Mozilla Network Security Service (NSS): Multiple vulnerabilities — GLSA 201701-46

Multiple vulnerabilities have been found in NSS, the worst of which could allow remote attackers to obtain access to private key information.

Affected packages

Background

The Mozilla Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates.

Description

Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical papers referenced below for details.

Impact

Remote attackers could conduct man-in-the-middle attacks, obtain access to private key information, or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.28"
 

References

• CVE-2015-2721
• CVE-2015-4000
• CVE-2015-7575
• CVE-2016-1938
• CVE-2016-5285
• CVE-2016-8635
• CVE-2016-9074
• SLOTH Attack Technical Paper

Release date
January 19, 2017

Latest revision
January 19, 2017: 01

Severity
normal

Exploitable
remote

Bugzilla entries

• 550288
• 571086
• 604916