rpm   Source: ae57322f9c969f39ae79298247a6a8a795719d1e926d88077a92536b8332409c  nss-3.21.0-0.3.el6_7.src.rpm 

nss-util

i386: be545dfd2d5da2c62a77f9cc2b40987befdb5c5f669782af9c377f0b85484ff0  nss-util-3.21.0-0.3.el6_7.i686.rpm 56806dccf241355a1b9cba4e1595f54abbe5a5b1f92b9a4d4f5b7d8091bc7325  nss-util-devel-3.21.0-0.3.el6_7.i686.rpm   x86_64: be545dfd2d5da2c62a77f9cc2b40987befdb5c5f669782af9c377f0b85484ff0  nss-util-3.21.0-0.3.el6_7.i686.rpm a7241304459acb2e2dca19fa7a61f516f2a38aa3e4440d1a2f001de413c54e1f  nss-util-3.21.0-0.3.el6_7.x86_64.rpm 56806dccf241355a1b9cba4e1595f54abbe5a5b1f92b9a4d4f5b7d8091bc7325  nss-util-devel-3.21.0-0.3.el6_7.i686.rpm 7cb08f5c7d2c44566206fc7fb5c9dcb380b9ec3e036eecf3bc99ec764e95043e  nss-util-devel-3.21.0-0.3.el6_7.x86_64.rpm   Source: 3c391ab73bc502dc1a1aa74a1aeda1ddf08aee80c85ed02396808117d1a89ce5  nss-util-3.21.0-0.3.el6_7.src.rpm 

nspr

i386: 3b223ca6b209603975d7067ca45911b0f61f445196fb4b87e8e30b881ba9c2e5  nspr-4.11.0-0.1.el6_7.i686.rpm e9f94771ef76b6bb895aaf2b196e90c1e9c3aafeb11177afc03a21d90be4ad34  nspr-devel-4.11.0-0.1.el6_7.i686.rpm   x86_64: 3b223ca6b209603975d7067ca45911b0f61f445196fb4b87e8e30b881ba9c2e5  nspr-4.11.0-0.1.el6_7.i686.rpm 3d109fb2c496edf99f41fd9db08769239caef7758ea6abf118ffe72b1de57c94  nspr-4.11.0-0.1.el6_7.x86_64.rpm e9f94771ef76b6bb895aaf2b196e90c1e9c3aafeb11177afc03a21d90be4ad34  nspr-devel-4.11.0-0.1.el6_7.i686.rpm 14a47d3277db192096307cb88c8072df5b15257db7b352bf731fa54227a46c42  nspr-devel-4.11.0-0.1.el6_7.x86_64.rpm   Source: 34bfff2b29fc9e980193a8cdc85aa65bae37e6c8e622de0882d0237365aa0c47  nspr-4.11.0-0.1.el6_7.src.rpm 

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Moderate nss / nss-util / nspr security updates

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮